由网友(有些爱祇能掩于岁月)分享简介：我在一个安全的应用程序的工作使用自己定制的加密方法，以及具有对消息解密的一个问题。I'm working on a security application using my own customized cryptography method, and having a problem on message dec...

我在一个安全的应用程序的工作使用自己定制的加密方法，以及具有对消息解密的一个问题。

I'm working on a security application using my own customized cryptography method, and having a problem on message decryption.

根据这一理论，输入已被填充，以满足所需的比特来执行加密。但是，填充位，​​即使解密后撑地。

According to the theory, the input has to be padded to meet the required bit to execute the encryption. But the padded bits stays even after the decryption.

下面是一个例子：

input (before padding) : q
input (after padding)  : 113 0 0 0 0 0 0 0 (in Bytes)

然后我执行一些code：

Then I execute some code:

bytes[] a = encrypt(input);
bytes[] b = decrypt(a);

String output = "";
output = new String(b, "UTF-8");

上的System.out.println的输出​​如下：

The output on System.out.println is below:

b      : 113 0 0 0 0 0 0 0
output : q[][][][][][][]

我不知道如何删除填充位。我目前使用下面的功能：

I have no idea how to remove the padded bits. I'm currently using the function below:

public String processOutput(String dtxt){
    String result = "";
    int l = dtxt.length();
    for(int i=0;i<l-16;i++) result = result + dtxt.charAt(i);
    for(int i=l-16;i<l;i++){
        if((long)dtxt.charAt(i)!=0){
            result = result + dtxt.charAt(i);
        }
    } return result;
}

但是，如果我把输出到字符串这个函数才有效。如果输出是一个文件（假设一个图像文件）？如何解密后删除填充位？请帮助。

But this function will only works if I put the output to a String. What if the output is a file (let's say an image file)? How to remove the padded bits after decryption? Please help.

推荐答案

您应该使用的填充，如 Cipher.getInstance（AES / CBC / PKCS5Padding）。零填充，因为你现在正在使用，已经得到了，你可以在纯文本之间， 00 值字节和填补结束分不清的问题。如果执行，然后去填充你将至少有最终块麻烦。当然，与文字你可以删除 00 末值字节执行字符解码程序之前。另一种方法是只需在纯文本的开始添加64位大小的指标。

You should use a padding such as Cipher.getInstance("AES/CBC/PKCS5Padding"). Zero padding, as you are now using, has got the problem that you cannot distinguish between a plain text ending with 00 valued bytes and the padding. If you perform unpadding then you will at least have trouble with the final block. Of course, with text you can just removed the 00 valued bytes at the end before you perform the character decoding routine. Another method is to simply add a 64-bit size indicator at the start of your plain text.

请注意，默认甲骨文的Java供应商不必零填充选项（据我所知），所以你要么做去填充自己，否则你将不得不使用其他JCE提供如的充气城堡提供商，它包括零填充选项（如 Cipher.getInstance（AES / CBC / ZeroPadding）。

Note that the default Oracle Java providers do not have zero padding options (as far as I know) so you either have to do the unpadding yourself, or you will have to use another JCE provider such as the Bouncy Castle provider that does include zero padding options (e.g. for Cipher.getInstance("AES/CBC/ZeroPadding").

注意维基百科页面上填充有许多对此事说。还要注意的是CBC模式本身并不提供完整性保护或认证，仅保密且仅当正确使用。

Note that the Wikipedia page on padding has much to say on the matter. Also note that CBC mode does not provide integrity protection or authentication by itself, only confidentiality and only if used correctly.