我正在尝试创建一个协议(protocol),让客户端向服务器发送它的登录名。在此之后,服务器从服务器获取客户端密码并从中创建一个密码。客户端根据输入的密码创建 key 。我试图通过这种方式获得安全连接。
但是,在发送用户名、获取密码等之后。我试图从密码流创建一个新的对象输入流来读取数据,但它阻止了。即使在查看了许多其他类似问题之后,我也找不到让它工作的方法。
服务器端
private void switchToChipherStreams(String username) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
byte key[] = dbMediator.getPasswordCypher(username);
SecretKey key64 = new SecretKeySpec(key, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, key64);
try {
Thread.sleep(1000);
} catch (InterruptedException ex) {
Logger.getLogger(Connection.class.getName()).log(Level.SEVERE, null, ex);
}
out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipher));
out.reset();
out.flush();
out.writeObject("switch");
in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipher));
}
客户端
private void switchToChipherStreams(String password) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException {
//Generate key
byte[] key = new byte[8];
for (int i = 0; i < 8; i++) {
if (password.length() > i) {
key[i] = password.getBytes()[i];
} else {
key[i] = (byte) i;
}
}
//Setup cipher streams
SecretKey key64 = new SecretKeySpec(key, "Blowfish");
Cipher cipher = Cipher.getInstance("Blowfish");
cipher.init(Cipher.ENCRYPT_MODE, key64);
in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipher));
out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipher));
out.reset();
out.flush();
out.writeObject("switch");
}
目前它抛出了一个异常(无效的 header ),因为我正在尝试发送数据,但如果我不这样做,它就会阻塞。
谁能告诉我我在这里做错了什么,或者是否有可能更改为加密的对象输入流。
亲切的问候,
朱
编辑
更改密码以加密和解密输入和输出流,新代码:
服务器端
byte key[] = dbMediator.getPasswordCypher(username);
SecretKey key64 = new SecretKeySpec(key, "Blowfish");
Cipher cipheren = Cipher.getInstance("Blowfish");
cipheren.init(Cipher.ENCRYPT_MODE, key64);
Cipher cipherde = Cipher.getInstance("Blowfish");
cipheren.init(Cipher.DECRYPT_MODE, key64);
out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipheren));
out.reset();
out.flush();
out.writeObject("switch");
in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipherde));
客户端
//Generate key
byte[] key = new byte[8];
for (int i = 0; i < 8; i++) {
if (password.length() > i) {
key[i] = password.getBytes()[i];
} else {
key[i] = (byte) i;
}
}
//Setup cipher streams
SecretKey key64 = new SecretKeySpec(key, "Blowfish");
Cipher cipheren = Cipher.getInstance("Blowfish");
cipheren.init(Cipher.ENCRYPT_MODE, key64);
Cipher cipherde = Cipher.getInstance("Blowfish");
cipheren.init(Cipher.DECRYPT_MODE, key64);
out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipheren));
out.reset();
out.flush();
out.writeObject("switch");
in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipherde));
现在无效的头部问题已经解决,但是当调用 objectinputstream 构造函数时客户端和服务器都卡住了。
最佳答案
您不能从同一个密码对象创建密码输入和输出流。您需要两个 Cipher 对象,一个处于解密模式,一个处于加密模式。
在两端的ObjectInputStream
之前创建并刷新ObjectOutputStream
。
关于java - 将java流切换为密码流,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34152169/