java aes_cbc_256 加密解密
在之前我们在openssl上和ios上分别测试了 AES256位cbc模式的加密和解密
今天用java提供的api来测试一下;进而确定一下在PC,iOS,安卓上三个平台下的加密解密数据;
1. 首先通过查询资料了解到:
- java的jdk 不支持256位AES密钥,需要安装扩展包,以下会提到
- java 中默认不支持PKCS7 填充方式,支持PKCS5,经测试PKCS5和pkcs7没多大区别(在多平台数据互测上)
- java中如果非要指定PKCS7 需要借助 BouncyCastle(java用的密码学类库)
2. 关于安装 支持AES 256位密钥的扩展包
下载http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
下载之后得到 local_policy.jar ,US_export_policy.jar 两个jar包,把这两个jar包放到 jdk/lib/security 目录下
替换原来的两个jar包即可
3. 使用java api 进行 AES_cbc_256位密钥 PKCS5 填充方式的加密解密
如下封装
private static final String ALGORITHM = "AES/CBC/PKCS5Padding"; //加密 public static byte[] AES_cbc_encrypt(byte[] srcData,byte[] key,byte[] iv) { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] encData = cipher.doFinal(srcData); return encData; } //解密 public static byte[] AES_cbc_decrypt(byte[] encData,byte[] key,byte[] iv) { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] decbbdt = cipher.doFinal(encData); return decbbdt; }
测试调用
public static void main(String[] args) { byte[] key= new byte[32]; byte[] iv = new byte[16]; String srcStr = "This is java default pkcs5padding PKCS5 TEST"; System.out.println(srcStr); //设置key 全8,iv,全1,这里测试用 for (int i = 0; i <32; i++) { key[i] = 8; if (i < 16) {iv[i] = 1;} } byte[] encbt = AES_cbc_encrypt(srcStr.getBytes(),key,iv); byte[] decbt = AES_cbc_decrypt(encbt,key,iv); String decStr = new String(decbt); System.out.println(decStr); if(srcStr.equals(decStr)) { System.out.println("TEST PASS"); }else { System.out.println("TEST NO PASS"); } }
输出:
This is java default pkcs5padding PKCS5 TEST This is java default pkcs5padding PKCS5 TEST TEST PASS
总结:此处使用的是java提供的PKCS5填充方式,其实和PKCS7是一样的,所以在ios上使用pkcs7,安卓上使用pkcs5,只要key和iv保持一致,相互加解密是没有问题的
完整的代码如下
import java.io.UnsupportedEncodingException;import java.security.InvalidAlgorithmParameterException;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.Security;import java.util.Base64;import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import javax.crypto.NoSuchPaddingException;import javax.crypto.spec.IvParameterSpec;import javax.crypto.spec.SecretKeySpec;public class TestPKCS5 { private static final String ALGORITHM = "AES/CBC/PKCS5Padding"; //加密 public static byte[] AES_cbc_encrypt(byte[] srcData,byte[] key,byte[] iv) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] encData = cipher.doFinal(srcData); return encData; } //解密 public static byte[] AES_cbc_decrypt(byte[] encData,byte[] key,byte[] iv) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Cipher cipher = Cipher.getInstance(ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] decbbdt = cipher.doFinal(encData); return decbbdt; } public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { byte[] key= new byte[32]; byte[] iv = new byte[16]; String srcStr = "This is java default pkcs5padding PKCS5 TEST"; System.out.println(srcStr); //设置key 全8,iv,全1,这里测试用 for (int i = 0; i <32; i++) { key[i] = 8; if (i < 16) {iv[i] = 1;} } byte[] encbt = AES_cbc_encrypt(srcStr.getBytes(),key,iv); byte[] decbt = AES_cbc_decrypt(encbt,key,iv); String decStr = new String(decbt); System.out.println(decStr); if(srcStr.equals(decStr)) { System.out.println("TEST PASS"); }else { System.out.println("TEST NO PASS"); } }} |
4. 使用 BouncyCastle库 进行 AES_cbc_256 指定PKCS7方式加密解密
需要先去 http://www.bouncycastle.org/latest_releases.html 下载 库,并且导入到工程中
如下封装
//AES_256_cbc pkcs7 private static final String ALGORITHM = "AES/CBC/PKCS7Padding";//加密public static byte[] AES_cbc_encrypt(byte[] srcData,byte[] key,byte[] iv) { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Security.addProvider(new BouncyCastleProvider()); Cipher cipher = Cipher.getInstance(ALGORITHM,"BC"); cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] encData = cipher.doFinal(srcData); return encData;}//解密public static byte[] AES_cbc_decrypt(byte[] encData,byte[] key,byte[] iv) { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Security.addProvider(new BouncyCastleProvider()); Cipher cipher = Cipher.getInstance(ALGORITHM,"BC"); cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] decbbdt = cipher.doFinal(encData); return decbbdt;} |
调用测试代码
public static void main(String[] args) { // TODO Auto-generated method stub byte[] key= new byte[32]; byte[] iv = new byte[16]; String srcStr = "This is java bcprovlib pkcs7padding PKCS7 TEST"; System.out.println(srcStr); //设置key 全8,iv,全1,这里测试用 for (int i = 0; i <32; i++) { key[i] = 8; if (i < 16) {iv[i] = 1;} } byte[] encbt = AES_cbc_encrypt(srcStr.getBytes(),key,iv); byte[] decbt = AES_cbc_decrypt(encbt,key,iv); String decStr = new String(decbt); System.out.println(decStr); if(srcStr.equals(decStr)) { System.out.println("TEST PASS"); }else { System.out.println("TEST NO PASS"); }} |
输出结果:
This is java bcprovlib pkcs7padding PKCS7 TEST
This is java bcprovlib pkcs7padding PKCS7 TEST
TEST PASS
总结:此处使用BC库的方式指定PKCS7方式,这样就和ios pc保持一致了;不过使用上面第一种方式也是可行的
完整的代码如下
import java.util.Base64;import java.io.UnsupportedEncodingException;import java.security.InvalidAlgorithmParameterException;import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.Security;import java.util.Arrays;import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import javax.crypto.KeyGenerator;import javax.crypto.NoSuchPaddingException;import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec;import org.bouncycastle.jce.provider.BouncyCastleProvider;public class TestAES { //AES_256_cbc pkcs7 private static final String ALGORITHM = "AES/CBC/PKCS7Padding"; //加密 public static byte[] AES_cbc_encrypt(byte[] srcData,byte[] key,byte[] iv) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Security.addProvider(new BouncyCastleProvider()); Cipher cipher = Cipher.getInstance(ALGORITHM,"BC"); cipher.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] encData = cipher.doFinal(srcData); return encData; } //解密 public static byte[] AES_cbc_decrypt(byte[] encData,byte[] key,byte[] iv) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); Security.addProvider(new BouncyCastleProvider()); Cipher cipher = Cipher.getInstance(ALGORITHM,"BC"); cipher.init(Cipher.DECRYPT_MODE, keySpec, new IvParameterSpec(iv)); byte[] decbbdt = cipher.doFinal(encData); return decbbdt; } public static void main(String[] args) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException { // TODO Auto-generated method stub byte[] key= new byte[32]; byte[] iv = new byte[16]; String srcStr = "This is java bcprovlib pkcs7padding PKCS7 TEST"; System.out.println(srcStr); //设置key 全8,iv,全1,这里测试用 for (int i = 0; i <32; i++) { key[i] = 8; if (i < 16) {iv[i] = 1;} } byte[] encbt = AES_cbc_encrypt(srcStr.getBytes(),key,iv); byte[] decbt = AES_cbc_decrypt(encbt,key,iv); String decStr = new String(decbt); System.out.println(decStr); if(srcStr.equals(decStr)) { System.out.println("TEST PASS"); }else { System.out.println("TEST NO PASS"); } }} |
测试使用 jdk1.8
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· AI技术革命,工作效率10个最佳AI工具
2013-12-12 苹果推送服务器端证书配置.pem生成
2013-12-12 unable to connect to ssl://gateway.sandbox.push.apple.com:2195 错误