我正在解密来自oracle数据库的密码,以便登录页面验证用户名和密码。它是一种简单的JSP页面:JSP CODE dbms obfuscation toolkit.DESEncrypt DECRYPT Oracle
<HTML>
<BODY>
<%
Class.forName("oracle.jdbc.OracleDriver");
Connection conn = DriverManager.getConnection("jdbc:oracle:thin:@xxx:xxxx:xxxx","i----r","i-----r");
// @//machineName:port:SID, userid, password
Statement st=conn.createStatement();
ResultSet rs=st.executeQuery("Select * from xxxxxxx");
//Just testing now, for decryption
String algorithm1 = "DES";//magical mystery constant
String algorithm2 = "DES/CBC/NoPadding";//magical mystery constant
IvParameterSpec iv = new IvParameterSpec(new byte [] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 });//magical mystery constant
Cipher cipher;
SecretKey key;
String k="12345abc";
key = new SecretKeySpec(k.getBytes(), algorithm1);
cipher = Cipher.getInstance(algorithm2);
String str="test1234abc";
cipher.init(Cipher.ENCRYPT_MODE, key, iv); //normally you could leave out the IvParameterSpec argument, but not with Oracle
byte[] bytes=str.getBytes("UTF-8");
byte[] encrypted = cipher.doFinal(bytes);
%>
</BODY>
</HTML>
我现在面临的问题是,一切正常,但是代码byte[] encrypted = cipher.doFinal(bytes);
最后一行给我一个错误:
javax.crypto.IllegalBlockSizeException: Input length not multiple of 8 bytes
at com.sun.crypto.provider.SunJCE_h.a(DashoA6275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA6275)
at com.sun.crypto.provider.SunJCE_h.b(DashoA6275)
at com.sun.crypto.provider.DESCipher.engineDoFinal(DashoA6275)
at javax.crypto.Cipher.doFinal(DashoA6275)
at _check1._jspService(_check1.java:83) [SRC:/check1.jsp:45]
at com.orionserver[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].http.OrionHttpJspPage.service(OrionHttpJspPage.java:56)
at oracle.jsp.runtimev2.JspPageTable.compileAndServe(JspPageTable.java:569)
at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:305)
at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:509)
at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:413)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:824)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:330)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:830)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:285)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.run(HttpRequestHandler.java:126)
at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
at java.lang.Thread.run(Thread.java:534)
什么可能导致这一点,我该如何解决它?
对于密码验证,我强烈建议不要使用加密/解密。相反,使用密码散列函数和足够长的盐。然后比较哈希值以验证密码。 – Codo 2012-07-09 10:31:44
我不使用这种方法,我正在使用的公司正在使用它。我只需要开发一个jsp页面,该页面允许我通过从该数据库获取密码来登录,其中密码已经存储。然后这个jsp页面将重定向到一个Oracle表单。你能改正这个代码吗? – Murtaza 2012-07-09 10:43:25
如果系统已经存在,那么您需要从创建它的人那里获得更多信息。 DES要求数据大小为8个字节的倍数。因此,如果加密不做任何填充,那么您需要了解现有系统如何产生8个字节的倍数。此外,请确保您使用完全相同的参数来创建密钥,加密密码,初始化向量以及将基于字符的数据转换为二进制数据(是否真的是UTF-8?)。 – Codo 2012-07-09 11:45:25