问题描述
我必须在JS中创建一个应用程序,它使用AES编码消息,并通过AJAX将其传递到服务器。然后服务器并使用Java解码消息。
I have to make an app in JS which encodes a message with AES and passes it to a server via AJAX. Then the server and decodes the message using Java.
我的问题是:如何在JS中加密邮件,并能够使用AES解密它?知道java和js之间的通信已经通过webservices建立
客户端,我使用Crypto JS库()。服务器端我使用Java提供的Cipher类(我使用Java Play框架,但在这里没有关系)。
Client-side, I use the Crypto JS library (http://code.google.com/p/crypto-js/). Server-side I use the Cipher class provided with Java (I use the Java Play framework but it doesn't matter here).
我完全是新的加密。我整天做了研究,仍然不能使这项工作。
I'm totally new to cryptography. I've made researches all day long and still can't make this work.
问题是用于加密和解密邮件的密钥必须相同,我不知道该怎么做。
The problem is that the key used to encrypt and decrypt the message must be the same, and I don't know how to do this.
从我的搜索,我明白有不同的模式使用AES。默认情况下,Java使用ECB和CryptoJS使用CBC这是一个问题,但似乎没有这么难以解决,通过告诉CryptoJS使用ECB模式太。但是,然后有一个填充问题,似乎只有在Java和CryptoJS中可用的填充是没有填充。但是当我在Java中使用NoPadding时,我得到一个异常。
From my searches, I understand there is different modes to use AES. By default Java uses ECB and CryptoJS uses CBC which is a problem, but which seems not so hard to fix, by telling CryptoJS to use the ECB mode too. But then there is a padding problem, it seems the only padding available in Java and CryptoJS is no padding at all. But when I use NoPadding in Java I get an exception.
但是即使我设法解决这个问题,巨大的问题是CryptoJS生成的密钥,由Java不一样。如果我在Java中加密消息,结果总是相同的,在十六进制。但在crypto JS它是在Base64,它是不一样的....
But even if I manage to fix this, the huge problem is that the key generated by CryptoJS and the one generated by Java are not the same. If I encrypt a message in Java the result is always the same, in Hex. But in crypto JS it is in Base64 and it is never the same....
我明白这是由密钥生成,是不一样的Java和CryptoJS(然后输入IV和Salt的概念,对我来说是模糊的)。
I understand this is caused by the key generation which isn't the same in Java and CryptoJS (then enters the notion of IV and Salt which are blur for me).
推荐答案
JS; 安全地执行。
Don't do encryption in browser JS; it's impossible to do securely.
使用SSL。其目的是加密浏览器和服务器之间的通信。
Use SSL. Its intended purpose is to encrypt communication between a browser and a server.
如果费用是您的问题,则有。
If cost is your problem, there are free SSL certificates.
这篇关于服务器(Java - Cipher)和客户端之间的AES(Javascript - CryptoJS)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!