廖雪峰Java10加密与安全-4加密算法-1对称加密算法

1.对称加密算法

加密和解密使用同一个密钥,例如WinRAR。

  • WinRAR在对文件进行打包的时候,可以设置一个密码,在解压的时候需要使用同样的密码才能正确的解压。
  • 加密:encrypt(key,message) -> s
  • 解密:decrypt(key,s) -> message
算法 密钥长度(决定加密的强度) 工作模式(参数) 填充模式(格式的选择)
DES 56/64 ECB, CBC, PCBC, CTR... NoPadding, PKCS5Padding
AES 128/192/256 ECB,CBC,PCBC,CTR... NoPadding,PKCS5Padding, PKCS7Padding
IDEA 128 ECB PKCS5Padding, PKCS7Padding

JDK提供的算法并没有包括所有的工作模式和填充模式,但我们通常只需要挑选常用的模式使用就可以了。
DES因为密钥过短,可以在短时间内被暴力破解,所以并不安全。

2.AES/ECB

package com.testList;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Base64;

public class SplitString {
    //指定算法为AES,工作模式为ECB,填充模式为PKCS5Padding
    static final String CIPHER_NAME = "AES/ECB/PKCS5Padding";
    //加密
    public static byte[] encrypt(byte[] key,byte[] input) throws GeneralSecurityException{
        //传入算法、工作模式、填充模式,创建Cipher示例
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        //将一个byte数组,转化为一个AES的key
        SecretKeySpec secretKeySpec = new SecretKeySpec(key,"AES");
        //初始化:采用加密模式,并传入key
        cipher.init(Cipher.ENCRYPT_MODE,secretKeySpec);
        //通过doFinal传入input数组获取加密后的byte数组
        return cipher.doFinal(input);
    }
    //解密
    public static byte[] decrypt(byte[] key,byte[] input) throws GeneralSecurityException{
        //传入算法、工作模式、填充模式,创建Cipher示例
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        //将byte数组,转化为一个AES的key
        SecretKeySpec secretKeySpec = new SecretKeySpec(key,"AES");
        //初始化:采用解密模式,并传入key
        cipher.init(Cipher.DECRYPT_MODE,secretKeySpec);
        //通过doFinal传入input数组获取加密后的byte数组
        return cipher.doFinal(input);
    }
    public static void main(String[] args) throws Exception{
        String message = "Hello,world!encrypted using AES!";
        System.out.println(message);
        //密钥为128位,需要传入128/8=16个byte的字符串
        byte[] key = "1234567890abcdef".getBytes("utf-8");
        byte[] input = message.getBytes(StandardCharsets.UTF_8);

        byte[] encrypted = encrypt(key,input);
        //把秘闻转化为61位编码打印
        System.out.println("Encrypted data:"+Base64.getEncoder().encodeToString(encrypted));

        byte[] decrypted = decrypt(key,encrypted);
        //将解密后的数组还原为字符串
        System.out.println("Decrypted data:"+new String(decrypted,"utf-8"));
    }
}

3.AES/CBC

package com.testList;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Base64;

public class AES_CBC {
    //指定算法为为AES,工作模式为CBC,填充模式为PKCS5Padding
    static final String CIPHER_NAME = "AES/CBC/PKCS5Padding";
    //加密
    public static byte[] encrypt(byte[] key,byte[] input) throws GeneralSecurityException{
        //传入算法、工作模式、填充模式,创建Cipher实例
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        //传入key数组,获取SecretKeySpec的实例
        SecretKeySpec keySpec = new SecretKeySpec(key,"AES");
        //创建SecureRandom实例,用于获取随机数
        SecureRandom sr = SecureRandom.getInstanceStrong();
        //获取一个16位字节的数组
        byte[] iv = sr.generateSeed(16);
        //传入随机数组,获取IVParameterSpec实例
        IvParameterSpec ivps = new IvParameterSpec(iv);
        //初始化:指定加密模式,并传入SecretKeySpec实例keySpec、IvParameterSpec实例ivps
        cipher.init(Cipher.ENCRYPT_MODE,keySpec,ivps);
        //通过doFinal传入input数组,获取加密后的byte数组
        byte[] data = cipher.doFinal(input);
        //将iv,data一并返回
        return join(iv,data);
    }
    public static byte[] join(byte[] bs1,byte[] bs2){
        byte[] r = new byte[bs1.length+bs2.length];
        System.arraycopy(bs1,0,r,0,bs1.length);
        System.arraycopy(bs2,0,r,bs1.length,bs2.length);
        return r;
    }
    public static byte[] decrypt(byte[] key,byte[] input) throws GeneralSecurityException{
        //将input数组拆分为iv,data
        byte[] iv = new byte[16];
        byte[] data = new byte[input.length-16];
        System.arraycopy(input,0,iv,0,16);
        System.arraycopy(input,16,data,0,data.length);
        //传入算法、工作模式、填充模式,创建Cipher实例
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        //传入key数组,获取AES加密后的SecretKeySpec类型实例
        SecretKeySpec keySpec = new SecretKeySpec(key,"AES");
        //获取IvParameter实例ivps
        IvParameterSpec ivps = new IvParameterSpec(iv);
        //初始化:指定解密模式,并传入SecretKeySpec实例,IvParameterSpec实例
        cipher.init(Cipher.DECRYPT_MODE,keySpec,ivps);
        //返回解密后的数组
        return cipher.doFinal(data);
    }
    public static void main(String[] args) throws Exception {
        String message = "Hello,world!encryptd using AES!";
        System.out.println("Message:"+message);
        byte[] key = "1234567890abcefg".getBytes("utf-8");
        byte[] data = message.getBytes(StandardCharsets.UTF_8);
        byte[] encrypted = encrypt(key,data);
        System.out.println("Encrypt data:"+Base64.getEncoder().encodeToString(encrypted));
        byte[] decryptd = decrypt(key,encrypted);
        System.out.println("Decrypted data:"+new String(decryptd,"utf-8"));
    }
}

4.AES/ECB使用256位加密

import jdk.nashorn.internal.runtime.ECMAException;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Base64;

public class AES256_ECB {
    static final String CIPHER_NAME = "AES/ECB/PKCS5Padding";
    public static byte[] encrypt(byte[] key,byte[] input) throws GeneralSecurityException {
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        SecretKeySpec keySpec = new SecretKeySpec(key,"AES");
        cipher.init(Cipher.ENCRYPT_MODE,keySpec);
        return cipher.doFinal(input);
    }
    public static byte[] decrypt(byte[] key,byte[] input) throws GeneralSecurityException{
        Cipher cipher = Cipher.getInstance(CIPHER_NAME);
        SecretKeySpec keySpec = new SecretKeySpec(key,"AES");
        cipher.init(Cipher.ENCRYPT_MODE,keySpec);
        return cipher.doFinal(input);
    }
    public static void main(String[] args) throws Exception {
        String message = "Hello world!encrypted using AES!";
        System.out.println(message);
        byte[] key = "1234567890abcdef1234567890abcdef".getBytes("utf-8");
        byte[] data = message.getBytes(StandardCharsets.UTF_8);
        byte[] encrypted = encrypt(key,data);
        System.out.println(Base64.getEncoder().encodeToString(encrypted));
        byte[] decrypted = decrypt(key,encrypted);
        System.out.println(new String(decrypted,"utf-8"));
    }
}
问题:256位加密执行失败 搜索jdk jce policy,[下载jar包](https://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html), window:将下载的jar包复制到jdk/jre/lib/security和jdk/lib/security目录下。 Mac: ```#shell #查看Java目录 which java #寻找jre/lib/security目录 find . -name lcoal_policy.jar ``` 如我的目录是:/Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security。将下载的jar包复制到该文件。 再次运行,不再报错

5.总结:

  • 对称加密算法使用同一个密钥进行加密和解密
  • 常用算法:DES/AES/IDEA等
  • 密钥长度由算法设计决定给,AES的密钥长度是128/192/256
  • 使用256位加密需要修改JDK的policy文件
  • 使用对称加密算法需要指定:算法名称/工作模式/填充模式
posted on 2019-05-10 22:19  singleSpace  阅读(445)  评论(0编辑  收藏  举报