Android - javax.crypto.AEADBadTagException

Question

我当前在尝试解密已加密的文件时收到 AEADBadTagException。我在 stackoverflow 上搜索了几乎所有地方，但无法找到解决方案，并希望这只是我犯的一个小错误或与编码等有关，因为 GCM 无法验证它正在生成的标签。

\n\n

我相信问题出在我尝试加密/解密的文件中的某个地方。同样的代码适用于图像，但是，当我尝试加密 PDF 时，它失败并给出上述错误。

\n\n

下面的代码没有使用 CipherOutputStream/CipherInputStream，但我已经尝试过两者但没有运气。

\n\n

我知道加密/解密方法不应该这样编写，特别是对于硬编码的 IV，但现在我只是想让它工作，然后稍后正确保护这些方法。

\n\n

我正在使用 Android KeyStore 来获取我的密钥。我知道这部分是有效的，因为我在应用程序中有很多其他部分使用相同的方法使用密钥库。另外，此方法适用于图像。

\n\n

该错误发生在 cipher.doFinal(encryptedBytes) 上。当我使用 CipherInputStream 时，它发生在 CipherInputStream(EncryptedFileStream, cipher) 上

\n\n

这是代码以及错误堆栈，非常感谢任何帮助：

\n\n

加密

\n\n

        val fileBytes = inputStream.readBytes()\n        val cipher = Cipher.getInstance("AES/GCM/NoPadding")\n        keyStoreService.checkKeyAndCreate(ALIAS_FILE_KEY)\n        val key = keyStoreService.getFileKey(ALIAS_FILE_KEY)\n        val iv = byteArrayOf(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)\n        cipher.init(Cipher.ENCRYPT_MODE, key, GCMParameterSpec(128, iv))\n        val encryptedBytes = cipher.doFinal(fileBytes)\n        outputStream = FileOutputStream(file)\n        outputStream.write(encryptedBytes)\n        outputStream.flush()\n        inputStream.close()\n        outputStream.close()\n

\n\n

解密

\n\n

    val encryptedFile = File(filePath)\n    val encryptedBytes = encryptedFile.readBytes()\n    val cipher = Cipher.getInstance("AES/GCM/NoPadding")\n    val key = keyStoreService.getFileKey(ALIAS_FILE_KEY)\n    val iv = byteArrayOf(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0)\n    cipher.init(Cipher.DECRYPT_MODE, key, GCMParameterSpec(128, iv))\n    val decryptedBytes = cipher.doFinal(encryptedBytes)\n\n    return ByteArrayInputStream(decryptedBytes)\n

\n\n

堆栈跟踪

\n\n

E/AndroidRuntime: FATAL EXCEPTION: main\nProcess: onboard.app.passageways, PID: 15441\njava.lang.RuntimeException: java.lang.reflect.InvocationTargetException\n    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:503)\n    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)\n Caused by: java.lang.reflect.InvocationTargetException\n    at java.lang.reflect.Method.invoke(Native Method)\n    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)\n    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)\xc2\xa0\n Caused by: javax.crypto.AEADBadTagException\n    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)\n    at javax.crypto.Cipher.doFinal(Cipher.java:2055)\n    at passageways.android.onboard.services.EncryptionService.readEncryptedFile(EncryptionService.kt:79)\n    at passageways.android.onboard.fragments.MeetingBookDialogFragment.onViewCreated(Fragment.kt:38)\n    at android.support.v4.app.FragmentManagerImpl.moveToState(FragmentManager.java:1471)\n    at android.support.v4.app.FragmentManagerImpl.moveFragmentToExpectedState(FragmentManager.java:1784)\n    at android.support.v4.app.FragmentManagerImpl.moveToState(FragmentManager.java:1852)\n    at android.support.v4.app.BackStackRecord.executeOps(BackStackRecord.java:802)\n    at android.support.v4.app.FragmentManagerImpl.executeOps(FragmentManager.java:2625)\n    at android.support.v4.app.FragmentManagerImpl.executeOpsTogether(FragmentManager.java:2411)\n    at android.support.v4.app.FragmentManagerImpl.removeRedundantOperationsAndExecute(FragmentManager.java:2366)\n    at android.support.v4.app.FragmentManagerImpl.execPendingActions(FragmentManager.java:2273)\n    at android.support.v4.app.FragmentManagerImpl$1.run(FragmentManager.java:733)\n    at android.os.Handler.handleCallback(Handler.java:873)\n    at android.os.Handler.dispatchMessage(Handler.java:99)\n    at android.os.Looper.loop(Looper.java:193)\n    at android.app.ActivityThread.main(ActivityThread.java:6669)\n    at java.lang.reflect.Method.invoke(Native Method)\xc2\xa0\n    at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:493)\xc2\xa0\n    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:858)\xc2\xa0\n Caused by: android.security.KeyStoreException: Signature/MAC verification failed\n    at android.security.KeyStore.getKeyStoreException(KeyStore.java:839)\n    at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:224)\n    at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)\n    at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)\n    at javax.crypto.Cipher.doFinal(Cipher.java:2055)\xc2\xa0\n    at passageways.android.onboard.services.EncryptionService.readEncryptedFile(EncryptionService.kt:79)\xc2\xa0\n    at passageways.android.onboard.fragments.MeetingBookDialogFragment.onViewCreated(Fragment.kt:38)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.moveToState(FragmentManager.java:1471)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.moveFragmentToExpectedState(FragmentManager.java:1784)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.moveToState(FragmentManager.java:1852)\xc2\xa0\n    at android.support.v4.app.BackStackRecord.executeOps(BackStackRecord.java:802)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.executeOps(FragmentManager.java:2625)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.executeOpsTogether(FragmentManager.java:2411)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.removeRedundantOperationsAndExecute(FragmentManager.java:2366)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl.execPendingActions(FragmentManager.java:2273)\xc2\xa0\n    at android.support.v4.app.FragmentManagerImpl$1.run(FragmentManager.java:733)\xc2\xa0\n    at android.os.Handler.handleCallback(Handler.java:873)\xc2\xa0\n    at android.os.Handler.dispatchMessage(Handler.java:99)\xc2\xa0\n    at android.os.Looper.loop(Looper.java:193)\xc2\xa0\n    at android.app.ActivityThread.main(ActivityThread.java:6669)\n

\n

Answer 1

结果 readBytes() 使用默认缓冲区大小，并且仅返回其长度的字节缓冲区。所以它实际上并没有以字节为单位返回整个文件，只是返回缓冲区的长度。

我已改用 CipherOutputStream，请务必在将内容写入标记后包含刷新（）！