接下來我們介紹對(duì)稱加密算法,最常用的莫過于DES數(shù)據(jù)加密算法。
DES
DES-Data Encryption Standard,即數(shù)據(jù)加密算法。是IBM公司于1975年研究成功并公開發(fā)表的。DES算法的入口參數(shù)有三個(gè):Key、Data、Mode。其中Key為8個(gè)字節(jié)共64位,是DES算法的工作密鑰;Data也為8個(gè)字節(jié)64位,是要被加密或被解密的數(shù)據(jù);Mode為DES的工作方式,有兩種:加密或解密。
DES算法把64位的明文輸入塊變?yōu)?4位的密文輸出塊,它所使用的密鑰也是64位。
通過java代碼實(shí)現(xiàn)如下
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
/** *//**
* DES安全編碼組件 author by http://www.bt285.cn http://www.5a520.cn
*
* <pre>
* 支持 DES、DESede(TripleDES,就是3DES)、AES、Blowfish、RC2、RC4(ARCFOUR)
* DES key size must be equal to 56
* DESede(TripleDES) key size must be equal to 112 or 168
* AES key size must be equal to 128, 192 or 256,but 192 and 256 bits may not be available
* Blowfish key size must be multiple of 8, and can only range from 32 to 448 (inclusive)
* RC2 key size must be between 40 and 1024 bits
* RC4(ARCFOUR) key size must be between 40 and 1024 bits
* 具體內(nèi)容 需要關(guān)注 JDK Document http://
/docs/technotes/guides/security/SunProviders.html
* </pre>
*
* @author 梁棟
* @version 1.0
* @since 1.0
*/
public abstract class DESCoder extends Coder {
/** *//**
* ALGORITHM 算法 <br>
* 可替換為以下任意一種算法,同時(shí)key值的size相應(yīng)改變。
*
* <pre>
* DES key size must be equal to 56
* DESede(TripleDES) key size must be equal to 112 or 168
* AES key size must be equal to 128, 192 or 256,but 192 and 256 bits may not be available
* Blowfish key size must be multiple of 8, and can only range from 32 to 448 (inclusive)
* RC2 key size must be between 40 and 1024 bits
* RC4(ARCFOUR) key size must be between 40 and 1024 bits
* </pre>
*
* 在Key toKey(byte[] key)方法中使用下述代碼
* <code>SecretKey secretKey = new SecretKeySpec(key, ALGORITHM);</code> 替換
* <code>
* DESKeySpec dks = new DESKeySpec(key);
* SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
* SecretKey secretKey = keyFactory.generateSecret(dks);
* </code>
*/
public static final String ALGORITHM = "DES";
/** *//**
* 轉(zhuǎn)換密鑰<br>
*
* @param key
* @return
* @throws Exception
*/
private static Key toKey(byte[] key) throws Exception {
DESKeySpec dks = new DESKeySpec(key);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
SecretKey secretKey = keyFactory.generateSecret(dks);
// 當(dāng)使用其他對(duì)稱加密算法時(shí),如AES、Blowfish等算法時(shí),用下述代碼替換上述三行代碼
// SecretKey secretKey = new SecretKeySpec(key, ALGORITHM);
return secretKey;
}
/** *//**
* 解密
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] decrypt(byte[] data, String key) throws Exception {
Key k = toKey(decryptBASE64(key));
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, k);
return cipher.doFinal(data);
}
/** *//**
* 加密
*
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encrypt(byte[] data, String key) throws Exception {
Key k = toKey(decryptBASE64(key));
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, k);
return cipher.doFinal(data);
}
/** *//**
* 生成密鑰
*
* @return
* @throws Exception
*/
public static String initKey() throws Exception {
return initKey(null);
}
/** *//**
* 生成密鑰
*
* @param seed
* @return
* @throws Exception
*/
public static String initKey(String seed) throws Exception {
SecureRandom secureRandom = null;
if (seed != null) {
secureRandom = new SecureRandom(decryptBASE64(seed));
} else {
secureRandom = new SecureRandom();
}
KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM);
kg.init(secureRandom);
SecretKey secretKey = kg.generateKey();
return encryptBASE64(secretKey.getEncoded());
}
}
延續(xù)上一個(gè)類的實(shí)現(xiàn),我們通過MD5以及SHA對(duì)字符串加密生成密鑰,這是比較常見的密鑰生成方式。
再給出一個(gè)測試類:
import static org.junit.Assert.*;
import org.junit.Test;
/** *//**
*
* @author by http://www.bt285.cn http://www.5a520.cn
* @version 1.0
* @since 1.0
*/
public class DESCoderTest {
@Test
public void test() throws Exception {
String inputStr = "DES";
String key = DESCoder.initKey();
System.err.println("原文:\t" + inputStr);
System.err.println("密鑰:\t" + key);
byte[] inputData = inputStr.getBytes();
inputData = DESCoder.encrypt(inputData, key);
System.err.println("加密后:\t" + DESCoder.encryptBASE64(inputData));
byte[] outputData = DESCoder.decrypt(inputData, key);
String outputStr = new String(outputData);
System.err.println("解密后:\t" + outputStr);
assertEquals(inputStr, outputStr);
}
}
得到的輸出內(nèi)容如下:
原文: DES
- 密鑰: f3wEtRrV6q0=
-
- 加密后: C6qe9oNIzRY=
-
- 解密后: DES
原文: DES
密鑰: f3wEtRrV6q0=
加密后: C6qe9oNIzRY=
解密后: DES
由控制臺(tái)得到的輸出,我們能夠比對(duì)加密、解密后結(jié)果一致。這是一種簡單的加密解密方式,只有一個(gè)密鑰。
其實(shí)DES有很多同胞兄弟,如DESede(TripleDES)、AES、Blowfish、RC2、RC4(ARCFOUR)。這里就不過多闡述了,大同小異,只要換掉ALGORITHM換成對(duì)應(yīng)的值,同時(shí)做一個(gè)代碼替換
SecretKey secretKey = new SecretKeySpec(key, ALGORITHM);就可以了,此外就是密鑰長度不同了。