@Internal public final class CryptoFunctions extends java.lang.Object
Modifier and Type | Method and Description |
---|---|
static byte[] |
createXorArray1(java.lang.String password)
Creates an byte array for xor obfuscation (method 1)
(为 xor 混淆创建一个字节数组(方法 1))
|
static int |
createXorKey1(java.lang.String password)
Create the xor key for xor obfuscation, which is used to create the xor array (method 1)
(为异或混淆创建异或键,用于创建异或数组(方法一))
|
static int |
createXorVerifier1(java.lang.String password)
Create the verifier for xor obfuscation (method 1)
(为异或混淆创建验证器(方法一))
|
static int |
createXorVerifier2(java.lang.String password)
This method generates the xor verifier for word documents < 2007 (method 2).
(此方法为 < 2007 年的 word 文档生成 xor 验证器(方法 2)。)
|
static byte[] |
generateIv(HashAlgorithm hashAlgorithm, byte[] salt, byte[] blockKey, int blockSize)
2.3.4.12 Initialization Vector Generation (Agile Encryption)
(2.3.4.12 初始化向量生成(敏捷加密))
|
static byte[] |
generateKey(byte[] passwordHash, HashAlgorithm hashAlgorithm, byte[] blockKey, int keySize)
2.3.4.11 Encryption Key Generation (Agile Encryption)
(2.3.4.11 加密密钥生成(敏捷加密))
|
static byte[] |
getBlock0(byte[] hash, int size)
Returns a new byte array with a truncated to the given size.
(返回一个截断到给定大小的新字节数组。)
|
static javax.crypto.Cipher |
getCipher(java.security.Key key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, java.lang.String padding)
Initialize a new cipher object with the given cipher properties If the given algorithm is not implemented in the JCE, it will try to load it from the bouncy castle provider.
(用给定的密码属性初始化一个新的密码对象如果给定的算法没有在 JCE 中实现,它将尝试从充气城堡提供程序加载它。)
|
static javax.crypto.Cipher |
getCipher(javax.crypto.SecretKey key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode)
Initialize a new cipher object with the given cipher properties and no padding If the given algorithm is not implemented in the JCE, it will try to load it from the bouncy castle provider.
(用给定的密码属性和无填充初始化一个新的密码对象如果给定的算法没有在 JCE 中实现,它将尝试从充气城堡提供程序加载它。)
|
static javax.crypto.Mac |
getMac(HashAlgorithm hashAlgorithm) |
static java.security.MessageDigest |
getMessageDigest(HashAlgorithm hashAlgorithm) |
static byte[] |
hashPassword(java.lang.String password, HashAlgorithm hashAlgorithm, byte[] salt, int spinCount)
2.3.4.7 ECMA-376 Document Encryption Key Generation (Standard Encryption) 2.3.4.11 Encryption Key Generation (Agile Encryption) (2.3.4.7 ECMA-376 文档加密密钥生成(标准加密) 2.3.4.11 加密密钥生成(敏捷加密)) |
static byte[] |
hashPassword(java.lang.String password, HashAlgorithm hashAlgorithm, byte[] salt, int spinCount, boolean iteratorFirst)
Generalized method for read and write protection hash generation.
(读写保护哈希生成的通用方法。)
|
static void |
registerBouncyCastle() |
static java.lang.String |
xorHashPassword(java.lang.String password)
This method generates the xored-hashed password for word documents < 2007.
(此方法为 < 2007 的 word 文档生成 xored-hashed 密码。)
|
static java.lang.String |
xorHashPasswordReversed(java.lang.String password)
Convenience function which returns the reversed xored-hashed password for further processing in word documents 2007 and newer, which utilize a real hashing algorithm like sha1.
(方便的函数,它返回反向的异或哈希密码,以便在 Word 文档 2007 和更高版本中进行进一步处理,它使用像 sha1 这样的真实哈希算法。)
|
public static byte[] hashPassword(java.lang.String password, HashAlgorithm hashAlgorithm, byte[] salt, int spinCount)
2.3.4.7 ECMA-376 Document Encryption Key Generation (Standard Encryption)
2.3.4.11 Encryption Key Generation (Agile Encryption)
The encryption key for ECMA-376 document encryption [ECMA-376] using agile encryption MUST be generated by using the following method, which is derived from PKCS #5: Password-Based Cryptography Version 2.0 [RFC2898].
Let H() be a hashing algorithm as determined by the PasswordKeyEncryptor.hashAlgorithm element, H_n be the hash data of the n-th iteration, and a plus sign (+) represent concatenation. The password MUST be provided as an array of Unicode characters. Limitations on the length of the password and the characters used by the password are implementation-dependent. The initial password hash is generated as follows:
H_0 = H(salt + password)
The salt used MUST be generated randomly. The salt MUST be stored in the PasswordKeyEncryptor.saltValue element contained within the \EncryptionInfo stream as specified in section 2.3.4.10. The hash is then iterated by using the following approach:
H_n = H(iterator + H_n-1)
where iterator is an unsigned 32-bit value that is initially set to 0x00000000 and then incremented monotonically on each iteration until PasswordKey.spinCount iterations have been performed. The value of iterator on the last iteration MUST be one less than PasswordKey.spinCount.
For POI, H_final will be calculated by generateKey(byte[],HashAlgorithm,byte[],int)
password
- the password
(密码 - 密码)
hashAlgorithm
- the hash algorithm
(hashAlgorithm - 哈希算法)
salt
- the initial salt value
(salt - 初始盐值)
spinCount
- the repetition count
(spinCount - 重复计数)
public static byte[] hashPassword(java.lang.String password, HashAlgorithm hashAlgorithm, byte[] salt, int spinCount, boolean iteratorFirst)
password
- the pasword
(密码 - 密码)
hashAlgorithm
- the hash algorighm
(hashAlgorithm - 哈希算法)
salt
- the initial salt value
(salt - 初始盐值)
spinCount
- the repetition count
(spinCount - 重复计数)
iteratorFirst
- if true, the iterator is hashed before the n-1 hash value, if false the n-1 hash value is applied first
(iteratorFirst - 如果为 true,则迭代器在 n-1 哈希值之前进行哈希,如果为 false,则首先应用 n-1 哈希值)
public static byte[] generateIv(HashAlgorithm hashAlgorithm, byte[] salt, byte[] blockKey, int blockSize)
2.3.4.12 Initialization Vector Generation (Agile Encryption)
Initialization vectors are used in all cases for agile encryption. An initialization vector MUST be generated by using the following method, where H() is a hash function that MUST be the same as specified in section 2.3.4.11 and a plus sign (+) represents concatenation:
blockKey: IV = H(KeySalt + blockKey)
KeySalt:IV = KeySalt
public static byte[] generateKey(byte[] passwordHash, HashAlgorithm hashAlgorithm, byte[] blockKey, int keySize)
2.3.4.11 Encryption Key Generation (Agile Encryption)
The final hash data that is used for an encryption key is then generated by using the following method:
H_final = H(H_n + blockKey)
where blockKey represents an array of bytes used to prevent two different blocks from encrypting to the same cipher text.
If the size of the resulting H_final is smaller than that of PasswordKeyEncryptor.keyBits, the key MUST be padded by appending bytes with a value of 0x36. If the hash value is larger in size than PasswordKeyEncryptor.keyBits, the key is obtained by truncating the hash value.
(2.3.4.11 加密密钥生成(敏捷加密) 然后使用以下方法生成用于加密密钥的最终哈希数据: H_final = H(H_n + blockKey) 其中 blockKey 表示用于防止两个不同的字节数组阻止加密为相同的密文。如果生成的 H_final 的大小小于 PasswordKeyEncryptor.keyBits 的大小,则必须通过附加值为 0x36 的字节来填充密钥。如果散列值的大小大于 PasswordKeyEncryptor.keyBits,则通过截断散列值获得密钥。)passwordHash
- the hashed password byte
(passwordHash - 散列的密码字节)
hashAlgorithm
- the hash algorithm
(hashAlgorithm - 哈希算法)
blockKey
- the block key
(blockKey - 区块键)
keySize
- the key size
(keySize - 密钥大小)
public static javax.crypto.Cipher getCipher(javax.crypto.SecretKey key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode)
key
- the secret key
(key - 密钥)
cipherAlgorithm
- the cipher algorithm
(cipherAlgorithm - 密码算法)
chain
- the chaining mode
(chain - 链接模式)
vec
- the initialization vector (IV), can be null
(vec - 初始化向量 (IV),可以为 null)
cipherMode
- Cipher.DECRYPT_MODE or Cipher.ENCRYPT_MODE
(cipherMode - Cipher.DECRYPT_MODE 或 Cipher.ENCRYPT_MODE)
EncryptedDocumentException
- if the initialization failed or if an algorithm was specified, which depends on a missing bouncy castle provider
(EncryptedDocumentException - 如果初始化失败或指定了算法,这取决于缺少的充气城堡提供程序)
public static javax.crypto.Cipher getCipher(java.security.Key key, CipherAlgorithm cipherAlgorithm, ChainingMode chain, byte[] vec, int cipherMode, java.lang.String padding)
key
- the secret key
(key - 密钥)
cipherAlgorithm
- the cipher algorithm
(cipherAlgorithm - 密码算法)
chain
- the chaining mode
(chain - 链接模式)
vec
- the initialization vector (IV), can be null
(vec - 初始化向量 (IV),可以为 null)
cipherMode
- Cipher.DECRYPT_MODE or Cipher.ENCRYPT_MODE
(cipherMode - Cipher.DECRYPT_MODE 或 Cipher.ENCRYPT_MODE)
padding
- the padding (null = NOPADDING, ANSIX923Padding, PKCS5Padding, PKCS7Padding, ISO10126Padding, ...)
(padding - 填充 (null = NOPADDING, ANSIX923Padding, PKCS5Padding, PKCS7Padding, ISO10126Padding, ...))
EncryptedDocumentException
- if the initialization failed or if an algorithm was specified, which depends on a missing bouncy castle provider
(EncryptedDocumentException - 如果初始化失败或指定了算法,这取决于缺少的充气城堡提供程序)
public static byte[] getBlock0(byte[] hash, int size)
hash
- the to be truncated/filled hash byte array
(hash - 被截断/填充的哈希字节数组)
size
- the size of the returned byte array
(size - 返回的字节数组的大小)
public static java.security.MessageDigest getMessageDigest(HashAlgorithm hashAlgorithm)
public static javax.crypto.Mac getMac(HashAlgorithm hashAlgorithm)
public static void registerBouncyCastle()
public static int createXorVerifier1(java.lang.String password)
password
- the password
(密码 - 密码)
public static int createXorVerifier2(java.lang.String password)
password
- the password
(密码 - 密码)
public static java.lang.String xorHashPassword(java.lang.String password)
public static java.lang.String xorHashPasswordReversed(java.lang.String password)
public static int createXorKey1(java.lang.String password)
password
- the password
(密码 - 密码)
public static byte[] createXorArray1(java.lang.String password)
password
- the password
(密码 - 密码)
Copyright 2021 The Apache Software Foundation or its licensors, as applicable.