JAVA实现对称加密
2018-07-11 本文已影响55人
Hey_Shaw
对称加密算法
加密密钥 = 解密密钥(完全对称的)
- 初等加密算法
- DES
- 3DES
- AES
- PBE
- IDEA
对称加密算法 - DES
- DES(Data Encryption Standard)数据加密标准
| 密钥长度 | 默认 | 工作模式 | 填充方式 | 实现方 |
|---|---|---|---|---|
| 56 | 56 | ECB、CBC、PCBC、CTR、CTS、CFB、CFB8 到 128、OFB、OFB8 到 128 | NoPadding、PKCS5Padding、ISO10126Padding | JDK |
| 64 | 56 | 同上 | PKCS7Padding、ISO10126d2Padding、X932Padding、ISO7816d4Padding、ZeroBytePadding | BC |
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class DESTest{
public static final String src = "des test";
public static void main(String[] args) {
jdkDES();
bcDES();
}
// 用jdk实现:
public static void jdkDES(){
try{
// 生成KEY
KeyGenerator keyGenerator = KeyGenerator.getInstance("DES");
keyGenerator.init(56);
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESKeySpec desKeySpec = new DESKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密(加解密方式:..工作模式/填充方式)
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("jdk des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bcDES(){
try{
Security.addProvider(new BouncyCastleProvider());
// 生成KEY
KeyGenerator keyGenerator = KeyGenerator.getInstance("DES", "BC");
keyGenerator.getProvider();
keyGenerator.init(56);
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESKeySpec desKeySpec = new DESKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("bc des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("bc des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
对称加密算法 - DES
对称加密算法 - 3重DES
- 1、违反柯克霍夫原则
- 2、安全问题
3重DES的好处
-
1、密钥长度增强
-
2、迭代次数提高
-
3DES(Triple DES 或 DESede)
密钥长度 | 默认 | 工作模式 | 填充方式 | 实现方
--- | --- | --- | --- | --- |
112、168 | 168 | ECB、CBC、PCBC、CTR、CTS、CFB、CFB8 到 128、OFB、OFB8 到 128 | NoPadding、PKCS5Padding、ISO10126Padding | JDK
128、192 | 168 | 同上 | PKCS7Padding、ISO10126d2Padding、X932Padding、ISO7816d4Padding、ZeroBytePadding | BC
import java.security.Key;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class DES3Test {
public static final String src = "3des test";
public static void main(String[] args) {
jdk3DES();
bc3DES();
}
// 用jdk实现:
public static void jdk3DES() {
try {
// 生成KEY
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
// 必须长度是:112或168
// keyGenerator.init(168);
keyGenerator.init(new SecureRandom());
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk 3des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("jdk 3des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bc3DES(){
try {
Security.addProvider(new BouncyCastleProvider());
// 生成KEY
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede", "BC");
keyGenerator.getProvider();
keyGenerator.init(168);
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("bc 3des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("bc 3des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
对称加密算法 - AES
- 3重DES效率低、处理速度较慢
- AES是目前使用最多的对称加密算法
- 至今尚未被破解
AES通常用于移动通信系统加密以及基于SSH协议的软件(SSH Client、secureCRT)
- 高级
- DES替代者
密钥长度 | 默认 | 工作模式 | 填充方式 | 实现方
--- | --- | --- | --- | --- |
128、192、256 | 128 | ECB、CBC、PCBC、CTR、CTS、CFB、CFB8 到 128、OFB、OFB8 到 128 | NoPadding、PKCS5Padding、ISO10126Padding | JDK(256位密钥需要获得无政策限制权限文件)
同上 | 同上 | 同上 | PKCS7Padding、ZeroBytePadding | BC
无政策限制权限文件是指,因为某些国家的进口管制限制,Java发布的运行环境包中的加解密有一定的限制。
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class AESTest{
public static final String src = "aes test";
public static void main(String[] args) {
jdkAES();
bcAES();
}
// 用jdk实现:
public static void jdkAES(){
try{
// 生成KEY
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
byte[] keyBytes = secretKey.getEncoded();
// KEY转换
Key key = new SecretKeySpec(keyBytes, "AES");
// 加密
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk aes encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, key);
result = cipher.doFinal(result);
System.out.println("jdk aes decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bcAES() {
try{
Security.addProvider(new BouncyCastleProvider());
// 生成KEY
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "BC");
keyGenerator.getProvider();
keyGenerator.init(128);
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
byte[] keyBytes = secretKey.getEncoded();
// KEY转换
Key key = new SecretKeySpec(keyBytes, "AES");
// 加密
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("bc aes encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, key);
result = cipher.doFinal(result);
System.out.println("bc aes decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
对称加密算法AES
对称加密算法 - PBE
- AES、DES 和 3重DES在使用上比较一致
- PBE算法结合了消息摘要算法和对称加密算法的优点
- PBE(Password Based Encryption)基于口令加密
- 口令有规律,很容易用穷举的方式被破译。通常加 “盐(Salt)”的方式扰码,来加提高破解难度。
- 对已有算法的包装
- JDK、BC
- 盐
- PBEWithMD5AndDES
| 算法 | 密钥长度 | 默认 | 工作模式 | 填充方式 | 实现 |
|---|---|---|---|---|---|
| PBEWithSHAAnd128BitRC2-CBC | 128 | 128 | CBC | PKCS5Padding、PKCS7Padding、ISO10126Padding、ZeroBytePadding | BC |
| PBEWithSHAAnd40BitRC2-CBC | 40 | 40 | |||
| PBEWithSHAAnd128BitRC4 | 128 | 128 | |||
| PBEWithSHAAnd40BitRC4 | 40 | 40 | |||
| PBEWithSHAAndTwofish-CBC | 256 | 256 | |||
| PBEWithMD5AndDES | 56 | 56 | CBC | PKCS5Padding | JDK |
| PBEWithMD5AndTripleDES | 112、168 | 168 | |||
| PBEWithSHA1AndDESede | 112、168 | 168 | |||
| PBEWithSHA1AndRC2_40 | 40~1024 (8倍数) |
128 |
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.codec.binary.Hex;
public class PBETest {
public static final String src = "pbe test";
public static void main(String[] args) {
jdkPBE();
}
// 用jdk实现:
public static void jdkPBE(){
try {
// 初始化盐
SecureRandom random = new SecureRandom();
byte[] salt = random.generateSeed(8);
// 口令与密钥
String password = "timliu";
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHMD5andDES");
Key key = factory.generateSecret(pbeKeySpec);
// 加密
PBEParameterSpec pbeParameterSpac = new PBEParameterSpec(salt, 100);
Cipher cipher = Cipher.getInstance("PBEWITHMD5andDES");
cipher.init(Cipher.ENCRYPT_MODE, key, pbeParameterSpac);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk pbe encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, key, pbeParameterSpac);
result = cipher.doFinal(result);
System.out.println("jdk pbe decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
对称加密算法-PBE
