廖雪峰Java10加密与安全4加密算法1对称加密算法

1.对称加密算法

加密和解密使用同一个密钥&＃xff0c;例如WinRAR。

• WinRAR在对文件进行打包的时候&＃xff0c;可以设置一个密码&＃xff0c;在解压的时候需要使用同样的密码才能正确的解压。
• 加密&＃xff1a;encrypt(key,message) -> s
• 解密&＃xff1a;decrypt(key,s) -> message
  

JDK提供的算法并没有包括所有的工作模式和填充模式&＃xff0c;但我们通常只需要挑选常用的模式使用就可以了。
DES因为密钥过短&＃xff0c;可以在短时间内被暴力破解&＃xff0c;所以并不安全。

2.AES/ECB

package com.testList;import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Base64;public class SplitString {//指定算法为AES&＃xff0c;工作模式为ECB&＃xff0c;填充模式为PKCS5Paddingstatic final String CIPHER_NAME &＃61; "AES/ECB/PKCS5Padding";//加密public static byte[] encrypt(byte[] key,byte[] input) throws GeneralSecurityException{//传入算法、工作模式、填充模式&＃xff0c;创建Cipher示例Cipher cipher &＃61; Cipher.getInstance(CIPHER_NAME);//将一个byte数组&＃xff0c;转化为一个AES的keySecretKeySpec secretKeySpec &＃61; new SecretKeySpec(key,"AES");//初始化&＃xff1a;采用加密模式&＃xff0c;并传入keycipher.init(Cipher.ENCRYPT_MODE,secretKeySpec);//通过doFinal传入input数组获取加密后的byte数组return cipher.doFinal(input);}//解密public static byte[] decrypt(byte[] key,byte[] input) throws GeneralSecurityException{//传入算法、工作模式、填充模式&＃xff0c;创建Cipher示例Cipher cipher &＃61; Cipher.getInstance(CIPHER_NAME);//将byte数组&＃xff0c;转化为一个AES的keySecretKeySpec secretKeySpec &＃61; new SecretKeySpec(key,"AES");//初始化&＃xff1a;采用解密模式&＃xff0c;并传入keycipher.init(Cipher.DECRYPT_MODE,secretKeySpec);//通过doFinal传入input数组获取加密后的byte数组return cipher.doFinal(input);}public static void main(String[] args) throws Exception{String message &＃61; "Hello,world!encrypted using AES!";System.out.println(message);//密钥为128位&＃xff0c;需要传入128/8&＃61;16个byte的字符串byte[] key &＃61; "1234567890abcdef".getBytes("utf-8");byte[] input &＃61; message.getBytes(StandardCharsets.UTF_8);byte[] encrypted &＃61; encrypt(key,input);//把秘闻转化为61位编码打印System.out.println("Encrypted data:"&＃43;Base64.getEncoder().encodeToString(encrypted));byte[] decrypted &＃61; decrypt(key,encrypted);//将解密后的数组还原为字符串System.out.println("Decrypted data:"&＃43;new String(decrypted,"utf-8"));}
}

3.AES/CBC

package com.testList;import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Base64;public class AES_CBC {//指定算法为为AES&＃xff0c;工作模式为CBC&＃xff0c;填充模式为PKCS5Paddingstatic final String CIPHER_NAME &＃61; "AES/CBC/PKCS5Padding";//加密public static byte[] encrypt(byte[] key,byte[] input) throws GeneralSecurityException{//传入算法、工作模式、填充模式&＃xff0c;创建Cipher实例Cipher cipher &＃61; Cipher.getInstance(CIPHER_NAME);//传入key数组&＃xff0c;获取SecretKeySpec的实例SecretKeySpec keySpec &＃61; new SecretKeySpec(key,"AES");//创建SecureRandom实例&＃xff0c;用于获取随机数SecureRandom sr &＃61; SecureRandom.getInstanceStrong();//获取一个16位字节的数组byte[] iv &＃61; sr.generateSeed(16);//传入随机数组&＃xff0c;获取IVParameterSpec实例IvParameterSpec ivps &＃61; new IvParameterSpec(iv);//初始化&＃xff1a;指定加密模式&＃xff0c;并传入SecretKeySpec实例keySpec、IvParameterSpec实例ivpscipher.init(Cipher.ENCRYPT_MODE,keySpec,ivps);//通过doFinal传入input数组&＃xff0c;获取加密后的byte数组byte[] data &＃61; cipher.doFinal(input);//将iv&＃xff0c;data一并返回return join(iv,data);}public static byte[] join(byte[] bs1,byte[] bs2){byte[] r &＃61; new byte[bs1.length&＃43;bs2.length];System.arraycopy(bs1,0,r,0,bs1.length);System.arraycopy(bs2,0,r,bs1.length,bs2.length);return r;}public static byte[] decrypt(byte[] key,byte[] input) throws GeneralSecurityException{//将input数组拆分为iv,databyte[] iv &＃61; new byte[16];byte[] data &＃61; new byte[input.length-16];System.arraycopy(input,0,iv,0,16);System.arraycopy(input,16,data,0,data.length);//传入算法、工作模式、填充模式&＃xff0c;创建Cipher实例Cipher cipher &＃61; Cipher.getInstance(CIPHER_NAME);//传入key数组&＃xff0c;获取AES加密后的SecretKeySpec类型实例SecretKeySpec keySpec &＃61; new SecretKeySpec(key,"AES");//获取IvParameter实例ivpsIvParameterSpec ivps &＃61; new IvParameterSpec(iv);//初始化&＃xff1a;指定解密模式&＃xff0c;并传入SecretKeySpec实例&＃xff0c;IvParameterSpec实例cipher.init(Cipher.DECRYPT_MODE,keySpec,ivps);//返回解密后的数组return cipher.doFinal(data);}public static void main(String[] args) throws Exception {String message &＃61; "Hello,world!encryptd using AES!";System.out.println("Message:"&＃43;message);byte[] key &＃61; "1234567890abcefg".getBytes("utf-8");byte[] data &＃61; message.getBytes(StandardCharsets.UTF_8);byte[] encrypted &＃61; encrypt(key,data);System.out.println("Encrypt data:"&＃43;Base64.getEncoder().encodeToString(encrypted));byte[] decryptd &＃61; decrypt(key,encrypted);System.out.println("Decrypted data:"&＃43;new String(decryptd,"utf-8"));}
}


4.AES/ECB使用256位加密

import jdk.nashorn.internal.runtime.ECMAException;import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Base64;public class AES256_ECB {static final String CIPHER_NAME &＃61; "AES/ECB/PKCS5Padding";public static byte[] encrypt(byte[] key,byte[] input) throws GeneralSecurityException {Cipher cipher &＃61; Cipher.getInstance(CIPHER_NAME);SecretKeySpec keySpec &＃61; new SecretKeySpec(key,"AES");cipher.init(Cipher.ENCRYPT_MODE,keySpec);return cipher.doFinal(input);}public static byte[] decrypt(byte[] key,byte[] input) throws GeneralSecurityException{Cipher cipher &＃61; Cipher.getInstance(CIPHER_NAME);SecretKeySpec keySpec &＃61; new SecretKeySpec(key,"AES");cipher.init(Cipher.ENCRYPT_MODE,keySpec);return cipher.doFinal(input);}public static void main(String[] args) throws Exception {String message &＃61; "Hello world!encrypted using AES!";System.out.println(message);byte[] key &＃61; "1234567890abcdef1234567890abcdef".getBytes("utf-8");byte[] data &＃61; message.getBytes(StandardCharsets.UTF_8);byte[] encrypted &＃61; encrypt(key,data);System.out.println(Base64.getEncoder().encodeToString(encrypted));byte[] decrypted &＃61; decrypt(key,encrypted);System.out.println(new String(decrypted,"utf-8"));}
}

问题&＃xff1a;256位加密执行失败

搜索jdk jce policy&＃xff0c;下载jar包&＃xff0c;
window&＃xff1a;将下载的jar包复制到jdk/jre/lib/security和jdk/lib/security目录下。
Mac&＃xff1a;

#查看Java目录
which java
#寻找jre/lib/security目录
find . -name lcoal_policy.jar

如我的目录是&＃xff1a;/Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security。将下载的jar包复制到该文件。
再次运行&＃xff0c;不再报错

5.总结&＃xff1a;

• 对称加密算法使用同一个密钥进行加密和解密
• 常用算法&＃xff1a;DES/AES/IDEA等
• 密钥长度由算法设计决定给&＃xff0c;AES的密钥长度是128/192/256
• 使用256位加密需要修改JDK的policy文件
• 使用对称加密算法需要指定&＃xff1a;算法名称/工作模式/填充模式