java - 将java流切换为密码流

Question

我正在尝试创建一个协议(protocol)，让客户端向服务器发送它的登录名。在此之后，服务器从服务器获取客户端密码并从中创建一个密码。客户端根据输入的密码创建 key 。我试图通过这种方式获得安全连接。

但是，在发送用户名、获取密码等之后。我试图从密码流创建一个新的对象输入流来读取数据，但它阻止了。即使在查看了许多其他类似问题之后，我也找不到让它工作的方法。

服务器端

private void switchToChipherStreams(String username) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
    byte key[] = dbMediator.getPasswordCypher(username);
    SecretKey key64 = new SecretKeySpec(key, "Blowfish");
    Cipher cipher = Cipher.getInstance("Blowfish");
    cipher.init(Cipher.ENCRYPT_MODE, key64);
    try {
        Thread.sleep(1000);
    } catch (InterruptedException ex) {
        Logger.getLogger(Connection.class.getName()).log(Level.SEVERE, null, ex);
    }
    out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipher));
    out.reset();
    out.flush();
    out.writeObject("switch");
    in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipher));
}

客户端

private void switchToChipherStreams(String password) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
    //Generate key
    byte[] key = new byte[8];
    for (int i = 0; i < 8; i++) {
        if (password.length() > i) {
            key[i] = password.getBytes()[i];
        } else {
            key[i] = (byte) i;
        }
    }
    //Setup cipher streams
    SecretKey key64 = new SecretKeySpec(key, "Blowfish");
    Cipher cipher = Cipher.getInstance("Blowfish");
    cipher.init(Cipher.ENCRYPT_MODE, key64);
    in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipher));
    out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipher));
    out.reset();
    out.flush();
    out.writeObject("switch");
}

目前它抛出了一个异常(无效的 header )，因为我正在尝试发送数据，但如果我不这样做，它就会阻塞。

谁能告诉我我在这里做错了什么，或者是否有可能更改为加密的对象输入流。

亲切的问候，

朱

编辑

更改密码以加密和解密输入和输出流，新代码:

服务器端

byte key[] = dbMediator.getPasswordCypher(username);
    SecretKey key64 = new SecretKeySpec(key, "Blowfish");
    Cipher cipheren = Cipher.getInstance("Blowfish");
    cipheren.init(Cipher.ENCRYPT_MODE, key64);
    Cipher cipherde = Cipher.getInstance("Blowfish");
    cipheren.init(Cipher.DECRYPT_MODE, key64);
    out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipheren));
    out.reset();
    out.flush();
    out.writeObject("switch");
    in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipherde));

客户端

//Generate key
        byte[] key = new byte[8];
        for (int i = 0; i < 8; i++) {
            if (password.length() > i) {
                key[i] = password.getBytes()[i];
            } else {
                key[i] = (byte) i;
            }
        }
        //Setup cipher streams
        SecretKey key64 = new SecretKeySpec(key, "Blowfish");
        Cipher cipheren = Cipher.getInstance("Blowfish");
        cipheren.init(Cipher.ENCRYPT_MODE, key64);
        Cipher cipherde = Cipher.getInstance("Blowfish");
        cipheren.init(Cipher.DECRYPT_MODE, key64);
        out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipheren));
        out.reset();
        out.flush();
        out.writeObject("switch");
        in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipherde));

现在无效的头部问题已经解决，但是当调用 objectinputstream 构造函数时客户端和服务器都卡住了。

Answer 1

您不能从同一个密码对象创建密码输入和输出流。您需要两个 Cipher 对象，一个处于解密模式，一个处于加密模式。

在两端的ObjectInputStream之前创建并刷新ObjectOutputStream。