DESede又稱Triple-DES即三重DES加密算法,加強(qiáng)了DES的安全性,但速度稍慢,它是一種對(duì)稱加密算法,加密解密都是用同一個(gè)密鑰。本文介紹使用Java自帶的API實(shí)現(xiàn)DEDede加密解密。
Bouncy Castle也支持DES算法,具體沒有深入研究,有興趣的可以下載相應(yīng)的API進(jìn)行測(cè)試。
http://www.bouncycastle.org/以下代碼基本上覆蓋了生成密鑰以及加密解密的全過程,拷貝代碼可以直接運(yùn)行。(代碼摘自網(wǎng)絡(luò))
每次生成密鑰都會(huì)不一樣,一般來說密鑰需要生成文件并妥善保存。
DESedeCoder.java
package com.zolly.bouncycastle;
import java.io.BufferedOutputStream;
import java.io.FileOutputStream;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import com.sun.org.apache.xml.internal.security.utils.Base64;
/**
* DESede對(duì)稱加密算法演示
*
* @author zolly
* */
public class DESedeCoder {
/**
* 密鑰算法
* */
public static final String KEY_ALGORITHM = "DESede";
/**
* 加密/解密算法/工作模式/填充方式
* */
public static final String CIPHER_ALGORITHM = "DESede/ECB/PKCS5Padding";
/**
*
* 生成密鑰
*
* @return byte[] 二進(jìn)制密鑰
* */
public static byte[] initkey() throws Exception {
// 實(shí)例化密鑰生成器
KeyGenerator kg = KeyGenerator.getInstance(KEY_ALGORITHM);
// 初始化密鑰生成器
kg.init(168);
// 生成密鑰
SecretKey secretKey = kg.generateKey();
// 獲取二進(jìn)制密鑰編碼形式
byte[] key = secretKey.getEncoded();
BufferedOutputStream keystream =
new BufferedOutputStream(new FileOutputStream("DESedeKey.dat"));
keystream.write(key, 0, key.length);
keystream.flush();
keystream.close();
return key;
}
/**
* 轉(zhuǎn)換密鑰
*
* @param key
* 二進(jìn)制密鑰
* @return Key 密鑰
* */
public static Key toKey(byte[] key) throws Exception {
// 實(shí)例化Des密鑰
DESedeKeySpec dks = new DESedeKeySpec(key);
// 實(shí)例化密鑰工廠
SecretKeyFactory keyFactory = SecretKeyFactory
.getInstance(KEY_ALGORITHM);
// 生成密鑰
SecretKey secretKey = keyFactory.generateSecret(dks);
return secretKey;
}
/**
* 加密數(shù)據(jù)
*
* @param data
* 待加密數(shù)據(jù)
* @param key
* 密鑰
* @return byte[] 加密后的數(shù)據(jù)
* */
public static byte[] encrypt(byte[] data, byte[] key) throws Exception {
// 還原密鑰
Key k = toKey(key);
// 實(shí)例化
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
// 初始化,設(shè)置為加密模式
cipher.init(Cipher.ENCRYPT_MODE, k);
// 執(zhí)行操作
return cipher.doFinal(data);
}
/**
* 解密數(shù)據(jù)
*
* @param data
* 待解密數(shù)據(jù)
* @param key
* 密鑰
* @return byte[] 解密后的數(shù)據(jù)
* */
public static byte[] decrypt(byte[] data, byte[] key) throws Exception {
// 歡迎密鑰
Key k = toKey(key);
// 實(shí)例化
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
// 初始化,設(shè)置為解密模式
cipher.init(Cipher.DECRYPT_MODE, k);
// 執(zhí)行操作
return cipher.doFinal(data);
}
/**
* 進(jìn)行加解密的測(cè)試
*
* @throws Exception
*/
public static void main(String[] args) throws Exception {
String str = "DESede";
System.out.println("原文:" + str);
// 初始化密鑰
byte[] key = DESedeCoder.initkey();
System.out.println("密鑰:" + Base64.encode(key));
// 加密數(shù)據(jù)
byte[] data = DESedeCoder.encrypt(str.getBytes(), key);
System.out.println("加密后:" + Base64.encode(data));
// 解密數(shù)據(jù)
data = DESedeCoder.decrypt(data, key);
System.out.println("解密后:" + new String(data));
}
}
正對(duì)以上代碼,我進(jìn)行了適當(dāng)修改,使其變得更加實(shí)用。我的主要應(yīng)用是把客戶的數(shù)據(jù)加密保存到數(shù)據(jù)庫,取出來的時(shí)候再解密,保證數(shù)據(jù)庫數(shù)據(jù)的安全。注意我固定了密鑰,以防密鑰一旦丟失,所有數(shù)據(jù)都變成亂碼了,固定密鑰安全性有所降低,但是對(duì)數(shù)據(jù)庫字段加密安全性已經(jīng)足夠了。
DESedeTest.java
package com.zolly.bouncycastle;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class DESedeTest {
/**
* @param args
*/
public static void main(String[] args) {
String strText = "This is a testing";
String text1 = DESedeTest.encryptProperty(strText);
String text2 = DESedeTest.decryptProperty(text1);
System.out.println(text1);
System.out.println(text2);
}
public static String encryptProperty(String clearText) {
String KEY_STRING = "RRYa6li5NGFodgKUtvS1I6fZwY8xpJjI";
byte[] key = null;
try {
key = Base64.decode(KEY_STRING);
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return DESedeTest.performDESedeCoder(clearText, key, true);
}
public static String decryptProperty(String cipherText) {
String KEY_STRING = "RRYa6li5NGFodgKUtvS1I6fZwY8xpJjI";
byte[] key = null;
try {
key = Base64.decode(KEY_STRING);
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return DESedeTest.performDESedeCoder(cipherText, key, false);
}
public static String performDESedeCoder(String inputValue, byte[] key,
boolean encrypt) {
String rtnValue = "";
String KEY_ALGORITHM = "DESede";
String CIPHER_ALGORITHM = "DESede/ECB/PKCS5Padding";
byte[] data = null;
try {
DESedeKeySpec dks = new DESedeKeySpec(key);
SecretKeyFactory keyFactory = SecretKeyFactory
.getInstance(KEY_ALGORITHM);
SecretKey secretKey = keyFactory.generateSecret(dks);
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
byte[] input = null;
if (encrypt) {
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
input = inputValue.getBytes();
} else {
cipher.init(Cipher.DECRYPT_MODE, secretKey);
input = Base64.decode(inputValue);
}
data = cipher.doFinal(input);
} catch (InvalidKeyException e) {
System.out.println(e.getMessage());
} catch (NoSuchAlgorithmException e) {
System.out.println(e.getMessage());
} catch (InvalidKeySpecException e) {
System.out.println(e.getMessage());
} catch (NoSuchPaddingException e) {
System.out.println(e.getMessage());
} catch (IllegalBlockSizeException e) {
System.out.println(e.getMessage());
} catch (BadPaddingException e) {
System.out.println(e.getMessage());
} catch (Base64DecodingException e) {
System.out.println(e.getMessage());
}
if (data == null) {
rtnValue = inputValue;
} else {
if (encrypt) {
rtnValue = com.sun.org.apache.xml.internal.security.utils.Base64
.encode(data);
} else {
rtnValue = new String(data);
}
}
return rtnValue;
}
}