Where are the AES 256-bit cipher suites? Please someone help

本文详细记录了在使用JDK1.4.2创建SSLServerSocket并尝试启用256位AES加密套件时遇到的问题及解决方案。文中提及,在默认配置下,TLS_DHE_RSA_WITH_AES_256_CBC_SHA加密套件不可用,通过安装无限制强度的Java Cryptography Extension (JCE)策略文件,成功启用了高级加密套件。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

 

Please help me with this simple problem. I'm trying to create an SSLServerSocket that is enabled with the 2 AES 256-bit cipher suites that are supposed to be available in JDK1.4.2. As you can see in the following code, when the program attempts to enable the SSLServerSocket, ss, with CIPHER_SUITES, an exception occurs. The exception basically says that the TLS_DHE_RSA_WITH_AES_256_CBC_SHA cipher suite wasn't found. What's up?

__

String[] PROTOCOLS = {"SSLv3", "TLSv1"};

String[] CIPHER_SUITES = {"TLS_DHE_RSA_WITH_AES_256_CBC_SHA",

"TLS_DHE_RSA_WITH_AES_128_CBC_SHA",

"SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA",

"TLS_RSA_WITH_AES_256_CBC_SHA",

"TLS_RSA_WITH_AES_128_CBC_SHA",

"SSL_RSA_WITH_3DES_EDE_CBC_SHA"};

// create an SSLServerSocket ss

SSLContext context = SSLContext.getInstance("TLS", "SunJSSE");

context.init(myKeyManagers, myTrustManagers, SecureRandom.getInstance("SHA1PRNG", "SUN"));

SSLServerSocketFactory ssFactory = context.getServerSocketFactory();

SSLServerSocket ss = ssFactory.createServerSocket();

ss.setEnabledProtocols(PROTOCOLS);

ss.setEnabledCipherSuites(CIPHER_SUITES);// EXCEPTION OCCURS HERE (exception output is printed below)

// output a bunch of useful debugging information

System.out.println(System.getProperty("java.version") + "\n");

 

Provider[] providers = Security.getProviders();

for(int i=0; i < providers.length; ++i)

System.out.println(providers[i] + "\n" + providers[i].getInfo() + "\n********************");

String[] enabledProtocols = ss.getEnabledProtocols();

for(int i=0; i < enabledProtocols.length; ++i)

System.out.println(enabledProtocols[i]);

String[] enabledCipherSuites = ss.getEnabledCipherSuites();

for(int i=0; i < enabledCipherSuites.length; ++i)

System.out.println(enabledCipherSuites[i]);

_

OUTPUT

java.lang.IllegalArgumentException: Cannot support TLS_DHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers

at com.sun.net.ssl.internal.ssl.CipherSuiteList.<init>(DashoA6275)

at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.setEnabledCipherSuites(DashoA6275)

at test.util.ConcreteSSLServerSocketFactory.initSocket(ConcreteSSLServerSocketFactory.java:111)

at test.util.ConcreteSSLServerSocketFactory.createServerSocket(ConcreteSSLServerSocketFactory.java:100)

at test.Test.init(Test.java:151)

at test.Test.main(Test.java:111)

JRE Version

1.4.2

Security Providers

SUN version 1.42

SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)

********************

SunJSSE version 1.42

Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)

********************

SunRsaSign version 1.42

SUN's provider for RSA signatures

********************

SunJCE version 1.42

SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)

********************

SunJGSS version 1.0

Sun (Kerberos v5)

********************

Enabled Protocols

SSLv3

TLSv1

Enabled Cipher Suites

SSL_RSA_WITH_RC4_128_MD5

SSL_RSA_WITH_RC4_128_SHA

TLS_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

SSL_RSA_WITH_3DES_EDE_CBC_SHA

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

SSL_RSA_WITH_DES_CBC_SHA

SSL_DHE_RSA_WITH_DES_CBC_SHA

SSL_DHE_DSS_WITH_DES_CBC_SHA

SSL_RSA_EXPORT_WITH_RC4_40_MD5

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

 

 

Hey, self. Why don't you try using the Unlimited Strength Cryptography Files

The jre you are using does not have the advanced ciphers enabled.

Unlimited strength Java Cryptography Extenstion(JCE) Policy Files

Due to import control restrictions, the version of JCE policy files that are bundled in the JDK(TM) 6 environment allow "strong" but limited cryptography to be used. For our usage, we need to download a bundle that provide "unlimited strength" policy fies which contain no restrictions on cryptographic strengths.

Here are the installation instruction:

  1. Download the latest unlimited strength JCE policy files from Sun here
  2. Uncompress and extract the downloaded file. This will create a subdirectory called jce. This directory contains the following files:
    • README.txt
    • COPYRIGHT.html
    • local_policy.jar- Unlimited strength local policy file
    • US_export_policy.jar- Unlimited strength US export policy file
  3. Install the unlimited strength policy JAR files.

    To utilize the encryption/decryption functionalities of the JCE framework without any limitation, first make a copy of the original JCE policy files (US_export_policy.jar and local_policy.jar in the standard place for JCE jurisdiction policy JAR files) in case you later decide to revert to these "strong" versions. Then replace the strong policy files with the unlimited strength versions extracted in the previous step.

    The standard place for JCE jurisdiction policy JAR files is:
    • /lib/security [Unix]
    • \lib\security [Win32]
  4. For detailed informatation on downloading JCE files goto C:\Program Files\Common Files\WatchGuard\java\j2re1.6.0_05\lib\security and refer the readme.txt file [Assuming wsm is installed under c:\Program Files\Watchguard ].

 

转载于:https://www.cnblogs.com/kungfupanda/archive/2011/05/15/2047032.html

Java中实现AES-256加密算法通常需要使用`javax.crypto.Cipher`和`javax.crypto.spec.SecretKeySpec`类。以下是基本步骤: 1. 导入必要的包: ```java import javax.crypto.Cipher; import javax.crypto.spec.SecretKeySpec; import java.security.Key; import java.util.Base64; ``` 2. 获取密钥(这里假设你已经有了一个256位的密钥,例如从Base64解码得到`byte[] keyBytes = Base64.getDecoder().decode("your_encoded_key");`): ```java Key secretKey = new SecretKeySpec(keyBytes, "AES"); ``` 注意选择正确的算法名称,这里是"AES"。 3. 初始化Cipher对象并设置操作模式(ENCRYPT/DECRYPT): ```java Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); ``` CBC模式是一种常用的块密码模式,而PKCS5Padding是为了填充到块边界。 4. 设置初始化向量(IV),如果使用CBC模式,IV应该是随机生成的,并且在加密过程中必须保持不变: ```java byte[] iv = ... // 生成一个固定大小的随机字节数组 cipher.init(Cipher.ENCRYPT_MODE, secretKey, new IvParameterSpec(iv)); // 或者 Cipher.DECRYPT_MODE ``` 5. 加密或解密数据: ```java byte[] input = ... // 要加密的数据 byte[] encryptedData = cipher.doFinal(input); ``` 如果需要将加密后的数据转换为字符串以便传输,可以使用Base64编码: ```java String encodedData = Base64.getEncoder().encodeToString(encryptedData); ``` 同样,解密时先解码再用相同的cipher实例: ```java byte[] decodedData = Base64.getDecoder().decode(encodedData); cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv)); byte[] decryptedData = cipher.doFinal(decodedData); ```
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值