如何开始使用 BouncyCastle?

本文介绍了如何开始使用 BouncyCastle?的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

因此，在 CodingHorror 的加密乐趣 和激烈的评论之后，我们正在重新考虑做我们自己的加密.

So after CodingHorror's fun with encryption and the thrashing comments, we are reconsidering doing our own encryption.

在这种情况下，我们需要将一些识别用户的信息传递给第三方服务，然后第三方服务将使用这些信息和哈希值回调我们网站上的服务.

In this case, we need to pass some information that identifies a user to a 3rd party service which will then call back to a service on our website with the information plus a hash.

第二个服务查找该用户的信息，然后将其传递回第三个服务.

The 2nd service looks up info on that user and then passes it back to the 3rd party service.

我们想加密这些进入第 3 方服务的用户信息，并在它出来后解密.所以它不是一个长期存在的加密.

We want to encrypt this user information going into the 3rd party service and decrypt it after it comes out. So it is not a long lived encryption.

在编码恐怖文章中，Coda Hale 推荐了 BouncyCastle 和库中的高级抽象来针对特定需求进行加密.

On the coding horror article, Coda Hale recommended BouncyCastle and a high level abstraction in the library to do the encryption specific to a particular need.

我的问题是 BouncyCastle 命名空间很大，而且文档不存在.谁能指出我这个高级抽象库?(或者除了 BouncyCastle 之外的其他选择?)

My problem is that the BouncyCastle namespaces are huge and the documentation is non-existant. Can anyone point me to this high level abstraction library? (Or another option besides BouncyCastle?)

推荐答案

高级抽象?我想 Bouncy Castle 库中的最高级别抽象包括:

High level abstraction? I suppose the highest level abstractions in the Bouncy Castle library would include:

• BlockCipher 接口(用于对称密码)
• BufferedBlockCipher 类
• AsymmetricBlockCipher 接口
• BufferedAsymmetricBlockCipher 类
• CipherParameters 接口(用于初始化分组密码和非对称分组密码)

• The BlockCipher interface (for symmetric ciphers)
• The BufferedBlockCipher class
• The AsymmetricBlockCipher interface
• The BufferedAsymmetricBlockCipher class
• The CipherParameters interface (for initializing the block ciphers and asymmetric block ciphers)

我最熟悉该库的 Java 版本.也许这个代码片段会为您提供足够高的抽象来满足您的目的(例如使用 AES-256 加密):

I am mostly familiar with the Java version of the library. Perhaps this code snippet will offer you a high enough abstraction for your purposes (example is using AES-256 encryption):

public byte[] encryptAES256(byte[] input, byte[] key) throws InvalidCipherTextException { assert key.length == 32; // 32 bytes == 256 bits CipherParameters cipherParameters = new KeyParameter(key); /* * A full list of BlockCiphers can be found at www.bouncycastle/docs/docs1.6/org/bouncycastle/crypto/BlockCipher.html */ BlockCipher blockCipher = new AESEngine(); /* * Paddings available (www.bouncycastle/docs/docs1.6/org/bouncycastle/crypto/paddings/BlockCipherPadding.html): * - ISO10126d2Padding * - ISO7816d4Padding * - PKCS7Padding * - TBCPadding * - X923Padding * - ZeroBytePadding */ BlockCipherPadding blockCipherPadding = new ZeroBytePadding(); BufferedBlockCipher bufferedBlockCipher = new PaddedBufferedBlockCipher(blockCipher, blockCipherPadding); return encrypt(input, bufferedBlockCipher, cipherParameters); } public byte[] encrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException { boolean forEncryption = true; return process(input, bufferedBlockCipher, cipherParameters, forEncryption); } public byte[] decrypt(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters) throws InvalidCipherTextException { boolean forEncryption = false; return process(input, bufferedBlockCipher, cipherParameters, forEncryption); } public byte[] process(byte[] input, BufferedBlockCipher bufferedBlockCipher, CipherParameters cipherParameters, boolean forEncryption) throws InvalidCipherTextException { bufferedBlockCipher.init(forEncryption, cipherParameters); int inputOffset = 0; int inputLength = input.length; int maximumOutputLength = bufferedBlockCipher.getOutputSize(inputLength); byte[] output = new byte[maximumOutputLength]; int outputOffset = 0; int outputLength = 0; int bytesProcessed; bytesProcessed = bufferedBlockCipher.processBytes( input, inputOffset, inputLength, output, outputOffset ); outputOffset += bytesProcessed; outputLength += bytesProcessed; bytesProcessed = bufferedBlockCipher.doFinal(output, outputOffset); outputOffset += bytesProcessed; outputLength += bytesProcessed; if (outputLength == output.length) { return output; } else { byte[] truncatedOutput = new byte[outputLength]; System.arraycopy( output, 0, truncatedOutput, 0, outputLength ); return truncatedOutput; } }

编辑:糟糕，我刚刚阅读了您链接到的文章.听起来他在谈论比我想象的更高级别的抽象(例如，发送机密消息").恐怕我不太明白他在说什么.

Edit: Whoops, I just read the article you linked to. It sounds like he is talking about even higher level abstractions than I thought (e.g., "send a confidential message"). I am afraid I don't quite understand what he is getting at.