PBE算法简介
PBE(Password Based Encryption,基于口令加密)是一种基于口令的加密算法,其特点是使用口令代替了密钥,而口令由用户自己掌管,采用随机数杂凑多重加密等方法保证数据的安全性。PBE算法在加密过程中并不是直接使用口令来加密,而是加密的密钥由口令生成,这个功能由PBE算法中的KDF函数完成。KDF函数的实现过程为:将用户输入的口令首先通过“盐”(salt)的扰乱产生准密钥,再将准密钥经过散列函数多次迭代后生成最终加密密钥,密钥生成后,PBE算法再选用对称加密算法对数据进行加密,可以选择DES、3DES、RC5等对称加密算法。
PBE算法实现
package com.jianggujin.codec;
import java.security.Key;
import java.util.Random;
import javax.crypto.Cipher;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
/**
* Password-based encryption(基于密码加密)
*
* @author jianggujin
*
*/
public class HQPBE
{
private static HQPBE pbe = new HQPBE();
public static HQPBE getInstance()
{
return pbe;
}
private HQPBE()
{
}
/**
* PBE算法
*
* @author jianggujin
*
*/
public static enum HQPBEAlgorithm
{
PBEWithMD5AndDES("PBEWithMD5AndDES"), PBEWithSHA1AndDESede("PBEWithSHA1AndDESede"), PBEWithSHA1AndRC2_40(
"PBEWithSHA1AndRC2_40");
private String name;
private HQPBEAlgorithm(String name)
{
this.name = name;
}
public String getName()
{
return this.name;
}
}
/**
* 初始化盐
*
* @return
*/
public byte[] initSalt()
{
byte[] salt = new byte[8];
Random random = new Random();
random.nextBytes(salt);
return salt;
}
private static Key toKey(String peb, char[] password) throws Exception
{
PBEKeySpec keySpec = new PBEKeySpec(password);
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(peb);
SecretKey secretKey = keyFactory.generateSecret(keySpec);
return secretKey;
}
public byte[] encrypt(HQPBEAlgorithm algorithm, byte[] data, char[] password, byte[] salt) throws Exception
{
return encrypt(algorithm.getName(), data, password, salt);
}
public byte[] encrypt(String algorithm, byte[] data, char[] password, byte[] salt) throws Exception
{
return operate(Cipher.ENCRYPT_MODE, algorithm, data, password, salt);
}
public byte[] decrypt(HQPBEAlgorithm algorithm, byte[] data, char[] password, byte[] salt) throws Exception
{
return decrypt(algorithm.getName(), data, password, salt);
}
public byte[] decrypt(String algorithm, byte[] data, char[] password, byte[] salt) throws Exception
{
return operate(Cipher.DECRYPT_MODE, algorithm, data, password, salt);
}
private byte[] operate(int mode, String algorithm, byte[] data, char[] password, byte[] salt) throws Exception
{
Key key = toKey(algorithm, password);
PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 100);
Cipher cipher = Cipher.getInstance(algorithm.toString());
cipher.init(mode, key, paramSpec);
return cipher.doFinal(data);
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
测试代码:
import org.junit.Test;
import com.jianggujin.codec.HQBase64;
import com.jianggujin.codec.HQPBE;
import com.jianggujin.codec.HQPBE.HQPBEAlgorithm;
public class PBETest
{
HQPBE pbe = HQPBE.getInstance();
HQBase64 base64 = HQBase64.getInstance();
@Test
public void encode() throws Exception
{
byte[] data = "jianggujin".getBytes();
byte[] salt = pbe.initSalt();
char[] password = "123456".toCharArray();
HQPBEAlgorithm[] algorithms = HQPBEAlgorithm.values();
for (HQPBEAlgorithm algorithm : algorithms)
{
byte[] result = pbe.encrypt(algorithm, data, password, salt);
System.err.println(algorithm + ":" + base64.encodeToString(result));
}
}
}
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
测试结果:
PBEWithMD5AndDES:KU/sNP0/JAD70vvmT8wagg==
PBEWithSHA1AndDESede:+q0BC6yF2wbPbvIMUgMHjw==
PBEWithSHA1AndRC2_40:tPdCEQDIlR+qpbctCgVuOQ==