I am making an application in Java and I want to allow users to encrypt a file (or folder - I'd zip the directory) using a password of their choice. I currently have the following method(s):
static Cipher createCipher(int mode, String password) throws Exception {
PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBEWithMD5AndDES");
SecretKey key = keyFactory.generateSecret(keySpec);
MessageDigest md = MessageDigest.getInstance("MD5");
md.update("input".getBytes());
byte[] digest = md.digest();
byte[] salt = new byte[8];
for (int i = 0; i < 8; ++i)
salt[i] = digest[i];
PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 20);
Cipher cipher = Cipher.getInstance("PBEWithMD5AndDES");
cipher.init(mode, key, paramSpec);
return cipher;
}
static void applyCipher(String inFile, String outFile, Cipher cipher) throws Exception {
String decryption = "";
CipherInputStream in = new CipherInputStream(new FileInputStream(inFile), cipher);
BufferedOutputStream out = new BufferedOutputStream(new FileOutputStream(outFile));
int BUFFER_SIZE = 8;
byte[] buffer = new byte[BUFFER_SIZE];
int numRead = 0;
do {
numRead = in.read(buffer);
System.out.println(buffer + ", 0, " + numRead);
if (numRead > 0){
out.write(buffer, 0, numRead);
System.out.println(toHexString(buffer, 0, numRead));
}
} while (numRead == 8);
in.close();
out.flush();
out.close();
}
private static char[] hex_table = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f'};
public static String toHexString(byte[] data, int offset, int length)
{
StringBuffer s = new StringBuffer(length*2);
int end = offset+length;
for (int i = offset; i < end; i++)
{
int high_nibble = (data[i] & 0xf0) >>> 4;
int low_nibble = (data[i] & 0x0f);
s.append(hex_table[high_nibble]);
s.append(hex_table[low_nibble]);
}
return s.toString();
}
However, to make the program more user friendly I would like to be able to check that the user has entered the correct password before a file is produced. I don't want to "leave the key under the door mat" or completely undo the security etc. - I just want to prevent the wrong file from being produced if the user enters the wrong password...
Any ideas will be greatly appreciated. If you need anymore details please don't hesitate to ask.
Thanks in advance
Use PBKDF2WithHmacSHA1 and not PBEWithMD5AndDES. The later users two different outdated primitives. The former is the current standard.
you have two options
Fast but less secure: Put a short known value at the start of your encrypted file or encrypt an entirely different short file under the same password. When you decrypt this file, check for the known value.
Clearly this works quickly. Its slightly less secure because it means an attacker attempting to brute force the password can discard a guessed password faster: instead of having to look at the whole file, they just have to check that value. This is not really a big issue since your key derivation function should be hard enough and they still have to run that
Store the hash of the file encrypted as well and verify the hash on decryption. More secure in that the attacker has to decrypt the whole file and read through it, but by the same token it is slow.
You could save the encrypted password with the file. When the user enters the password, you encrypt it and check, if the same encrypted password is in the file. If not, you dont load the file.
I would use an AEAD mode, like CCM or EAX. This will check the integrity of every block of the file as it is decrypted, failing if the key is incorrect or the file has been tampered. The Bouncy Castle provider supports both of these modes.
来源:https://stackoverflow.com/questions/10012918/pbe-verify-password-before-attempting-to-decrypt