Linux下运行java DES解密失败，报javax.crypto.BadPaddingException:Given final block not properly padded

DES java源代码如下：

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;

public class DESEncryptTest {
private static final String DES_ALGORITHM = "DES";

/**
* DES加密
* @param plainData
* @param secretKey
* @return
* @throws Exception
*/
public String encryption(String plainData, String secretKey) throws Exception{

Cipher cipher = null;
try {
cipher = Cipher.getInstance(DES_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, generateKey(secretKey));

} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
}catch(InvalidKeyException e){

}

try {
// 为了防止解密时报javax.crypto.IllegalBlockSizeException: Input length must be multiple of 8 when decrypting with padded cipher异常，
// 不能把加密后的字节数组直接转换成字符串
byte[] buf = cipher.doFinal(plainData.getBytes());

return Base64Utils.encode(buf);

} catch (IllegalBlockSizeException e) {
e.printStackTrace();
throw new Exception("IllegalBlockSizeException", e);
} catch (BadPaddingException e) {
e.printStackTrace();
throw new Exception("BadPaddingException", e);
}

}

/**
* DES解密
* @param secretData
* @param secretKey
* @return
* @throws Exception
*/
public String decryption(String secretData, String secretKey) throws Exception{

Cipher cipher = null;
try {
cipher = Cipher.getInstance(DES_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, generateKey(secretKey));

} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
throw new Exception("NoSuchAlgorithmException", e);
} catch (NoSuchPaddingException e) {
e.printStackTrace();
throw new Exception("NoSuchPaddingException", e);
}catch(InvalidKeyException e){
e.printStackTrace();
throw new Exception("InvalidKeyException", e);

}

try {

byte[] buf = cipher.doFinal(Base64Utils.decode(secretData.toCharArray()));

return new String(buf);

} catch (IllegalBlockSizeException e) {
e.printStackTrace();
throw new Exception("IllegalBlockSizeException", e);
} catch (BadPaddingException e) {
e.printStackTrace();
throw new Exception("BadPaddingException", e);
}
}

/**
* 获得秘密密钥
*
* @param secretKey
* @return
* @throws NoSuchAlgorithmException
*/
private SecretKey generateKey(String secretKey) throws NoSuchAlgorithmException{
SecureRandom secureRandom = new SecureRandom(secretKey.getBytes());

// 为我们选择的DES算法生成一个KeyGenerator对象
KeyGenerator kg = null;
try {
kg = KeyGenerator.getInstance(DES_ALGORITHM);
} catch (NoSuchAlgorithmException e) {
}
kg.init(secureRandom);
//kg.init(56, secureRandom);

// 生成密钥
return kg.generateKey();
}

public static void main(String[] a) throws Exception{
String input = "cy11Xlbrmzyh:604:301:1353064296";
String key = "37d5aed075525d4fa0fe635231cba447";

DESEncryptTest des = new DESEncryptTest();

String result = des.encryption(input, key);
System.out.println(result);

System.out.println(des.decryption(result, key));

}

static class Base64Utils {

static private char[] alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=".toCharArray();
static private byte[] codes = new byte[256];
static {
for (int i = 0; i < 256; i++)
codes[i] = -1;
for (int i = 'A'; i <= 'Z'; i++)
codes[i] = (byte) (i - 'A');
for (int i = 'a'; i <= 'z'; i++)
codes[i] = (byte) (26 + i - 'a');
for (int i = '0'; i <= '9'; i++)
codes[i] = (byte) (52 + i - '0');
codes['+'] = 62;
codes['/'] = 63;
}

/**
* 将原始数据编码为base64编码
*/
static public String encode(byte[] data) {
char[] out = new char[((data.length + 2) / 3) * 4];
for (int i = 0, index = 0; i < data.length; i += 3, index += 4) {
boolean quad = false;
boolean trip = false;
int val = (0xFF & (int) data[i]);
val <<= 8;
if ((i + 1) < data.length) {
val |= (0xFF & (int) data[i + 1]);
trip = true;
}
val <<= 8;
if ((i + 2) < data.length) {
val |= (0xFF & (int) data[i + 2]);
quad = true;
}
out[index + 3] = alphabet[(quad ? (val & 0x3F) : 64)];
val >>= 6;
out[index + 2] = alphabet[(trip ? (val & 0x3F) : 64)];
val >>= 6;
out[index + 1] = alphabet[val & 0x3F];
val >>= 6;
out[index + 0] = alphabet[val & 0x3F];
}

return new String(out);
}

/**
* 将base64编码的数据解码成原始数据
*/
static public byte[] decode(char[] data) {
int len = ((data.length + 3) / 4) * 3;
if (data.length > 0 && data[data.length - 1] == '=')
--len;
if (data.length > 1 && data[data.length - 2] == '=')
--len;
byte[] out = new byte[len];
int shift = 0;
int accum = 0;
int index = 0;
for (int ix = 0; ix < data.length; ix++) {
int value = codes[data[ix] & 0xFF];
if (value >= 0) {
accum <<= 6;
shift += 6;
accum |= value;
if (shift >= 8) {
shift -= 8;
out[index++] = (byte) ((accum >> shift) & 0xff);
}
}
}
if (index != out.length)
throw new Error("miscalculated data length!");
return out;
}
}
}

此代码在windows下运行正常，对加密后的密文可以正常解密。运行结果如下：

xl1nEww4mm09EvMy3tETBNg8HSfTFeBoilhNT7uBKBg=

cy11Xlbrmzyh:604:301:1353064296

但是放到linux上运行，则报错，错误信息如下图：



通过图片可以看到，对相同的明文（cy11Xlbrmzyh:604:301:1353064296）进行加密，在linux上加密后的结果和在windows上是不同的；而且在linux上不能对加密之后的密文进行解密，并抛出异常。

[b]原因：[/b]
经过检查之后，定位在生成KEY的方法上，即如下红色代码：

/**
* 获得秘密密钥
*
* @param secretKey
* @return
* @throws NoSuchAlgorithmException
*/
private SecretKey generateKey(String secretKey) throws NoSuchAlgorithmException{
SecureRandom secureRandom = new SecureRandom(secretKey.getBytes()); //主要是此处代码

// 为我们选择的DES算法生成一个KeyGenerator对象
KeyGenerator kg = null;
try {
kg = KeyGenerator.getInstance(DES_ALGORITHM);
} catch (NoSuchAlgorithmException e) {
}
kg.init(secureRandom);
//kg.init(56, secureRandom);

// 生成密钥
return kg.generateKey();
}

SecureRandom 实现完全随操作系统本身的內部状态，除非调用方在调用 getInstance 方法，然后调用 setSeed 方法；该实现在 windows 上每次生成的 key 都相同，但是在 solaris 或部分 linux 系统上则不同。关于SecureRandom类的详细介绍，见
http://yangzb.iteye.com/blog/325264

解决办法

方法1：把原来的generateKey方法中红色如下的红色部分：

/**
* 获得秘密密钥
*
* @param secretKey
* @return
* @throws NoSuchAlgorithmException
*/
private SecretKey generateKey(String secretKey) throws NoSuchAlgorithmException{
[code]//防止linux下 随机生成key

SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");
secureRandom.setSeed(secretKey.getBytes());

// 为我们选择的DES算法生成一个KeyGenerator对象
KeyGenerator kg = null;
try {
kg = KeyGenerator.getInstance(DES_ALGORITHM);
} catch (NoSuchAlgorithmException e) {
}
kg.init(secureRandom);
//kg.init(56, secureRandom);

// 生成密钥
return kg.generateKey();
}[/code]

方法2：不使用SecureRandom生成SecretKey，而是使用SecretKeyFactory；重新实现方法generateKey，代码如下

/**
* 获得密钥
*
* @param secretKey
* @return
* @throws NoSuchAlgorithmException
* @throws InvalidKeyException
* @throws InvalidKeySpecException
*/
private SecretKey generateKey(String secretKey) throws NoSuchAlgorithmException,InvalidKeyException,InvalidKeySpecException{

SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(DES_ALGORITHM);
DESKeySpec keySpec = new DESKeySpec(secretKey.getBytes());
keyFactory.generateSecret(keySpec);
return keyFactory.generateSecret(keySpec);
}