切换的java流密码流

Question

我试图创建，它可以让客户端发送的登录名与服务器的协议。在此之后，服务器从服务器获取客户端密码并从中创建密码密钥。客户端根据输入的密码创建一个密钥。这样我试图得到一个安全的连接。

然而，发送用户名，获取密码等。我试图创建一个从cypherstream一个新的ObjectInputStream读取数据，但它阻止了。即使看了很多其他类似的问题，我也找不到一种方法来实现它的工作。

Serverside集团

private void switchToChipherStreams(String username) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException { 
    byte key[] = dbMediator.getPasswordCypher(username); 
    SecretKey key64 = new SecretKeySpec(key, "Blowfish"); 
    Cipher cipher = Cipher.getInstance("Blowfish"); 
    cipher.init(Cipher.ENCRYPT_MODE, key64); 
    try { 
     Thread.sleep(1000); 
    } catch (InterruptedException ex) { 
     Logger.getLogger(Connection.class.getName()).log(Level.SEVERE, null, ex); 
    } 
    out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipher)); 
    out.reset(); 
    out.flush(); 
    out.writeObject("switch"); 
    in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipher)); 
} 

客户端

private void switchToChipherStreams(String password) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IOException { 
    //Generate key 
    byte[] key = new byte[8]; 
    for (int i = 0; i < 8; i++) { 
     if (password.length() > i) { 
      key[i] = password.getBytes()[i]; 
     } else { 
      key[i] = (byte) i; 
     } 
    } 
    //Setup cipher streams 
    SecretKey key64 = new SecretKeySpec(key, "Blowfish"); 
    Cipher cipher = Cipher.getInstance("Blowfish"); 
    cipher.init(Cipher.ENCRYPT_MODE, key64); 
    in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipher)); 
    out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipher)); 
    out.reset(); 
    out.flush(); 
    out.writeObject("switch"); 
} 

在它的trowing异常（无效的头），因为我想在发送数据的那一刻，但如果我不要只是阻止。

有谁告诉我，我在做什么错在这里，或者如果它甚至有可能转变为加密的ObjectInputStream。

亲切的问候，

朱尔

编辑

更改了密码加密和解密的输出流，新代码：

Serverside集团

byte key[] = dbMediator.getPasswordCypher(username); 
    SecretKey key64 = new SecretKeySpec(key, "Blowfish"); 
    Cipher cipheren = Cipher.getInstance("Blowfish"); 
    cipheren.init(Cipher.ENCRYPT_MODE, key64); 
    Cipher cipherde = Cipher.getInstance("Blowfish"); 
    cipheren.init(Cipher.DECRYPT_MODE, key64); 
    out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipheren)); 
    out.reset(); 
    out.flush(); 
    out.writeObject("switch"); 
    in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipherde)); 

客户端

//Generate key 
     byte[] key = new byte[8]; 
     for (int i = 0; i < 8; i++) { 
      if (password.length() > i) { 
       key[i] = password.getBytes()[i]; 
      } else { 
       key[i] = (byte) i; 
      } 
     } 
     //Setup cipher streams 
     SecretKey key64 = new SecretKeySpec(key, "Blowfish"); 
     Cipher cipheren = Cipher.getInstance("Blowfish"); 
     cipheren.init(Cipher.ENCRYPT_MODE, key64); 
     Cipher cipherde = Cipher.getInstance("Blowfish"); 
     cipheren.init(Cipher.DECRYPT_MODE, key64); 
     out = new ObjectOutputStream(new CipherOutputStream(socket.getOutputStream(), cipheren)); 
     out.reset(); 
     out.flush(); 
     out.writeObject("switch"); 
     in = new ObjectInputStream(new CipherInputStream(socket.getInputStream(), cipherde)); 

现在无效头的问题是解决了，但冻结客户端和服务器当ObjectInputStream的构造函数被调用。

Answer 1

不能创建从相同的密码对象密码输入和输出流。您需要两个密码对象，一个处于DECRYPT模式，另一个处于ENCRYPT模式。

创建和ObjectInputStream两端前冲洗ObjectOutputStream。