jce

跟我学Spring Cloud(Finchley版)-21-Spring Cloud Config-配置属性加解密

爱⌒轻易说出口 提交于 2019-11-26 23:57:46
前文都是将配置明文存储在Git仓库中,但在实际项目中,敏感的配置属性(例如数据库账号、密码等),都应加密存储,从而提高安全性。 Config Server为配置内容的加密与解密提供了支持。 安装JCE Java 6 JCE地址: https://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html Java 7 JCE地址: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html Java 8 JCE的地址: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html 。 加解密端点 加密: curl $CONFIG_URL/encrypt -d 想要加密的内容 解密: curl $CONFIG_URL/decrypt -d 想要解密的密文 对称加密 Config Server的bootstrap.yml中添加: encrypt: key: foo # 设置对称密钥 密文存储 以yaml格式存储: spring: datasource: username: dbuser

java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING

前提是你 提交于 2019-11-26 23:19:36
问题 I was trying to encrypt data using AES algorithm. However, with the following exception has occurred. java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/ECB/PKCS7PADDING Someone know a solution to this issue? My JDK's version is 1.7. 回答1: You don't want to specify PKCS#7 padding for block cipher use. You want to specify PKCS#5 padding. PKCS#5 is specified for use with block ciphers while PKCS#7 is not (it's use for different places like in S/MIME). I will point

Checking if Unlimited Cryptography is available

泄露秘密 提交于 2019-11-26 21:51:20
How can I check, in Java code, if the current JVM have unlimited strength cryptography available? jefflunt I think you could probably use Cipher.getMaxAllowedKeyLength() , while also comparing the cypher you're using to known lists of "good", secure cyphers, such as AES. Here's a reference article that lists maximum key size jurisdiction limitations that were current as of Java 1.4 (these likely haven't changed, unless the law has also changed - see below). If you are operating in a nation that has cryptographic export/import restrictions, you'd have to consult the law in your nation, but it's

How to sign a custom JCE security provider

时光怂恿深爱的人放手 提交于 2019-11-26 20:57:37
问题 Sun's PKCS11 JCE security provider is lacking some functionality we need. So I wrote an enhanced version of it using the original sources. Unfortunately the JCE infrastructure rejects the new provider "JCE cannot authenticate the provider" because it is not properly signed. javax.crypto.JceSecurity.verifyProviderJar(...) throws. (it calls javax.crypto.JarVerifier.verify() ) Any suggestions how to sign the new provider to make it work with JCE? 回答1: The process is described in the document,

PBKDF2 with bouncycastle in Java

做~自己de王妃 提交于 2019-11-26 18:59:21
问题 I'm trying to securely store a password in a database and for that I chose to store its hash generated using the PBKDF2 function. I want to do this using the bouncy castle library but I don't know why I cannot get it to work by using the JCE interface... The problem is that generating the hash in 3 different modes: 1. using the PBKDF2WithHmacSHA1 secret key factory provided by sun 2. using the bouncy castle api directly 3. using the bouncy castle through JCE results in 2 distinct values: one

Why java.security.NoSuchProviderException No such provider: BC?

时光总嘲笑我的痴心妄想 提交于 2019-11-26 15:42:10
问题 The jar (bcprov-jdk16-145.jar) has been added to the project, Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()) has been added to the class, and BouncyCastleProvider.PROVIDER_NAME does return "BC" but AesFileIo.writeFile() still throws java.security.NoSuchProviderException No such provider: BC . Any ideas? import java.io.FileOutputStream; import java.io.InputStreamReader; import java.io.ObjectOutputStream; import javax.crypto.Cipher; import javax.crypto.spec

How to create a secure random AES key in Java?

狂风中的少年 提交于 2019-11-26 15:37:40
问题 What is the recommended way of generating a secure, random AES key in Java, using the standard JDK? In other posts, I have found this, but using a SecretKeyFactory might be a better idea: KeyGenerator keyGen = KeyGenerator.getInstance("AES"); SecureRandom random = new SecureRandom(); // cryptograph. secure random keyGen.init(random); SecretKey secretKey = keyGen.generateKey(); It would be great if the answer included an explanation of why it is a good way of generating the random key. Thanks!

ECDHE cipher suites not supported on OpenJDK 8 installed on EC2 Linux machine

帅比萌擦擦* 提交于 2019-11-26 11:10:29
问题 When starting jetty-distribution-9.3.0.v20150612 with openjdk 1.8.0_51 running on an EC2 Amazon Linux machine, is prints that all configured ECDHE suites are not supported. 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not supported 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not supported 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Creating an X509 Certificate in Java without BouncyCastle?

血红的双手。 提交于 2019-11-26 09:17:46
问题 Is it possible to sanely create an X509 Certificate in Java code without using the Bouncy Castle X509V*CertificateGenerator classes? 回答1: The ability to sign certificates is not part of a standard Java library or extension. A lot of the code that is needed to do it yourself is part of the core. There are classes to encode and decode X.500 names, X.509 certificate extensions, public keys for various algorithms, and of course, for actually performing the digital signature. Implementing this

Checking if Unlimited Cryptography is available

妖精的绣舞 提交于 2019-11-26 09:07:13
问题 How can I check, in Java code, if the current JVM have unlimited strength cryptography available? 回答1: I think you could probably use Cipher.getMaxAllowedKeyLength(), while also comparing the cypher you're using to known lists of "good", secure cyphers, such as AES. Here's a reference article that lists maximum key size jurisdiction limitations that were current as of Java 1.4 (these likely haven't changed, unless the law has also changed - see below). If you are operating in a nation that
订阅 jce