非对称加密算法–DH(密钥交换)
特点:构建本地密钥(构建的本地密钥是对称的)
密钥长度:512~1024(64的倍数)默认1024
操作流程:
发送方构建密钥,使用本地密钥加密信息, 向接收方发送密钥,和加密消息,接收方使用发送方密钥,构建本地的密钥解密消息,接收方向发送方公布密钥
测试代码
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import java.security.*;
import java.security.spec.X509EncodedKeySpec;
import java.util.Objects;
/**
* @Author: Administrator
* @Description:
* @Date: 2019-09-09 13:00
* @Modified By:
*/
public class TestDH {
private static String src="Hello Dh";
public static void main(String[] args) {
jdkDH();
}
public static void jdkDH(){
try {
//1.初始化发送方密钥
KeyPairGenerator keyPairGenerator=KeyPairGenerator.getInstance("DH");
keyPairGenerator.initialize(512);
KeyPair senderKeyPair=keyPairGenerator.generateKeyPair();
byte[] senderPublicKeyEnc = senderKeyPair.getPublic().getEncoded();//发送方公钥,发送给接收方
//2.初始化接收方密钥
KeyFactory receiverFactory=KeyFactory.getInstance("DH");
X509EncodedKeySpec x509EncodedKeySpec=new X509EncodedKeySpec(senderPublicKeyEnc);
PublicKey receiverPublicKey=receiverFactory.generatePublic(x509EncodedKeySpec);
DHParameterSpec dhParameterSpec=((DHPublicKey)receiverPublicKey).getParams();
KeyPairGenerator reciverKeyPairGenerator=KeyPairGenerator.getInstance("DH");
reciverKeyPairGenerator.initialize(dhParameterSpec);
KeyPair receiverKeypair = reciverKeyPairGenerator.generateKeyPair();
PrivateKey receiverPrivateKey=receiverKeypair.getPrivate();
byte[] receiverPrivateKeyEnc=receiverKeypair.getPublic().getEncoded();
//3.密钥构建
KeyAgreement receiverKeyAgreement=KeyAgreement.getInstance("DH");
receiverKeyAgreement.init(receiverPrivateKey);
receiverKeyAgreement.doPhase(receiverPublicKey,true);
SecretKey receiverDesKey=receiverKeyAgreement.generateSecret("DES");
KeyFactory senderKeyFactory=KeyFactory.getInstance("DH");
x509EncodedKeySpec=new X509EncodedKeySpec(receiverPrivateKeyEnc);
PublicKey senderPublicKey=senderKeyFactory.generatePublic(x509EncodedKeySpec);
KeyAgreement senderKeyAgreement=KeyAgreement.getInstance("DH");
senderKeyAgreement.init(senderKeyPair.getPrivate());
senderKeyAgreement.doPhase(senderPublicKey,true);
SecretKey senderDesKey=senderKeyAgreement.generateSecret("DES");
if(Objects.equals(receiverDesKey,senderDesKey)){
System.out.println("双方密钥相同");
}
//4.加密
Cipher cipher=Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE,senderDesKey);
byte[] result=cipher.doFinal(src.getBytes());
System.out.println("src 加密="+byteArr2HexStr(result));
//5.解密
cipher.init(Cipher.DECRYPT_MODE,receiverDesKey);
result=cipher.doFinal(result);
System.out.println("src 解密="+new String(result));
}catch (Exception e){
e.printStackTrace();
}
}
/**
* 将byte数组转换为表示16进制值的字符串, 如:byte[]{8,18}转换为:0813, 和public static byte[]
* hexStr2ByteArr(String strIn) 互为可逆的转换过程
*
* @param arrB
* 需要转换的byte数组
* @return 转换后的字符串
* @throws Exception
* 本方法不处理任何异常,所有异常全部抛出
*/
public static String byteArr2HexStr(byte[] arrB) throws Exception {
int iLen = arrB.length;
// 每个byte用两个字符才能表示,所以字符串的长度是数组长度的两倍
StringBuffer sb = new StringBuffer(iLen * 2);
for (int i = 0; i < iLen; i++) {
int intTmp = arrB[i];
// 把负数转换为正数
while (intTmp < 0) {
intTmp = intTmp + 256;
}
// 小于0F的数需要在前面补0
if (intTmp < 16) {
sb.append("0");
}
sb.append(Integer.toString(intTmp, 16));
}
return sb.toString();
}
/**
* 将表示16进制值的字符串转换为byte数组, 和public static String byteArr2HexStr(byte[] arrB)
* 互为可逆的转换过程
*
* @param strIn
* 需要转换的字符串
* @return 转换后的byte数组
* @throws Exception
* 本方法不处理任何异常,所有异常全部抛出
* @author
*/
public static byte[] hexStr2ByteArr(String strIn) throws Exception {
byte[] arrB = strIn.getBytes();
int iLen = arrB.length;
// 两个字符表示一个字节,所以字节数组长度是字符串长度除以2
byte[] arrOut = new byte[iLen / 2];
for (int i = 0; i < iLen; i = i + 2) {
String strTmp = new String(arrB, i, 2);
arrOut[i / 2] = (byte) Integer.parseInt(strTmp, 16);
}
return arrOut;
}
}