java deskeyspec转js实现,将Java的PBEWithMD5AndDES转换为JavaScript

I'm trying to replicate the Java code in JavaScript.

below is my Java code:

public static String encrypt(String input)

final byte[] SALT= { (byte) 0x21, (byte) 0x21, (byte) 0xF0, (byte) 0x55, (byte) 0xC3, (byte) 0x9F, (byte) 0x5A, (byte) 0x75 };

final int ITERATION_COUNT = 31;

{

if (input == null)

{

throw new IllegalArgumentException();

}

try

{

KeySpec keySpec = new PBEKeySpec(null, SALT, ITERATION_COUNT);

AlgorithmParameterSpec paramSpec = new PBEParameterSpec(SALT, ITERATION_COUNT);

SecretKey key = SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(keySpec);

Cipher ecipher = Cipher.getInstance(key.getAlgorithm());

ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);

byte[] enc = ecipher.doFinal(input.getBytes());

String res = new String(Base64.encodeBase64(enc));

// escapes for url

res = res.replace('+', '-').replace('/', '_').replace("%", "%25").replace("\n", "%0A");

LOGGER.info("String Encrypted Successfully");

return res;

}

catch (Exception e)

{

LOGGER.error("encrypt Exception: "+e.getMessage());

}

return "";

}

and the JavaScript code, so far hammed up is below:

var encrypt = function(){

var iterations = 31;

var key = CryptoJS.MD5("PBEWithMD5AndDES");

var salt = CryptoJS.enc.Hex.parse('0021002100f0005500C3009F005A0075');

var options = {

mode: CryptoJS.mode.CBC,

iv: salt

};

var hashedPassword = CryptoJS.MD5($scope.data.webPassword);

var encryptedPassword = CryptoJS.DES.encrypt(hashedPassword, key,options).toString();

var result = encryptedPassword.toString(CryptoJS.enc.Base64);

}

but with both the encryption the encoded string I'm getting is different.

解决方案

PBEwithMD5andDES is obsolete technology and should not be used nowadays. This answer is only provided for demonstration purposes.

PBEwithMD5andDES is defined in PKCS#5 v1.5 which is nothing more than deriving key+IV using PBKDF1 (with MD5) and encrypting with DES.

var password = CryptoJS.enc.Utf8.parse("test");

var salt = CryptoJS.enc.Hex.parse("2121F055C39F5A75");

var iterations = 31;

// PBE according to PKCS#5 v1.5 (in other words: PBKDF1)

var md5 = CryptoJS.algo.MD5.create();

md5.update(password);

md5.update(salt);

var result = md5.finalize();

md5.reset();

for(var i = 1; i < iterations; i++) {

md5.update(result);

result = md5.finalize();

md5.reset();

}

// splitting key and IV

var key = CryptoJS.lib.WordArray.create(result.words.slice(0, 2));

var iv = CryptoJS.lib.WordArray.create(result.words.slice(2, 4));

var encrypted = CryptoJS.DES.encrypt("test", key, {

iv: iv

});

enchex.innerHTML = encrypted.ciphertext.toString();

encbase64.innerHTML = encrypted.ciphertext.toString(CryptoJS.enc.Base64);

Hex:

Base64:

Here is a jsFiddle to experiment with and here is the example Java code. Both produce the same result in Hex: aa8101a7d63093c6.

Security considerations:

PBEwithMD5andDES should not be used and there are better alternatives like PBEWithHmacSHA256AndAES_128 which require a slightly different approach.

The number of iterations must be large (a thousand to a million) in order to make it hard to brute-force the password. DES only provides 56 bits of security, so it is even possible to brute-force the key directly with today's means.

The salt must be randomly generated in order to achieve semantic security. The salt itself doesn't need to be secret. Since it has a known length it can be simply prepended to the ciphertext and sliced off before decryption.