java - 为什么解密函数会返回垃圾代码？

Question

我已将基于 C# 的解密函数翻译成 Java。它工作正常，可用于解密已由 C# 程序加密的密码。 这是源代码:

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;

public class TestDecrpt {
    public static void main(String[] args) throws Exception {
        String data = "encrypted data";
        String sEncryptionKey = "encryption key";
        byte[] rawData = new Base64().decode(data);
        byte[] salt = new byte[8];
        System.arraycopy(rawData, 0, salt, 0, salt.length);

        Rfc2898DeriveBytes keyGen = new Rfc2898DeriveBytes(sEncryptionKey, salt);

        byte[] IV = keyGen.getBytes(128 / 8);
        byte[] keyByte = keyGen.getBytes(256 / 8);

        Key key = new SecretKeySpec(keyByte, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(IV));
        int pureDataLength = rawData.length - 8;
        byte[] pureData = new byte[pureDataLength];
        System.arraycopy(rawData, 8, pureData, 0, pureDataLength);
        String plaintext = new String(cipher.doFinal(pureData), "UTF-8").replaceAll("\u0000", "");
        System.out.println(plaintext);
    }
}

我按照它的算法写了加密函数。代码是:

import org.apache.commons.codec.binary.Base64;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.security.SecureRandom;


public class testEncrypt {
    public static void main(String[] args) throws Exception {
        String data = "Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@";
        String sEncryptionKey = "encryption key"; # the same key
        byte[] rawData = new Base64().decode(data);
        SecureRandom random = new SecureRandom();
        byte[] salt = new byte[8];
        random.nextBytes(salt);
        Rfc2898DeriveBytes keyGen = new Rfc2898DeriveBytes(sEncryptionKey, salt);

        byte[] IV = keyGen.getBytes(128 / 8);
        byte[] keyByte = keyGen.getBytes(256 / 8);

        Key key = new SecretKeySpec(keyByte, "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(IV));
        byte[] out2 = cipher.doFinal(rawData);

        byte[] out = new byte[8 + out2.length];
        System.arraycopy(salt, 0, out, 0, 8);
        System.arraycopy(out2, 0, out, 8, out2.length);
        //String outStr=new String(out,"UTF-8");
        String outStr = new Base64().encodeToString(out);
        System.out.println(outStr);
        System.out.print(outStr.length());

    }
}

但是加密后的数据无法正确解密，总是返回乱码，比如

ꉜ뙧巓妵峩枢펶땝ꉜ뙧巓妵峩枢펶땝ꉜ뙧巓�

加密功能有问题吗？

============================================= ================================= [更新] 修改代码后

byte[] rawData = data.getBytes("UTF-8");

数据加密解密成功。 然而，在Java中加密的数据无法在C#中正确解密。 这是 C# 版本的解密函数:

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;


namespace Test
{
    class Program
    {
        public static void Main(string[] args)
        {
                string data="EncryptedData";
                string sEncryptionKey="EncryptionKey";

                byte[] rawData = Convert.FromBase64String(data);
                byte[] salt = new byte[8];
                for (int i = 0; i < salt.Length; i++)
                    salt[i] = rawData[i];

                Rfc2898DeriveBytes keyGenerator = new Rfc2898DeriveBytes(sEncryptionKey, salt);
                Rijndael aes = Rijndael.Create();
                aes.IV = keyGenerator.GetBytes(aes.BlockSize / 8);
                aes.Key = keyGenerator.GetBytes(aes.KeySize / 8);

                using (MemoryStream memoryStream = new MemoryStream())
                using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Write))
                {
                    cryptoStream.Write(rawData, 8, rawData.Length - 8);
                    cryptoStream.Close();

                    byte[] decrypted = memoryStream.ToArray();
                    Console.Out.WriteLine(Encoding.Unicode.GetString(decrypted));
                    Console.In.ReadLine();
                }

        }
    }
}

我发现原始代码使用“Unicode”作为输出格式，

Encoding.Unicode.GetString(decrypted)

所以我将我的 Java 代码更改为“Unicode”。

Java 解密:

String plaintext = new String(cipher.doFinal(pureData), "Unicode");
System.out.println(plaintext);

对于 Java 中的加密:

byte[] rawData = data.getBytes("Unicode");

但是用C#代码解密Java程序加密过的数据还是会遇到乱码。

我该如何解决这个问题？有什么妙招吗？

---

[最后更新] 使用“UTF-16LE”而不是“UTF-8”后，问题就消失了。似乎“UTF-16LE”是相当于 C# 的“Unicode”的 Java。

Answer 1

问题是:

String data = "Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@Welcome2012~1@";
byte[] rawData = new Base64().decode(data);

该文本不是 base64 编码的二进制数据。这只是文字。为什么要尝试将其解码为 base64 数据？

你想要:

byte[] rawData = data.getBytes("UTF-8");

这样，当你以后写:

String plaintext = new String(cipher.doFinal(pureData), "UTF-8")
                                    .replaceAll("\u0000", "");

你正在做相反的 Action 。 (诚​​然，您可能不需要 replaceAll 调用，但那是另一回事。)

对于这样的事情，您需要确保您在“出去”的路上所采取的步骤与在“进来”的路上所采取的步骤相反。所以在正确的代码中，你有:

Unencrypted text data => unencrypted binary data (encode via UTF-8)
Unencrypted binary data => encrypted binary data (encrypt with AES)
Encrypted binary data => encrypted text data (encode with base64)

所以为了逆转，我们这样做:

Encrypted text data => encrypted binary data (decode with base64)
Encrypted binary data => unencrypted binary data (decrypt with AES)
Unencrypted binary data => unencrypted text data (decode via UTF-8)