我试着找到答案,自己看这里并在别处搜索了一段时间,但我还是有一些问题.
假设这个Java代码:
try
{
int cipherMode = Cipher.ENCRYPT_MODE;
SecretKeySpec secretKey = ...; // generated previously using KeyGenerator
byte[] nonceAndCounter = new byte[16];
byte[] nonceBytes = ...; // generated previously using SecureRandom's nextBytes(8);
// use first 8 bytes as nonce
Arrays.fill(nonceAndCounter, (byte) 0);
System.arraycopy(nonceBytes, 0, nonceAndCounter, 0, 8);
IvParameterSpec ivSpec = new IvParameterSpec(nonceAndCounter);
Cipher cipher = Cipher.getInstance("AES/CTR/NoPadding");
cipher.init(cipherMode, secretKey, ivSpec);
File inFile = new File(...);
File outFile = new File(...);
long bytesRead = 0;
try (FileInputStream is = new FileInputStream(inFile);
FileOutputStream os = new FileOutputStream(outFile))
{
byte[] inBuf = new byte[512 * 1024];
byte[] outBuf = new byte[512 * 1024];
int readLen = 0;
ByteBuffer byteBuffer = ByteBuffer.allocate(8);
byteBuffer.putLong(bytesRead);
while ((readLen = is.read(inBuf)) != -1)
{
bytesRead += readLen;
cipher.update(inBuf, 0, readLen, outBuf, 0);
os.write(outBuf);
}
cipher.doFinal(outBuf, 0);
os.write(outBuf);
is.close();
os.close();
}
catch (Exception e) {
System.out.printf("Exception for file: %s\n", e);
}
}
catch (Exception e) {
System.out.printf("Exception: %s\n", e);
}
我的问题是:
>对于CTR模式的计数器更新,上述代码是否正常?具体来说,我不是自己更新计数器.我应该使用以下while循环吗?我试过这个是因为我查看了cipher.getIV()在循环中返回的内容,但它没有改变,getIV()的描述没有详细说明:
while ((readLen = is.read(inBuf)) != -1)
{
// use offset for last 8 bytes as counter
byteBuffer.putLong(bytesRead);
System.arraycopy(byteBuffer.array(), 0, nonceAndCounter, 8, 8);
bytesRead += readLen;
IvParameterSpec ivSpec = new IvParameterSpec(nonceAndCounter);
cipher.init(cipherMode, secretKey, ivSpec);
cipher.update(inBuf, 0, readLen, outBuf, 0);
os.write(outBuf);
}
>我有更多与修改的while循环方法相关的问题.以这种方式调用cipher.init()可以吗?我这样做是因为我还没有找到一种方法来更新IV(计数器真的).
>这么大的块大小可以或者它应该变小吗?在那种情况下它应该有多大?