問題描述

您能幫我指出默認的 RSA 填充是什么嗎?

Could you help me to point out what is the default RSA padding.

確切地說，如果我創建如下密碼實例，確保 java 使用某種填充作為加密文本字節長度始終顯示 256 字節的 2048 RSA 密鑰，無論純文本是一個字符還是 10 個字符.

Precisely, if I create cipher instance as below, sure java is using some sort of padding as encrypted text bytes length always shows 256 bytes for 2048 RSA key irrespective of plain text is one characters or 10 characters.

Cipher.getInstance("RSA")  

如果在 Cipher.getInstance("RSA") 中沒有指定填充，我想知道 java 內部使用的默認填充是什么.那是 PKCS#1 v 1.5 嗎?

I wanted to know what is default padding java use internally if no padding is specified in Cipher.getInstance("RSA"). is that PKCS#1 v 1.5?

謝謝，山姆

推薦答案

與 "RSA/ECB/PKCS1Padding" 相同，其中 ECB 有點用詞不當，因為它沒有實現塊密碼操作模式(它不處理大于塊大小"的明文)."RSA/None/PKCS1Padding" 會是一個更好的名稱，或者 "RSA/None/RSASSA-PKCS1-v1_5" 因為您對填充機制的猜測是正確的.

It's identical to "RSA/ECB/PKCS1Padding" where ECB is a bit of a misnomer, as it does not implement a block cipher mode of operation (it doesn't handle plaintext larger than the "block size"). "RSA/None/PKCS1Padding" would have been a better name or "RSA/None/RSASSA-PKCS1-v1_5" as your guess about the padding mechanism is correct.

這意味著它使用的是舊的加密模式；OAEP 更能抵御攻擊并包含安全證明.不幸的是，OAEP 當然不能成為新的默認值，因為所有現有的密文都不會再解密了.這就是為什么首先使用默認值是愚蠢的原因之一.

This means that it uses a older mode of encryption; OAEP is more resistant against attacks and contains a security proof. Unfortunately OAEP can of course not be made the new default because all existing ciphertext would not decrypt anymore. This is one of the reasons why using defaults is stupid in the first place.

PKCS#1 v1.5 填充也意味著輸入被限制為最大密鑰大小減去 11 個字節.請注意，生成的密文的大小始終與 PKCS#1 中的密鑰大小相同；即使得到的整數更小，它也會用零字節填充.我在這里假設密鑰大小是 8 的倍數.

PKCS#1 v1.5 padding also means that the input is restricted to a maximum of the key size minus 11 bytes. Note that the size of the resulting ciphertext is always identical to the key size in PKCS#1; even if the resulting integer is smaller it will be left padded with zero bytes. I'm assuming here that the key size is a multiple of 8.

您不應該依賴算法規范的默認值.它使代碼更難理解，并且每個提供者的默認值可能確實不同(盡管大多數人會嘗試遵循 Oracle 的領導，以避免不兼容).因此，僅使用它來了解現有代碼中配置了哪種算法.在我看來，平臺默認設置唯一有意義的地方是 SecureRandom.

You should not rely on defaults for the algorithm specification. It makes the code harder to understand and defaults may indeed differ per provider (although most will try to follow Oracle's lead, to avoid incompatibilities). So use this only to understand which algorithm is configured in existing code. The only place where a platform default makes sense is SecureRandom in my opinion.

這篇關于SUN JCE/Oracle JCE 中的默認 RSA 填充的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！