基本介绍
对称加密算法是现在应用范围最广,使用频率最高的加密算法。
对称的原因:
加密密钥 = 解密密钥,加密运算是解密运算的逆运算。
对称加密算法是初等的加密算法,从安全性上说,不是很高。
常用的对称加密算法:
DES(3DES),AES,PBE,IDEA等。
DES
DES(Data Encryption Standard):数据加密标准(已经被破解)
例子:
package com.timliu.security.symmetric_encryption;
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class DESTest {
public static final String src = "hello world";
public static void main(String[] args) {
jdkDES();
bcDES();
}
// 用jdk实现:
public static void jdkDES() {
try {
// 获取KEY生成器
KeyGenerator keyGenerator = KeyGenerator.getInstance("DES");
keyGenerator.init(56);
// 产生KEY
SecretKey secretKey = keyGenerator.generateKey();
// 获取KEY
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESKeySpec desKeySpec = new DESKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");//getInstance()参数指定的加密方式
Key convertSecretKey = factory.generateSecret(desKeySpec);//生成密钥
// 加密
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//加解密算法:DES,工作方式:ECB,填充方式:PKCS5Padding
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);//第一个参数是模式:加密模式,KEY:转换后的KEY
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("jdk des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bcDES() {
try {
Security.addProvider(new BouncyCastleProvider());
// 获取KEY生成器
KeyGenerator keyGenerator = KeyGenerator.getInstance("DES", "BC");
keyGenerator.getProvider();
keyGenerator.init(56);
// 产生KEY
SecretKey secretKey = keyGenerator.generateKey();
// 获取KEY
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESKeySpec desKeySpec = new DESKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("bc des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("bc des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
运行结果:
DES应用场景
3DES
3重DES的好处:
1. 密钥长度增强
2. 迭代次数提高
例子:
package com.timliu.security.symmetric_encryption;
import java.security.Key;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class DES3Test {
public static final String src = "hello world";
public static void main(String[] args) {
jdk3DES();
bc3DES();
}
// 用jdk实现:
public static void jdk3DES() {
try {
// 获取KEY生成器
KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
// 必须长度是:112或168
// keyGenerator.init(168);
keyGenerator.init(new SecureRandom());//SecureRandom()会根据不同的算法生成默认长度的KEY
// 产生KEY
SecretKey secretKey = keyGenerator.generateKey();
// 获取KEY
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk 3des encrypt:"
+ Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("jdk 3des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bc3DES() {
try {
Security.addProvider(new BouncyCastleProvider());
// 获取KEY生成器
KeyGenerator keyGenerator = KeyGenerator
.getInstance("DESede", "BC");
keyGenerator.getProvider();
keyGenerator.init(168);
// 产生KEY
SecretKey secretKey = keyGenerator.generateKey();
// 获取KEY
byte[] bytesKey = secretKey.getEncoded();
// KEY转换
DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey);
SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
Key convertSecretKey = factory.generateSecret(desKeySpec);
// 加密
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out
.println("bc 3des encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, convertSecretKey);
result = cipher.doFinal(result);
System.out.println("bc 3des decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
AES
产生的原因:
1. DES的算法有些漏洞
2. 3DES的算法相对来说效率比较低
AES是目前使用最多的对称加密算法。
AES的优势之一是至今尚未被破解。
AES通常用于移动通信系统加密以及基于SSH协议的软件(SSH Client,secureCRT)。
无政策限制权限文件是指:因为某些国家的进口管制限制,Java发布的运行环境包中的加解密有一定的限制。
例子:
package com.timliu.security.symmetric_encryption;
import java.security.Key;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class AESTest {
public static final String src = "hello world";
public static void main(String[] args) {
jdkAES();
bcAES();
}
// 用jdk实现:
public static void jdkAES() {
try {
// 获取KEY生成器
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
// 产生KEY
SecretKey secretKey = keyGenerator.generateKey();
// 获取KEY
byte[] keyBytes = secretKey.getEncoded();
// KEY转换
Key key = new SecretKeySpec(keyBytes, "AES");
// 加密
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk aes encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, key);
result = cipher.doFinal(result);
System.out.println("jdk aes decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bcAES() {
try {
Security.addProvider(new BouncyCastleProvider());
// 获取KEY生成器
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "BC");
keyGenerator.getProvider();
keyGenerator.init(128);
// 产生KEY
SecretKey secretKey = keyGenerator.generateKey();
// 获取KEY
byte[] keyBytes = secretKey.getEncoded();
// KEY转换
Key key = new SecretKeySpec(keyBytes, "AES");
// 加密
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("bc aes encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, key);
result = cipher.doFinal(result);
System.out.println("bc aes decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
运行结果:
应用场景:
PBE
PBE算法结合了消息摘要算法和对称加密算法的优点。
PBE算法并不是新的算法,而是对已有的对称加密算法和消息摘要算法的整合。
PBE(Password Based Encryption):基于口令的加密
口令是用户自己输入的,但通常口令不会很复杂。同时为了防止穷举的方式破解口令,还要对口令进行加盐(也就是在口令中加入随机数)。
PBE算法实际上就是,采用口令替代了之前对称加密算法中生成的KEY。
例子:
package com.timliu.security.symmetric_encryption;
import java.security.Key;
import java.security.SecureRandom;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import org.apache.commons.codec.binary.Hex;
public class PBETest {
public static final String src = "hello world";
public static void main(String[] args)
{
jdkPBE();
}
// 用jdk实现:
public static void jdkPBE()
{
try
{
// 初始化盐(加密的随机数)
SecureRandom random = new SecureRandom();//产生随机数
byte[] salt = random.generateSeed(8);
// 口令与密钥
String password = "zhangyaohui";//定义用户自己输入的口令
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); //将口令转换为KEY
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHMD5andDES");//实例化转换为KEY的工厂
Key key = factory.generateSecret(pbeKeySpec);
// 加密
PBEParameterSpec pbeParameterSpac = new PBEParameterSpec(salt, 100);//100为需要迭代的次数
Cipher cipher = Cipher.getInstance("PBEWITHMD5andDES");
cipher.init(Cipher.ENCRYPT_MODE, key, pbeParameterSpac);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk pbe encrypt:" + Hex.encodeHexString(result));
// 解密
cipher.init(Cipher.DECRYPT_MODE, key, pbeParameterSpac);
result = cipher.doFinal(result);
System.out.println("jdk pbe decrypt:" + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
运行结果:
PBE应用场景:
最后问题:
以上的代码中加密和解密是在同一方的,如果加密解密不在同一方怎么办?
把密钥发送给对方(但是密钥通过网络发送很容易被截取到,可以将密钥进行处理)
79
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
