使用AES进行加解密

今天来使用aes对sk(一个字段)进行加解密，要求秘钥一半在配置文件，一般写死

aes就是一个加解密的工具，有加密和解密二个方法，是可逆的

首先给大家来一个工具类，其中的密钥字段不得超过 private static final Integer IV_SIZE = 16;

​
package com.huawei.koophone.openpower.common.utils.algo;

import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

import javax.crypto.*;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.AlgorithmParameterSpec;

@Slf4j
public class AESUtil
{
   private AESUtil ()
   {
   }

   private static final String AES = "AES";
   private static final String ALGORITHM = "AES/GCM/NoPadding";
   private static final Integer IV_SIZE = 16;

   /**
    * AES/GCM/NoPadding 加密
    *
    * @param data    待加密的数据
    * @param workKey 工作密钥
    * @return 加密后的字符串
    */
   public static String encrypt (String data, String workKey)
   {
      try
      {
         SecureRandom sr = SecureRandom.getInstance ("SHA1PRNG");
         byte[] iv = new byte[IV_SIZE];
         sr.nextBytes (iv);

         Cipher cipher = Cipher.getInstance (ALGORITHM);
         SecretKey secretKey = new SecretKeySpec (workKey.getBytes (), AES);
         //128 bit auth tag length
         AlgorithmParameterSpec parameterSpec = new GCMParameterSpec (128, iv);
         cipher.init (Cipher.ENCRYPT_MODE, secretKey, parameterSpec);

         byte[] cipherText = cipher.doFinal (data.getBytes (StandardCharsets.UTF_8));
         ByteBuffer byteBuffer = ByteBuffer.allocate (iv.length + cipherText.length);
         byteBuffer.put (iv);
         byteBuffer.put (cipherText);
         return Hex.encodeHexString (byteBuffer.array ());
      }
      catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException |
            InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e)
      {
         log.error ("AES failed to encrypt: ", e);
      }
      return null;
   }

   /**
    * AES/GCM/NoPadding解密
    *
    * @param encrypted 加密后的密码敏文
    * @param workKey   工作秘钥
    * @return 解密后的字节数组
    */
   public static String decryptEnd (String encrypted, String workKey)
   {
      //截取iv向量
      String ivStr = encrypted.substring (0, 32);
      //截取真正的密文
      String encodeSource = encrypted.substring (32);
      byte[] result;
      try
      {
         result = decrypt (encodeSource, Hex.decodeHex (ivStr), workKey, ALGORITHM);
         if (result == null)
         {
            return null;
         }
      }
      catch (DecoderException e)
      {
         log.error ("AES failed to decryptEnd: ", e);
         return null;
      }
      return new String (result, StandardCharsets.UTF_8);
   }

   /**
    * @param source    密文
    * @param iv        vi12进制数组
    * @param workKey   工作秘钥
    * @param algorithm 算法 如：AES/GCM/NoPadding
    * @return 解密后的字节数组
    */
   public static byte[] decrypt (String source, byte[] iv, String workKey, String algorithm)
   {
      try
      {
         SecretKeySpec skey = new SecretKeySpec (workKey.getBytes (), AES);
         Cipher cipher = Cipher.getInstance (algorithm);
         GCMParameterSpec ivP = new GCMParameterSpec (128, iv);
         cipher.init (Cipher.DECRYPT_MODE, skey, ivP);
         return cipher.doFinal (Hex.decodeHex (source));
      }
      catch (BadPaddingException | IllegalBlockSizeException | NoSuchAlgorithmException | NoSuchPaddingException |
            InvalidAlgorithmParameterException | InvalidKeyException | DecoderException e)
      {
         log.error ("AES failed to decrypt: ", e);
      }
      return new byte[0];
   }
}

​

然后我们需要去创建一个密钥

这里一半在配置类里边，一半写死在我需要调用的地方

也就是说这个密钥是

+

接着我们就可以调用方法了