java - 基于 Java 的 Ansible 保险库秘密解密解决方案

问题描述

我们想做一个基于 java 的解决方案，可以解密 Ansible vault 的秘密，这取决于这个非常聪明的博客

我们制作了一个 java 测试解决方案来检查 python 代码的工作，但第一步的结果不是预期的。我们想就这个问题寻求一些帮助。为什么我们得不到正确的结果？基于python的方法是否可能与基于java的方法不同？

@Test
public void testFirstStepOfImplementation() throws NoSuchAlgorithmException, In-validKeySpecException {
   String salt = "33343835306666636239373663396363643766613363343837646633343933376633323964663030313461623564666130643664313438333363373037623365";
   String hmac = "66346632303234363338306133646136393261363338616337613039363435313631343437323164386661326633313339396238396236346239333863663265";
   String encryptedBytes = "653036663266373533343232393838343161396564333963643632653932303861356361316561303465373566373961393231343861623064313765643465376335666665326331323061373237336639356165393563613765663864366231";
   String saltAscii = hexToAscii(salt);
   System.out.println(saltAscii);
   System.out.println(hexToAscii(hmac));
   System.out.println(hexToAscii(encryptedBytes));
   final Charset asciiCs = Charset.forName("UTF-8");
   SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");

   // Here is the problematic method call
   PBEKeySpec spec = new PBEKeySpec(asciiCs.encode("password").toString().toCharArray(), hex-ToAscii(saltAscii).getBytes(), 10000, 80 * 8);

   SecretKey tmp = factory.generateSecret(spec);
   System.out.println(bytesToHex(tmp.getEncoded()));

   // It must be:
   // # KDF (80 bytes)
   // fc4a21fb71bfaad6a0bbb078f0704721
   // ccad80519fc349c3ff14268fced14203
   // 9bfb1a43effdfb8f8d7119387fccec54
   // 8859c7fccc26589a65a2ee856e05763f
   // 394f9f4a44152b33234cba44c930921b
}

但是代码的结果是：

b4f0b2c365a1ab6d2abaa18f687078896a739ca97fe55dbd5c0e0ceea0d82d0391938442c5e1db2c5f6e2e944a9338f452cecb3892751ef27677f5cb29129943a558c357eaddb

而不是好的：

fc4a21fb71bfaad6a0bbb078f0704721ccad80519fc349c3ff14268fced142039bfb1a43effdfb8f8d7119387fccec548859c7fccc26589a65a2ee856e05763f394f3219f4a4441cbb352

标签： javapythonansibleansible-vault