解密敏感数据
- 对称解密使用的算法为
AES-128-CBC
,数据采用PKCS#7
填充。 - 对称解密的目标密文为
encryptedData
。 - 对称解密秘钥
aeskey = Base64_Decode(session_key)
,aeskey
长度为 16Byte。 - 对称解密算法初始向量为
Base64_Decode(iv)
。
根据以上描述,写了相应的解密算法,发现一直卡在这里,错误如下:{"code":1,"msg":"javax.crypto.BadPaddingException: pad block corrupted"}
解密 代码如下:
public Result aesDecryptData(String encryptedData, String sessionKey, String iv) {
// refer: https://developers.weixin.qq.com/miniprogram/dev/framework/open-ability/signature.html
if (sessionKey.length() != 24) return new Result(ErrorCode.WxIllegalAesKey);
if (iv.length() != 24) return new Result(ErrorCode.WxIllegalIv);
Security.addProvider(new BouncyCastleProvider());
var decoder = Base64.getDecoder();
var aesKey = decoder.decode(sessionKey);
var aesIv = decoder.decode(iv);
var cipher = decoder.decode(encryptedData);
try { var skeySpec = new SecretKeySpec(aesKey, "AES");
var ivSpec = new IvParameterSpec(aesIv);
var dcipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
// var dcipher = Cipher.getInstance("AES/CBC/PKCS7Padding");
// var dcipher = Cipher.getInstance("AES/CBC/PKCS7Padding", "BC");
// var params = AlgorithmParameters.getInstance("AES");
// params.init(ivSpec);
// dcipher.init(Cipher.DECRYPT_MODE, skeySpec, params);
dcipher.init(Cipher.DECRYPT_MODE, skeySpec, ivSpec);
// var res = new String(dcipher.doFinal(cipher));
var res = decodeSecData(cipher, aesIv, aesKey);
log.debug("aesDecryptData: res={}", res);
var j = JSONUtil.parse(res);
// if (j == null || !j.getJSONObject("watermark").getString("appid").equals(weapp.get("appid"))) {
// return new Result(ErrorCode.WxIllegalBuffer);
// }
// var unionId = j.getString("unionId");
// redis.set("user:session_key:" + unionId, sessionKey);
// return new Result(ErrorCode.Success, null, j);
return new Result(ErrorCode.Success, j);
} catch (Exception e) { log.info("aesDecryptData fail: e={}", e.getMessage());
return new Result(ErrorCode.Fail, e.getMessage());
} }