import lombok.extern.slf4j.Slf4j;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
@Slf4j
public class enOrDeUtil {
private enOrDeUtil () {
log.info("start enOrDeUtil ");
}
private static SecretKey generateAesKey() throws NoSuchAlgorithmException {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(256);
return keyGenerator.generateKey();
}
public static String encryptMessage(String message, String publicKeyString) {
try {
SecretKey secretKey = generateAesKey();
Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding");
byte[] iv = new byte[12];
SecureRandom random = new SecureRandom();
random.nextBytes(iv);
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, iv);
aesCipher.init(Cipher.ENCRYPT_MODE, secretKey, gcmParameterSpec);
byte[] encryptedMessageBytes = aesCipher.doFinal(message.getBytes(StandardCharsets.UTF_8));
String encryptedMessage = Base64.getEncoder().encodeToString(encryptedMessageBytes);
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyString);
X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(spec);
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedKeyBytes = rsaCipher.doFinal(secretKey.getEncoded());
String encryptedKey = Base64.getEncoder().encodeToString(encryptedKeyBytes);
return encryptedMessage + "@" + encryptedKey + "@" + Base64.getEncoder().encodeToString(iv);
} catch (Exception e) {
log.warn("encryptMessage: param={}, Exception:", message, e);
}
return null;
}
public static String decryptMessage(String encryptedMessageWithKey, String privateKeyString) {
try {
encryptedMessageWithKey = encryptedMessageWithKey.replace("%2F", "/");
encryptedMessageWithKey = encryptedMessageWithKey.replace(" ", "+");
byte[] privateKeyBytes = Base64.getDecoder().decode(privateKeyString);
PKCS8EncodedKeySpec specPrivate = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory keyFactoryprivate = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactoryprivate.generatePrivate(specPrivate);
String[] parts = encryptedMessageWithKey.split("@");
String encryptedMessage = parts[0];
String encryptedKey = parts[1];
byte[] iv = Base64.getDecoder().decode(parts[2]);
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
rsaCipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedKeyBytes = rsaCipher.doFinal(Base64.getDecoder().decode(encryptedKey));
SecretKey decryptedKey = new SecretKeySpec(decryptedKeyBytes, "AES");
Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding");
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(128, iv);
aesCipher.init(Cipher.DECRYPT_MODE, decryptedKey, gcmParameterSpec);
byte[] decryptedMessageBytes = aesCipher.doFinal(Base64.getDecoder().decode(encryptedMessage));
return new String(decryptedMessageBytes);
} catch (Exception e) {
log.warn("decryptMessage: param={}, Exception:", encryptedMessageWithKey, e);
}
return null;
}
}
根据生成的公钥私钥,即可进行数据加密加密。偏移量IV也在加密串内
public static boolean matchesPassword(String rawPassword, String encodedPassword)
{
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
return passwordEncoder.matches(rawPassword, encodedPassword);
}
非对称密码匹配
eg:
BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
// String tepm=passwordEncoder.encode("xx");
// System.out.println(tepm);
String tepm=passwordEncoder.encode("xxxxx");
System.out.println(tepm);
System.out.println(passwordEncoder.matches("xxxx",
"xxxxxxxxxxxx"));
//xx匹配不上,只是表示这里放你的两个加密字符串而已