對稱加密演算法-DES,3DES,AES
阿新 • • 發佈:2018-12-31
1.jdk與bc實現DES演算法:
package com.samlai.security; import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class DesStudy { /** * 對稱加密演算法---DES * */ private static String STR = "one type of security:DES"; public static void main(String[] args) { jdkDES(); bcDES(); } // jdk的DES public static void jdkDES() { try { // 生成key KeyGenerator keyGenerator = KeyGenerator.getInstance("DES"); //打斷點可以檢視對應keyGenerator.getProvider()是哪個class:BC keyGenerator.getProvider(); keyGenerator.init(56); SecretKey secretKey = keyGenerator.generateKey(); byte[] bytesKey = secretKey.getEncoded(); // Key轉換 DESKeySpec desKeySpec = new DESKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); Key converSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, converSecretKey); byte[] result = cipher.doFinal(STR.getBytes()); System.out .println("jdk des encode: " + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, converSecretKey); result = cipher.doFinal(result); System.out.println("jdk des decode: " + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // bc方式的DES public static void bcDES() { try { Security.addProvider(new BouncyCastleProvider()); // 生成key KeyGenerator keyGenerator = KeyGenerator.getInstance("DES","BC"); //打斷點可以檢視對應keyGenerator.getProvider()是哪個class:BC keyGenerator.getProvider(); keyGenerator.init(56); SecretKey secretKey = keyGenerator.generateKey(); byte[] bytesKey = secretKey.getEncoded(); // Key轉換 DESKeySpec desKeySpec = new DESKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); Key converSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, converSecretKey); byte[] result = cipher.doFinal(STR.getBytes()); System.out .println("bc des encode: " + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, converSecretKey); result = cipher.doFinal(result); System.out.println("bc des decode: " + new String(result)); } catch (Exception e) { e.printStackTrace(); } } }
執行的結果是:
jdk des encode: 78a3c4cff016308a7d916fd3f072d35682c4fd7bdb1ef9357cfc890d711ce6da
jdk des decode: one type of security:DES
bc des encode: 6b0daa8478df9ed8ae70f2e442e0eedd996aa8412ac951859bc7a00188cb1c63
bc des decode: one type of security:DES
2.三重DES使用jdk,bc方式進行實現:
package com.samlai.security; import java.security.Key; import java.security.SecureRandom; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.DESedeKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.jce.provider.JCEBlockCipher.DESede; public class ThreeDesStudy { /** * 為什麼使用3DES: 補充DES的不足,因為其違反了柯克霍夫原則,與安全性問題 * 優點: 1.金鑰長度增強 2.迭代次數提高 */ private static String STR = "one type of security:3DES"; public static void main(String[] args) { jdk3DES(); bc3DES(); } // jdk的DES public static void jdk3DES() { try { // 生成key KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede"); // 打斷點可以檢視對應keyGenerator.getProvider()是哪個class:BC keyGenerator.getProvider(); // 長度比des長,比如168位 // keyGenerator.init(168); keyGenerator.init(new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); byte[] bytesKey = secretKey.getEncoded(); // Key轉換 DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); Key converSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, converSecretKey); byte[] result = cipher.doFinal(STR.getBytes()); System.out.println("jdk 3des encode: " + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, converSecretKey); result = cipher.doFinal(result); System.out.println("jdk 3des decode: " + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // bc方式的3DES public static void bc3DES() { try { Security.addProvider(new BouncyCastleProvider()); // 生成key KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede", "BC"); // 打斷點可以檢視對應keyGenerator.getProvider()是哪個class:BC keyGenerator.getProvider(); keyGenerator.init(new SecureRandom()); SecretKey secretKey = keyGenerator.generateKey(); byte[] bytesKey = secretKey.getEncoded(); // Key轉換 DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); Key converSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, converSecretKey); byte[] result = cipher.doFinal(STR.getBytes()); System.out .println("bc 3des encode: " + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, converSecretKey); result = cipher.doFinal(result); System.out.println("bc 3des decode: " + new String(result)); } catch (Exception e) { e.printStackTrace(); } } }
執行的結果是:
jdk 3des encode: 1db97710868ab0cb03c0f7c5f919a9904d8b19baad82828f7384a70555e141a7
jdk 3des decode: one type of security:3DES
bc 3des encode: e8c29dc519020175d5603aefb46aa586ae0f37afdc67dfcfcb4706b92fbe40fc
bc 3des decode: one type of security:3DES
3.jdk,bc實現AES的演算法:
package com.samlai.security; import java.security.Key; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Base64; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class AESStudy { /** * 比較普遍使用,效率比3DES效果高,安全性也比較高,高階,DES替代者 */ private static String STR = "one type of security:AES"; public static void main(String[] args) { jdkAES(); bcAES(); } //jdk實現:256位限制性政策性檔案 public static void jdkAES(){ try { //生成key KeyGenerator keyGenerator=KeyGenerator.getInstance("AES"); //可以是128 256 // keyGenerator.init(new SecureRandom()); keyGenerator.init(128); SecretKey secretKey=keyGenerator.generateKey(); byte[] keyBytes=secretKey.getEncoded(); //key的轉換 Key key=new SecretKeySpec(keyBytes, "AES"); //加密 Cipher cipher=Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] result=cipher.doFinal(STR.getBytes()); System.out.println("jdk AES encode: "+Base64.encodeBase64String(result)); //解密 cipher.init(Cipher.DECRYPT_MODE, key); result=cipher.doFinal(result); System.out.println("jdk AES decode:"+new String(result)); } catch (Exception e) { e.printStackTrace(); } } //bc實現AES public static void bcAES(){ try { Security.addProvider(new BouncyCastleProvider()); //生成key KeyGenerator keyGenerator=KeyGenerator.getInstance("AES","BC"); keyGenerator.getProvider(); //可以是128 256 keyGenerator.init(128); SecretKey secretKey=keyGenerator.generateKey(); byte[] keyBytes=secretKey.getEncoded(); //key的轉換 Key key=new SecretKeySpec(keyBytes, "AES"); //加密 Cipher cipher=Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] result=cipher.doFinal(STR.getBytes()); System.out.println("bc AES encode: "+Base64.encodeBase64String(result)); //解密 cipher.init(Cipher.DECRYPT_MODE, key); result=cipher.doFinal(result); System.out.println("bc AES decode:"+new String(result)); } catch (Exception e) { e.printStackTrace(); } } }
執行的結果:
jdk AES encode: 1OYQyHApgsyqFXRolOPing39HY9yBfAJGF0tagOEmEA=
jdk AES decode:one type of security:AES
bc AES encode: PbvF8JGq8B4x7NQtO6t2/qY/muDb/eijHa9zGIxQj7k=
bc AES decode:one type of security:AES
4.使用jdk實現PBE演算法:
package com.samlai.security.xEs;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.codec.binary.Base64;
public class PbeStudy {
/**
* PBE演算法結合了訊息摘要演算法和對稱加密演算法的優點
* PBE(Password Based Encryption)基於口令加密 -- Salt
* 對已有演算法的包裝
* JDK BC
* 鹽
* PBEWithMD5AndDES
*/
private static String STR = "one type of security:PBE";
public static void main(String[] args) {
jdkPBE();
}
//jdk實現PBE
public static void jdkPBE(){
try {
//初始化鹽
SecureRandom random=new SecureRandom();
byte[] salt=random.generateSeed(8);
//口令與金鑰
String password="studySecurity";
PBEKeySpec pbeKeySpec=new PBEKeySpec(password.toCharArray());
SecretKeyFactory factory=SecretKeyFactory.getInstance("PBEWITHMD5andDES");
Key key=factory.generateSecret(pbeKeySpec);
//加密
PBEParameterSpec pbeParameterSpec=new PBEParameterSpec(salt, 100);
Cipher cipher=Cipher.getInstance("PBEWITHMD5andDES");
cipher.init(Cipher.ENCRYPT_MODE, key,pbeParameterSpec);
byte[] result=cipher.doFinal(STR.getBytes());
System.out.println("jdk PBE encode: "+Base64.encodeBase64String(result));
//解密
cipher.init(Cipher.DECRYPT_MODE, key,pbeParameterSpec);
result=cipher.doFinal(result);
System.out.println("jdk PBE decode: "+new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
執行的結果:
jdk PBE encode: LMjza18BhB0jgGmngAGwW+cb3sblayHKHB/tmDFM9m0=
jdk PBE decode: one type of security:PBE