我在下面使用这个(E.1)作为我的应用程序,显然有一个巨大的明显安全漏洞,我认识并理解.我对加密越来越感兴趣,想要更好地理解它,我需要生成一个随机密钥和一个IV,但我不确定如何正确地做到这一点有人可以向我解释谁熟悉AES加密如何工作(IV&KEY )所以我将来能够更好地理解并且可以运用我的知识,本质上我只是想让代码更安全,谢谢.
(E.1)
byte[] key = "mykey".getBytes("UTF-8");
private byte[] getKeyBytes(final byte[] key) throws Exception {
byte[] keyBytes = new byte[16];
System.arraycopy(key, 0, keyBytes, 0, Math.min(key.length, keyBytes.length));
return keyBytes;
}
public Cipher getCipherEncrypt(final byte[] key) throws Exception {
byte[] keyBytes = getKeyBytes(key);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecretKeySpec secretKeySpec = new SecretKeySpec(keyBytes, "AES");
IvParameterSpec ivParameterSpec = new IvParameterSpec(keyBytes);
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec, ivParameterSpec);
return cipher;
}
public void encrypt(File in, File output, byte[] key) throws Exception {
Cipher cipher = getCipherEncrypt(key);
FileOutputStream fos = …