高级加密标准(英语:Advanced Encryption Standard,缩写:AES),在密码学中又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。这个标准用来替代原先的DES,已经被多方分析且广为全世界所使用。经过五年的甄选流程,高级加密标准由美国国家标准与技术研究院(NIST)于2001年11月26日发布于FIPS PUB 197,并在2002年5月26日成为有效的标准。2006年,高级加密标准已然成为对称密钥加密中最流行的算法之一。

该算法为比利时密码学家Joan Daemen和Vincent Rijmen所设计,结合两位作者的名字,以Rijndael为名投稿高级加密标准的甄选流程。(Rijndael的发音近于"Rhine doll”)

Encryption Is Not Authentication


kHv9PAlStPZaZJHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==
kHv9PAlStPZaZZHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==

public class EncryptionIsNotAuthentication {

    static byte[] P   = Bytes.fromHex("000102030405060708090a0b0c0d0e0f").getBytes();
    static String CB1 = "kHv9PAlStPZaZJHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==";
    static String CB2 = "kHv9PAlStPZaZZHIYXzyCnuAhWdRRK7H0cNVUCwzCZ4M8fxH79xIIIbznxmiOxGQ7td8LwTzHFgwBmbqWuB+sQ==";
    static byte[] C1  = Bytes.fromBase64(CB1).getBytes();
    static byte[] C2  = Bytes.fromBase64(CB2).getBytes();

    public static void main(String[] args) throws Exception {
        Key key = new SecretKeySpec(P, "AES");

        Cipher c1 = Cipher.getInstance("AES/CBC/NoPadding");
        c1.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(C1, 0, 16));
        byte[] p1 = c1.doFinal(C1, 16, C1.length - 16);

        Cipher c2 = Cipher.getInstance("AES/CBC/NoPadding");
        c2.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(C2, 0, 16));
        byte[] p2 = c2.doFinal(C2, 16, C2.length - 16);

        System.out.println(Bytes.from(p1).asHex());
        System.out.println(Bytes.from(p2).asHex());
        System.out.println(Bytes.from(trimBytes(p1)).toString());
        System.out.println(Bytes.from(trimBytes(p2)).toString());
    }

    static byte[] trimBytes(byte[] bs) {
        int len = bs.length;
        while ((len >= 0) && (bs[len - 1] == 0x00)) {
            len--;
        }
        byte[] nb = new byte[len];
        System.arraycopy(bs, 0, nb, 0, len);
        return nb;
    }
}

Outputs:

7b2261646d696e223a302c2275736572223a22616161616161616161616161227d000000000000000000000000000000
7b2261646d696e223a312c2275736572223a22616161616161616161616161227d000000000000000000000000000000
{"admin":0,"user":"aaaaaaaaaaaa"}
{"admin":1,"user":"aaaaaaaaaaaa"}

From: https://paragonie.com/blog/2015/05/using-encryption-and-authentication-correctly


因此,同时需要保障数据加密的完整性需要使用 AED 的算法,比如 AES/GCM,使用 AES/GCM 时需要保证 Nonce 中重复,当 Noce 重复时可以通过重复 Nonce 的加密解密数据。

A byte-oriented AES-256 implementation

Note it is AES-256, not AES-128. This implementation is fully compatible with FIPS-197. The included demo code validates with the test vector as defined in Appendix C.3 there.