因此,在 CodingHorror 的加密乐趣 和激烈的评论之后,我们正在重新考虑做我们自己的加密.
So after CodingHorror's fun with encryption and the thrashing comments, we are reconsidering doing our own encryption.
在这种情况下,我们需要将一些识别用户的信息传递给第三方服务,然后第三方服务将使用这些信息和哈希值回调我们网站上的服务.
In this case, we need to pass some information that identifies a user to a 3rd party service which will then call back to a service on our website with the information plus a hash.
第二个服务查找该用户的信息,然后将其传递回第三个服务.
The 2nd service looks up info on that user and then passes it back to the 3rd party service.
我们想加密这些进入第 3 方服务的用户信息,并在它出来后解密.所以它不是一个长期存在的加密.
We want to encrypt this user information going into the 3rd party service and decrypt it after it comes out. So it is not a long lived encryption.
在编码恐怖文章中,Coda Hale 推荐了 BouncyCastle 和库中的高级抽象来针对特定需求进行加密.
On the coding horror article, Coda Hale recommended BouncyCastle and a high level abstraction in the library to do the encryption specific to a particular need.
我的问题是 BouncyCastle 命名空间很大,而且文档不存在.谁能指出我这个高级抽象库?(或者除了 BouncyCastle 之外的其他选择?)
My problem is that the BouncyCastle namespaces are huge and the documentation is non-existant. Can anyone point me to this high level abstraction library? (Or another option besides BouncyCastle?)
推荐答案高级抽象?我想 Bouncy Castle 库中的最高级别抽象包括:
High level abstraction? I suppose the highest level abstractions in the Bouncy Castle library would include:
- BlockCipher 接口(用于对称密码)
- BufferedBlockCipher 类
- AsymmetricBlockCipher 接口
- BufferedAsymmetricBlockCipher 类
- CipherParameters 接口(用于初始化分组密码和非对称分组密码)
- The BlockCipher interface (for symmetric ciphers)
- The BufferedBlockCipher class
- The AsymmetricBlockCipher interface
- The BufferedAsymmetricBlockCipher class
- The CipherParameters interface (for initializing the block ciphers and asymmetric block ciphers)
我最熟悉该库的 Java 版本.也许这个代码片段会为您提供足够高的抽象来满足您的目的(例如使用 AES-256 加密):
I am mostly familiar with the Java version of the library. Perhaps this code snippet will offer you a high enough abstraction for your purposes (example is using AES-256 encryption):
public byte[] encryptAES256(byte[] input, byte[] key) throws InvalidCipherTextException { assert key.length == 32; // 32 bytes == 256 bits CipherParameters cipherParameters = new KeyParameter(key); /* * A full list of BlockCiphers can be found at www.bouncycastle/docs/docs1.6/org/bouncycastle/crypto/BlockCipher.html */ BlockCipher blockCipher = new AESEngine(); /* * Paddings available (www.bouncycastle/docs/docs1.6/org/bouncycastle/crypto/paddings/BlockCipherPadding.html): * - ISO10126d2Padding * - ISO7816d4Padding * - PKCS7Padding * - TBCPadding * - X923Padding * - ZeroBytePadding */ BlockCipherPadding blockCipherPadding = new ZeroBytePadding(); BufferedBlockCipher bufferedBlockCipher = new PaddedBufferedBlockCipher(blockCipher, blockCipherPadding); return encrypt(input, bufferedBlockCipher, cipherParameters); } public byte[] encrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException { boolean forEncryption = true; return process(input, bufferedBlockCipher, cipherParameters, forEncryption); } public byte[] decrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException { boolean forEncryption = false; return process(input, bufferedBlockCipher, cipherParameters, forEncryption); } public byte[] process(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters, boolean forEncryption) throws InvalidCipherTextException { bufferedBlockCipher.init(forEncryption, cipherParameters); int inputOffset = 0; int inputLength = input.length; int maximumOutputLength = bufferedBlockCipher.getOutputSize(inputLength); byte[] output = new byte[maximumOutputLength]; int outputOffset = 0; int outputLength = 0; int bytesProcessed; bytesProcessed = bufferedBlockCipher.processBytes( input, inputOffset, inputLength, output, outputOffset ); outputOffset += bytesProcessed; outputLength += bytesProcessed; bytesProcessed = bufferedBlockCipher.doFinal(output, outputOffset); outputOffset += bytesProcessed; outputLength += bytesProcessed; if (outputLength == output.length) { return output; } else { byte[] truncatedOutput = new byte[outputLength]; System.arraycopy( output, 0, truncatedOutput, 0, outputLength ); return truncatedOutput; } }编辑:糟糕,我刚刚阅读了您链接到的文章.听起来他在谈论比我想象的更高级别的抽象(例如,发送机密消息").恐怕我不太明白他在说什么.
Edit: Whoops, I just read the article you linked to. It sounds like he is talking about even higher level abstractions than I thought (e.g., "send a confidential message"). I am afraid I don't quite understand what he is getting at.
更多推荐
如何开始使用 BouncyCastle?
发布评论