DH算法简介
Diffie-Hellman算法(D-H算法),密钥一致协议。是由公开密钥密码体制的奠基人Diffie和Hellman所提出的一种思想。简单的说就是允许两名用户在公开媒体上交换信息以生成”一致”的、可以共享的密钥。换句话说,就是由甲方产出一对密钥(公钥、私钥),乙方依照甲方公钥产生乙方密钥对(公钥、私钥)。以此为基线,作为数据传输保密基础,同时双方使用同一种对称加密算法构建本地密钥(SecretKey)对数据加密。这样,在互通了本地密钥(SecretKey)算法后,甲乙双方公开自己的公钥,使用对方的公钥和刚才产生的私钥加密数据,同时可以使用对方的公钥和自己的私钥对数据解密。不单单是甲乙双方两方,可以扩展为多方共享数据通讯,这样就完成了网络交互数据的安全通讯!该算法源于中国的同余定理——中国馀数定理。
- 甲方构建密钥对儿,将公钥公布给乙方,将私钥保留;双方约定数据加密算法;乙方通过甲方公钥构建密钥对儿,将公钥公布给甲方,将私钥保留。
- 甲方使用私钥、乙方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥加密数据,发送给乙方加密后的数据;乙方使用私钥、甲方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥对数据解密。
- 乙方使用私钥、甲方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥加密数据,发送给甲方加密后的数据;甲方使用私钥、乙方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥对数据解密。
DH算法实现
package com.jianggujin.codec;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import com.jianggujin.codec.util.JCipherInputStream;
import com.jianggujin.codec.util.JCipherOutputStream;
import com.jianggujin.codec.util.JCodecException;
/**
* Diffie-Hellman算法(D-H算法),密钥一致协议。是由公开密钥密码体制的奠基人Diffie和Hellman所提出的一种思想。
* 简单的说就是允许两名用户在公开媒体上交换信息以生成"一致"的、可以共享的密钥。换句话说,就是由甲方产出一对密钥(公钥、私钥),
* 乙方依照甲方公钥产生乙方密钥对(公钥、私钥)。以此为基线,作为数据传输保密基础,同时双方使用同一种对称加密算法构建本地密钥(SecretKey)对数据加密
* 。这样,在互通了本地密钥(SecretKey)算法后,甲乙双方公开自己的公钥,使用对方的公钥和刚才产生的私钥加密数据,
* 同时可以使用对方的公钥和自己的私钥对数据解密。不单单是甲乙双方两方,可以扩展为多方共享数据通讯,这样就完成了网络交互数据的安全通讯!
* 该算法源于中国的同余定理——中国馀数定理
* <ol>
* <li>甲方构建密钥对儿,将公钥公布给乙方,将私钥保留;双方约定数据加密算法;乙方通过甲方公钥构建密钥对儿,将公钥公布给甲方,将私钥保留。</li>
* <li>甲方使用私钥、乙方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥加密数据,发送给乙方加密后的数据;乙方使用私钥、甲方公钥、
* 约定数据加密算法构建本地密钥,然后通过本地密钥对数据解密。</li>
* <li>乙方使用私钥、甲方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥加密数据,发送给甲方加密后的数据;甲方使用私钥、乙方公钥、
* 约定数据加密算法构建本地密钥,然后通过本地密钥对数据解密。</li>
* </ol>
*
* @author jianggujin
*
*/
public class JDH {
private final static String ALGORITHM = "DH";
/**
* 对称算法
*
* @author jianggujin
*
*/
public static enum JDHSymmetricalAlgorithm {
DES, DESede;
public String getName() {
return this.name();
}
}
/**
* 初始化甲方密钥
*
* @return
*/
public static KeyPair initPartyAKey() {
return initPartyAKey(1024);
}
/**
* 初始化甲方密钥
*
* @param keySize
* @return
*/
public static KeyPair initPartyAKey(int keySize) {
try {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM);
keyPairGen.initialize(keySize);
return keyPairGen.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
throw new JCodecException(e);
}
}
/**
* 初始化乙方密钥
*
* @param partyAPublicKey
* 甲方公钥
* @return
*/
public static KeyPair initPartyBKey(byte[] partyAPublicKey) {
try {
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(partyAPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
// 由甲方公钥构建乙方密钥
DHParameterSpec dhParamSpec = ((DHPublicKey) pubKey).getParams();
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyFactory.getAlgorithm());
keyPairGenerator.initialize(dhParamSpec);
return keyPairGenerator.generateKeyPair();
} catch (Exception e) {
throw new JCodecException(e);
}
}
/**
* 加密
*
* @param data
* 加密数据
* @param privateKey
* 己方私钥
* @param publicKey
* 对方公钥
* @param algorithm
* 对称算法
* @return
*/
public static byte[] encrypt(byte[] data, byte[] privateKey, byte[] publicKey, String algorithm) {
// 数据加密
Cipher cipher = getEncryptCipher(privateKey, publicKey, algorithm);
try {
return cipher.doFinal(data);
} catch (Exception e) {
throw new JCodecException(e);
}
}
/**
* 包裹输出流,包裹后的输出流为加密输出流
*
* @param out
* @param privateKey
* @param publicKey
* @param algorithm
* @return
*/
public static OutputStream wrap(OutputStream out, byte[] privateKey, byte[] publicKey, String algorithm) {
// 数据加密
Cipher cipher = getEncryptCipher(privateKey, publicKey, algorithm);
return new JCipherOutputStream(cipher, out);
}
/**
* 获得加密模式的{@link Cipher}
*
* @param privateKey
* @param publicKey
* @param algorithm
* @return
*/
public static Cipher getEncryptCipher(byte[] privateKey, byte[] publicKey, String algorithm) {
return getCipher(privateKey, publicKey, algorithm, Cipher.ENCRYPT_MODE);
}
/**
* 解密
*
* @param data
* 解密数据
* @param privateKey
* 己方私钥
* @param publicKey
* 对方公钥
* @param algorithm
* 对称算法
* @return
*/
public static byte[] decrypt(byte[] data, byte[] privateKey, byte[] publicKey, String algorithm) {
// 数据解密
Cipher cipher = getDecryptCipher(privateKey, publicKey, algorithm);
try {
return cipher.doFinal(data);
} catch (Exception e) {
throw new JCodecException(e);
}
}
/**
* 包裹输入流,原输入流为加密数据输入流
*
* @param in
* @param privateKey
* @param publicKey
* @param algorithm
* @return
*/
public static InputStream wrap(InputStream in, byte[] privateKey, byte[] publicKey, String algorithm) {
// 数据解密
Cipher cipher = getDecryptCipher(privateKey, publicKey, algorithm);
return new JCipherInputStream(cipher, in);
}
/**
* 获得解密模式的{@link Cipher}
*
* @param privateKey
* @param publicKey
* @param algorithm
* @return
*/
public static Cipher getDecryptCipher(byte[] privateKey, byte[] publicKey, String algorithm) {
return getCipher(privateKey, publicKey, algorithm, Cipher.DECRYPT_MODE);
}
private static Cipher getCipher(byte[] privateKey, byte[] publicKey, String algorithm, int opmode) {
// 生成本地密钥
SecretKey secretKey = getSecretKey(privateKey, publicKey, algorithm);
try {
// 数据加密
Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm());
cipher.init(opmode, secretKey);
return cipher;
} catch (Exception e) {
throw new JCodecException(e);
}
}
/**
* 获得密钥
*
* @param privateKey
* 己方私钥
* @param publicKey
* 对方公钥
* @param algorithm
* 对称算法
* @return
*/
private static SecretKey getSecretKey(byte[] privateKey, byte[] publicKey, String algorithm) {
try {
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(publicKey);
PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);
Key priKey = keyFactory.generatePrivate(pkcs8KeySpec);
KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory.getAlgorithm());
keyAgree.init(priKey);
keyAgree.doPhase(pubKey, true);
// 生成本地密钥
return keyAgree.generateSecret(algorithm);
} catch (Exception e) {
throw new JCodecException(e);
}
}
}
测试代码:
package com.jianggujin.codec.test;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import org.junit.Test;
import com.jianggujin.codec.JBase64;
import com.jianggujin.codec.JBase64.JEncoder;
import com.jianggujin.codec.JDH;
import com.jianggujin.codec.JDH.JDHSymmetricalAlgorithm;
public class DHTest {
String str = "jianggujin";
File file = new File(getClass().getSimpleName() + ".dat");
@Test
public void test() throws Exception {
System.out.println("原串:" + str);
JEncoder encoder = JBase64.getEncoder();
KeyPair keyPairA = JDH.initPartyAKey();
byte[] keyPairAPrivate = keyPairA.getPrivate().getEncoded();
byte[] keyPairAPublic = keyPairA.getPublic().getEncoded();
System.out.println("甲方私钥:" + encoder.encodeToString(keyPairAPrivate, "UTF-8"));
System.out.println("甲方公钥:" + encoder.encodeToString(keyPairAPublic, "UTF-8"));
KeyPair keyPairB = JDH.initPartyBKey(keyPairAPublic);
byte[] keyPairBPrivate = keyPairB.getPrivate().getEncoded();
byte[] keyPairBPublic = keyPairB.getPublic().getEncoded();
System.out.println("乙方私钥:" + encoder.encodeToString(keyPairBPrivate, "UTF-8"));
System.out.println("乙方公钥:" + encoder.encodeToString(keyPairBPublic, "UTF-8"));
for (JDHSymmetricalAlgorithm algorithm : JDHSymmetricalAlgorithm.values()) {
System.out.println("-----------------------------------------");
System.out.println("对称算法:" + algorithm.getName());
byte[] encrypt = JDH.encrypt(str.getBytes(), keyPairAPrivate, keyPairBPublic, algorithm.getName());
System.out.println("加密:" + encoder.encodeToString(encrypt, "UTF-8"));
System.out
.println("解密:" + new String(JDH.decrypt(encrypt, keyPairBPrivate, keyPairAPublic, algorithm.getName())));
System.out.print("输出流加密:" + file.getAbsolutePath());
OutputStream out = JDH.wrap(new FileOutputStream(file), keyPairAPrivate, keyPairBPublic, algorithm.getName());
out.write(str.getBytes());
out.flush();
out.close();
System.out.println();
System.out.print("输入流解密:");
InputStream in = JDH.wrap(new FileInputStream(file), keyPairBPrivate, keyPairAPublic, algorithm.getName());
byte[] buffer = new byte[1024];
int len = in.read(buffer);
System.out.println(new String(buffer, 0, len));
}
}
}
测试结果:
原串:jianggujin
甲方私钥:MIIBZwIBADCCARsGCSqGSIb3DQEDATCCAQwCgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoCAgIABEMCQQCKZ/IM4bTS0YkWGsMGFY6NAAICuvHpvhSBaPZ3Le4PS/owyrEnsiS3AXig5OYYko/fVvIBz1kOaKTl/0tsQLtt
甲方公钥:MIIBpzCCARsGCSqGSIb3DQEDATCCAQwCgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoCAgIAA4GFAAKBgQClQTWNc/3DBQQvs/KHwJ6CC9lYT2Cr2NdSHBUFiCuAUhQ7vpEgzL14IrhqJqixtMuOKOAOUOFBipavJTwhXNnviRNHQ0TJ1l+2ZNQaXHLQdpkBSl5E0fR7DRigbHUeNso52ZrNkDpyR0d7a6XQQRw9Ffig1ZujtO2+D7Ka2F8EJg==
乙方私钥:MIIBZwIBADCCARsGCSqGSIb3DQEDATCCAQwCgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoCAgIABEMCQQDfg2OOQ+Rz4eRaatC0AKhNtA5i7KIrss7uM7Vtv2ls7zRCKWwXP5nRdbZAlO96tS1vF9AIZsYI82e8fQSBVfbX
乙方公钥:MIIBpjCCARsGCSqGSIb3DQEDATCCAQwCgYEA/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAccCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoCAgIAA4GEAAKBgDtzbZB/0vIobewwv7mUGGS54TBuNGf6wl3lLsAfTKylvzD2//qPqTJVXBGy9ZInHMYOwLb5nn85l8oULoXsp0uwZe2cFpmgJfRFpRD2FH+ZahBbtb7zgdsB30t0y42Qed+bL/o8znzv5yE1E6/z2iQdKhCRc52254hWgUVDkrH5
—————————————–
对称算法:DES
加密:zBJhlhWDFme0qIlClaBUQw==
解密:jianggujin
输出流加密:F:\workspace\java\eclipse\JCodec\DHTest.dat
输入流解密:jianggujin
—————————————–
对称算法:DESede
加密:0TFsnTdcA3JuJH2ZYn1ZcQ==
解密:jianggujin
输出流加密:F:\workspace\java\eclipse\JCodec\DHTest.dat
输入流解密:jianggujin