对项目历史数据库进行加密存储时决定使用aes256。由于需要同时处理存量和增量数据,那么就需要在mysql中一次性执行存量数据加密,在java项目中对增量数据进行加密,并且要保证同密钥和向量的加密数据相互能解密。
java 代码如下:
package fu.dan.qi.aes; import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; public class AES256 { public static final String AES_CBC_PKCS_5_PADDING = "AES/CBC/PKCS5Padding"; public static final String AES = "AES"; /** * * @param key 密码 * @param iv 向量 * @param clearText 明文 * @return base64的密文 * @throws Exception 很多异常 */ public static String encrypt(String key, String iv, String clearText) throws Exception { byte[] rawKey = key.getBytes(); byte[] result = encrypt(rawKey, iv.getBytes(), clearText.getBytes()); return Base64.encodeBase64String(result); } /** * * @param keyBytes 密码文节数组 * @param iv 向量字节数组 * @param clearTextBytes 明文字节数组 * @return 密文字节数组 * @throws Exception 加密时的异常 */ private static byte[] encrypt(byte[] keyBytes, byte[] iv, byte[] clearTextBytes) throws Exception { SecretKeySpec keySpec = new SecretKeySpec(keyBytes, AES); Cipher cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING); IvParameterSpec ivs = new IvParameterSpec(iv); cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivs); return cipher.doFinal(clearTextBytes); } /** * * @param key 密码 * @param iv 向量 * @param encrypted 密文 * @return 明文 * @throws Exception 很多异常 */ public static String decrypt(String key, String iv, String encrypted) throws Exception { byte[] rawKey = key.getBytes(); byte[] enc = Base64.decodeBase64(encrypted); byte[] result = decrypt(rawKey, iv.getBytes(), enc); return new String(result); } /** * * @param key 密码字节数组 * @param iv 向量字节数组 * @param encrypted 密文字节数组 * @return 明文字节数组 * @throws Exception 解密异常 */ private static byte[] decrypt(byte[] key, byte[] iv, byte[] encrypted) throws Exception { SecretKeySpec keySpec = new SecretKeySpec(key, AES); Cipher cipher = Cipher.getInstance(AES_CBC_PKCS_5_PADDING); IvParameterSpec ivs = new IvParameterSpec(iv); cipher.init(Cipher.DECRYPT_MODE, keySpec, ivs); return cipher.doFinal(encrypted); } public static void main(String[] args) { String content = "659C09DE"; String password = "0123456789ABCDEF0123456789ABCDEF"; String iv = "1234567887654321"; System.out.println("明文:" + content); System.out.println("key:" + password); try { String encryptResult = AES256.encrypt(password, iv, content); System.out.println("密文:" + encryptResult); String decryptResult = decrypt(password, iv, encryptResult); System.out.println("解密:" + decryptResult); } catch (Exception e) { e.printStackTrace(); } } }
以上代码执行如下:
明文:659C09DE
key:0123456789ABCDEF0123456789ABCDEF
密文:PhzPjgHpmydHg59leLvcKw==
解密:659C09DE
对应的在mysql中使用的方法如下:
set block_encryption_mode='aes-256-cbc';
set @key='0123456789ABCDEF0123456789ABCDEF';
set @iv='1234567887654321';
select TO_BASE64(AES_encrypt('659C09DE',@key,@iv));
以上sql运用如下:
PhzPjgHpmydHg59leLvcKw==
至此,mysql与java同算法加解密验证完成。