我使用所示ESAPI Base64编码加密和解密的是: http://www.programcreek.com/java-api-examples/index.php?api=org.owasp.esapi.codecs.Base64ESAPI加密和解密
这是我的代码的外观:
import org.owasp.esapi.crypto.CipherText;
import org.owasp.esapi.crypto.PlainText;
import org.owasp.esapi.errors.EncryptionException;
import org.owasp.esapi.reference.crypto.JavaEncryptor;
import javax.crypto.EncryptedPrivateKeyInfo
import org.owasp.esapi.ESAPI
import org.owasp.esapi.ValidationErrorList
import org.owasp.esapi.Validator
import org.apache.commons.codec.binary.Base64;
class SampleMain {
public String decrypt2(String cryptedText){
String clearText=null;
try {
CipherText cipherText=CipherText.fromPortableSerializedBytes(Base64.decodeBase64(cryptedText));
clearText=ESAPI.encryptor().decrypt(cipherText).toString();
}
catch ( EncryptionException e) {
System.out.println("EsapiEncryptor.decrypt: " + e.getMessage(),e);
}
return clearText.toString();
}
public String encrypt2(String clearText){
String cryptedText=null;
try {
CipherText cipherText=ESAPI.encryptor().encrypt(new PlainText(clearText));
cryptedText=Base64.encodeBase64(cipherText.asPortableSerializedByteArray());
}
catch ( EncryptionException e) {
System.out.println("EsapiEncryptor.encrypt: " + e.getMessage(),e);
}
return cryptedText;
}
public static void main(String[] args) throws EncryptionException{
String myplaintext = "MyPlaintext";
SampleMain sample = new SampleMain();
String enString = sample.encrypt2(myplaintext);
System.out.println("-----------enString-----------: " + enString);
String deString = sample.decrypt2(enString);
System.out.println("-----------deString-----------: " + deString);
}
}
但是当我尝试运行这个简单的程序我得到以下例外:
Apr 01, 2017 12:43:30 PM org.owasp.esapi.reference.JavaLogFactory$JavaLogger log
WARNING: [SECURITY FAILURE Anonymous:[email protected] -> /DefaultName/IntrusionDetector] Likely tampering with KDF version on serialized ciphertext.KDF version read from serialized ciphertext (123190483) is out of range. Valid range for KDF version is [20110203, 99991231].
org.owasp.esapi.errors.EncryptionException: Version info from serialized ciphertext not in valid range.
at org.owasp.esapi.crypto.CipherTextSerializer.convertToCipherText(CipherTextSerializer.java:299)
at org.owasp.esapi.crypto.CipherTextSerializer.<init>(CipherTextSerializer.java:80)
at org.owasp.esapi.crypto.CipherText.fromPortableSerializedBytes(CipherText.java:176)
at org.owasp.esapi.crypto.CipherText$fromPortableSerializedBytes$0.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at gov.gsa.dss.test.SampleMain.decrypt2(SampleMain.groovy:30)
at gov.gsa.dss.test.SampleMain$decrypt2$0.call(Unknown Source)
at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:125)
at gov.gsa.dss.test.SampleMain.main(SampleMain.groovy:59)
任何想法,为什么我会得到这个错误或这样一个简单的程序。谢谢。
为什么不显示程序的输出?你只显示异常。 –
这是输出的样子:---------- enString -----------:[B @ 1e800aaa Apr 01,2017 12:43:30 PM org.owasp。 esapi.reference.JavaLogFactory $ JavaLogger log 警告:[安全失败匿名:null @ unknown - >/DefaultName/CryptoHelper]可能的数据篡改。遇到无效的KDF版本#。 2017年4月1日下午12时43分30秒Org.owasp.esapi.reference.JavaLogFactory $ JavaLogger日志.... – TechDiva
你的代码甚至没有编译,但你已经提供了堆栈跟踪成功编译的运行时异常码。为什么不显示实际导致问题的代码,而不是一些无关的代码? –