安全问题已经成为一个越来越重要的问题,在Java中如何对重要数据进行加密解密是本文的主要内容。
一、常用的加密/解密算法
1.Base64
严格来说Base64并不是一种加密/解密算法,而是一种编码方式。Base64不生成密钥,通过Base64编码后的密文就可以直接“翻译”为明文,但是可以通过向明文中添加混淆字符来达到加密的效果。
2.DES
DES是一种基于56位密钥的对称算法,1976年被美国联邦政府的国家标准局确定为联邦资料处理标准(FIPS),随后在国际上广泛流传开来。现在DES已经不是一种安全的加密算法,已被公开破解,现在DES已经被高级加密标准(AES)所代替。
3.3DES
3DES是DES的一种派生算法,主要提升了DES的一些实用所需的安全性。
4.AES
AES是现在对称加密算法中最流行的算法之一。
二、实现所需的一些库
为了实现上述的算法,我们可以实用JDK自带的实现,也可以使用一些开源的第三方库,例如Bouncy Castle(https://www.bouncycastle.org/)和comnons codec(https://commons.apache.org/proper/commons-codec/)。
三、具体实现
1.Base64
1 package com.tancky.security; 2 3 4 import java.io.IOException; 5 6 import sun.misc.BASE64Decoder; 7 import sun.misc.BASE64Encoder; 8 9 public class Base64Demo { 10 11 12 private static String src = "TestBase64"; 13 14 15 public static void main(String[] args) { 16 Base64Demo.jdkBase64(); 17 Base64Demo.commonsCodecBase64 (); 18 Base64Demo.bouncyCastleBase64 (); 19 } 20 21 //使用JDK的base64实现, 22 public static void jdkBase64 (){ 23 BASE64Encoder encoder = new BASE64Encoder(); 24 String encode = encoder.encode(Base64Demo.src.getBytes()); 25 System.out.println("encode: " + encode); 26 27 BASE64Decoder decoder = new BASE64Decoder(); 28 try { 29 String decode = new String ( decoder.decodeBuffer(encode)); 30 System.out.println("decode: " + decode); 31 } catch (IOException e) { 32 e.printStackTrace(); 33 } 34 } 35 36 37 //使用apache的commonsCodec实现 38 public static void commonsCodecBase64 (){ 39 byte[] encodeBytes = org.apache.commons.codec.binary.Base64.encodeBase64(Base64Demo.src.getBytes()); 40 String encode = new String (encodeBytes); 41 System.out.println("encode: " + encode); 42 43 byte[] decodeBytes = org.apache.commons.codec.binary.Base64.decodeBase64(encode); 44 String decode = new String(decodeBytes); 45 System.out.println("decode: " + decode); 46 47 } 48 49 //使用bouncyCastlede实现 50 public static void bouncyCastleBase64 () { 51 byte[] encodeBytes = org.bouncycastle.util.encoders.Base64.encode(Base64Demo.src.getBytes()) ; 52 String encode = new String (encodeBytes); 53 System.out.println("encode: " + encode); 54 55 byte[] decodeBytes = org.bouncycastle.util.encoders.Base64.decode(encode); 56 String decode = new String(decodeBytes); 57 System.out.println("decode: " + decode); 58 59 } 60 61 }
2.DES
1 package com.tancky.security; 2 3 import java.security.InvalidKeyException; 4 import java.security.Key; 5 import java.security.NoSuchAlgorithmException; 6 import java.security.NoSuchProviderException; 7 import java.security.Security; 8 import java.security.spec.InvalidKeySpecException; 9 10 import javax.crypto.BadPaddingException; 11 import javax.crypto.Cipher; 12 import javax.crypto.IllegalBlockSizeException; 13 import javax.crypto.KeyGenerator; 14 import javax.crypto.NoSuchPaddingException; 15 import javax.crypto.SecretKey; 16 import javax.crypto.SecretKeyFactory; 17 import javax.crypto.spec.DESKeySpec; 18 19 import org.bouncycastle.jce.provider.BouncyCastleProvider; 20 import org.bouncycastle.util.encoders.Hex; 21 22 public class DESDemo { 23 24 private static String src = "TestDES"; 25 26 27 public static void jdkDES () { 28 29 try { 30 //生成密钥Key 31 KeyGenerator keyGenerator = KeyGenerator.getInstance("DES"); 32 keyGenerator.init(56); 33 SecretKey secretKey = keyGenerator.generateKey(); 34 byte[] bytesKey = secretKey.getEncoded(); 35 36 37 //KEY转换 38 DESKeySpec deSedeKeySpec = new DESKeySpec(bytesKey); 39 SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); 40 Key convertSecretKey = factory.generateSecret(deSedeKeySpec); 41 42 //加密 43 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); 44 cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); 45 byte[] encodeResult = cipher.doFinal(DESDemo.src.getBytes()); 46 System.out.println("DESEncode :" + Hex.toHexString(encodeResult)); 47 48 49 //解密 50 cipher.init(Cipher.DECRYPT_MODE,convertSecretKey); 51 byte[] DecodeResult = cipher.doFinal(encodeResult); 52 System.out.println("DESDncode :" + new String (DecodeResult)); 53 54 55 56 } catch (NoSuchAlgorithmException e) { 57 e.printStackTrace(); 58 } catch (InvalidKeyException e) { 59 // TODO 自动生成的 catch 块 60 e.printStackTrace(); 61 } catch (InvalidKeySpecException e) { 62 // TODO 自动生成的 catch 块 63 e.printStackTrace(); 64 } catch (NoSuchPaddingException e) { 65 // TODO 自动生成的 catch 块 66 e.printStackTrace(); 67 } catch (IllegalBlockSizeException e) { 68 // TODO 自动生成的 catch 块 69 e.printStackTrace(); 70 } catch (BadPaddingException e) { 71 // TODO 自动生成的 catch 块 72 e.printStackTrace(); 73 } 74 75 } 76 77 78 79 public static void bcDES (){ 80 try { 81 82 83 //使用BouncyCastle 的DES加密 84 Security.addProvider(new BouncyCastleProvider()); 85 86 87 //生成密钥Key 88 KeyGenerator keyGenerator = KeyGenerator.getInstance("DES","BC"); 89 keyGenerator.init(56); 90 SecretKey secretKey = keyGenerator.generateKey(); 91 byte[] bytesKey = secretKey.getEncoded(); 92 93 94 //KEY转换 95 DESKeySpec deSedeKeySpec = new DESKeySpec(bytesKey); 96 SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); 97 Key convertSecretKey = factory.generateSecret(deSedeKeySpec); 98 99 //加密 100 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); 101 cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); 102 byte[] encodeResult = cipher.doFinal(DESDemo.src.getBytes()); 103 System.out.println("DESEncode :" + Hex.toHexString(encodeResult)); 104 105 106 //解密 107 cipher.init(Cipher.DECRYPT_MODE,convertSecretKey); 108 byte[] DecodeResult = cipher.doFinal(encodeResult); 109 System.out.println("DESDncode :" + new String (DecodeResult)); 110 111 112 113 } catch (NoSuchAlgorithmException e) { 114 e.printStackTrace(); 115 } catch (InvalidKeyException e) { 116 // TODO 自动生成的 catch 块 117 e.printStackTrace(); 118 } catch (InvalidKeySpecException e) { 119 // TODO 自动生成的 catch 块 120 e.printStackTrace(); 121 } catch (NoSuchPaddingException e) { 122 // TODO 自动生成的 catch 块 123 e.printStackTrace(); 124 } catch (IllegalBlockSizeException e) { 125 // TODO 自动生成的 catch 块 126 e.printStackTrace(); 127 } catch (BadPaddingException e) { 128 // TODO 自动生成的 catch 块 129 e.printStackTrace(); 130 } catch (NoSuchProviderException e) { 131 // TODO 自动生成的 catch 块 132 e.printStackTrace(); 133 } 134 } 135 136 137 public static void main(String[] args) { 138 DESDemo.jdkDES (); 139 DESDemo.bcDES(); 140 } 141 142 }
3.3DES
1 package com.tancky.security; 2 3 import java.security.InvalidKeyException; 4 import java.security.Key; 5 import java.security.NoSuchAlgorithmException; 6 import java.security.NoSuchProviderException; 7 import java.security.Security; 8 import java.security.spec.InvalidKeySpecException; 9 10 import javax.crypto.BadPaddingException; 11 import javax.crypto.Cipher; 12 import javax.crypto.IllegalBlockSizeException; 13 import javax.crypto.KeyGenerator; 14 import javax.crypto.NoSuchPaddingException; 15 import javax.crypto.SecretKey; 16 import javax.crypto.SecretKeyFactory; 17 18 import javax.crypto.spec.DESedeKeySpec; 19 20 import org.bouncycastle.jce.provider.BouncyCastleProvider; 21 import org.bouncycastle.util.encoders.Hex; 22 23 public class TripleDESDemo { 24 25 private static String src = "TestTripleDES"; 26 27 public static void jdkTripleDES () { 28 29 try { 30 //生成密钥Key 31 KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede"); 32 keyGenerator.init(168); 33 SecretKey secretKey = keyGenerator.generateKey(); 34 byte[] bytesKey = secretKey.getEncoded(); 35 36 37 //KEY转换 38 DESedeKeySpec deSedeKeySpec = new DESedeKeySpec(bytesKey); 39 SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); 40 Key convertSecretKey = factory.generateSecret(deSedeKeySpec); 41 42 //加密 43 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); 44 cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); 45 byte[] encodeResult = cipher.doFinal(TripleDESDemo.src.getBytes()); 46 System.out.println("TripleDESEncode :" + Hex.toHexString(encodeResult)); 47 48 49 //解密 50 cipher.init(Cipher.DECRYPT_MODE,convertSecretKey); 51 byte[] DecodeResult = cipher.doFinal(encodeResult); 52 System.out.println("TripleDESDncode :" + new String (DecodeResult)); 53 54 55 56 } catch (NoSuchAlgorithmException e) { 57 e.printStackTrace(); 58 } catch (InvalidKeyException e) { 59 // TODO 自动生成的 catch 块 60 e.printStackTrace(); 61 } catch (InvalidKeySpecException e) { 62 // TODO 自动生成的 catch 块 63 e.printStackTrace(); 64 } catch (NoSuchPaddingException e) { 65 // TODO 自动生成的 catch 块 66 e.printStackTrace(); 67 } catch (IllegalBlockSizeException e) { 68 // TODO 自动生成的 catch 块 69 e.printStackTrace(); 70 } catch (BadPaddingException e) { 71 // TODO 自动生成的 catch 块 72 e.printStackTrace(); 73 } 74 75 } 76 77 78 79 80 public static void bcTripleDES () { 81 82 try { 83 84 Security.addProvider(new BouncyCastleProvider()); 85 //生成密钥Key 86 KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede","BC"); 87 keyGenerator.getProvider(); 88 keyGenerator.init(168); 89 SecretKey secretKey = keyGenerator.generateKey(); 90 byte[] bytesKey = secretKey.getEncoded(); 91 92 93 //KEY转换 94 DESedeKeySpec deSedeKeySpec = new DESedeKeySpec(bytesKey); 95 SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); 96 Key convertSecretKey = factory.generateSecret(deSedeKeySpec); 97 98 //加密 99 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); 100 cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); 101 byte[] encodeResult = cipher.doFinal(TripleDESDemo.src.getBytes()); 102 System.out.println("TripleDESEncode :" + Hex.toHexString(encodeResult)); 103 104 105 //解密 106 cipher.init(Cipher.DECRYPT_MODE,convertSecretKey); 107 byte[] DecodeResult = cipher.doFinal(encodeResult); 108 System.out.println("TripleDESDncode :" + new String (DecodeResult)); 109 110 111 112 } catch (NoSuchAlgorithmException e) { 113 e.printStackTrace(); 114 } catch (InvalidKeyException e) { 115 // TODO 自动生成的 catch 块 116 e.printStackTrace(); 117 } catch (InvalidKeySpecException e) { 118 // TODO 自动生成的 catch 块 119 e.printStackTrace(); 120 } catch (NoSuchPaddingException e) { 121 // TODO 自动生成的 catch 块 122 e.printStackTrace(); 123 } catch (IllegalBlockSizeException e) { 124 // TODO 自动生成的 catch 块 125 e.printStackTrace(); 126 } catch (BadPaddingException e) { 127 // TODO 自动生成的 catch 块 128 e.printStackTrace(); 129 } catch (NoSuchProviderException e) { 130 // TODO 自动生成的 catch 块 131 e.printStackTrace(); 132 } 133 134 } 135 136 137 138 public static void main(String[] args) { 139 jdkTripleDES (); 140 bcTripleDES (); 141 142 } 143 144 }
4.AES
1 package com.tancky.security; 2 3 import java.security.InvalidKeyException; 4 import java.security.Key; 5 import java.security.NoSuchAlgorithmException; 6 import java.security.NoSuchProviderException; 7 import java.security.SecureRandom; 8 import java.security.Security; 9 10 import javax.crypto.BadPaddingException; 11 import javax.crypto.Cipher; 12 import javax.crypto.IllegalBlockSizeException; 13 import javax.crypto.KeyGenerator; 14 import javax.crypto.NoSuchPaddingException; 15 import javax.crypto.SecretKey; 16 import javax.crypto.spec.SecretKeySpec; 17 18 import org.bouncycastle.jce.provider.BouncyCastleProvider; 19 import org.bouncycastle.util.encoders.Hex; 20 21 public class AESDemo { 22 23 private static String src = "TestAES"; 24 25 public static void jdkAES (){ 26 try { 27 28 29 //生成Key 30 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); 31 keyGenerator.init(128); 32 //keyGenerator.init(128, new SecureRandom("seedseedseed".getBytes())); 33 //使用上面这种初始化方法可以特定种子来生成密钥,这样加密后的密文是唯一固定的。 34 SecretKey secretKey = keyGenerator.generateKey(); 35 byte[] keyBytes = secretKey.getEncoded(); 36 37 //Key转换 38 Key key = new SecretKeySpec(keyBytes, "AES"); 39 40 //加密 41 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); 42 cipher.init(Cipher.ENCRYPT_MODE, key); 43 byte[] encodeResult = cipher.doFinal(AESDemo.src.getBytes()); 44 System.out.println("AESencode : " + Hex.toHexString(encodeResult) ); 45 46 //解密 47 cipher.init(Cipher.DECRYPT_MODE, key); 48 byte[] decodeResult = cipher.doFinal(encodeResult); 49 System.out.println("AESdecode : " + new String (decodeResult)); 50 51 52 53 54 } catch (NoSuchAlgorithmException e) { 55 // TODO 自动生成的 catch 块 56 e.printStackTrace(); 57 } catch (NoSuchPaddingException e) { 58 // TODO 自动生成的 catch 块 59 e.printStackTrace(); 60 } catch (InvalidKeyException e) { 61 // TODO 自动生成的 catch 块 62 e.printStackTrace(); 63 } catch (IllegalBlockSizeException e) { 64 // TODO 自动生成的 catch 块 65 e.printStackTrace(); 66 } catch (BadPaddingException e) { 67 // TODO 自动生成的 catch 块 68 e.printStackTrace(); 69 } 70 71 } 72 73 74 public static void bcAES (){ 75 try { 76 77 //使用BouncyCastle 的DES加密 78 Security.addProvider(new BouncyCastleProvider()); 79 80 //生成Key 81 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES","BC"); 82 keyGenerator.getProvider(); 83 keyGenerator.init(128); 84 SecretKey secretKey = keyGenerator.generateKey(); 85 byte[] keyBytes = secretKey.getEncoded(); 86 87 //Key转换 88 Key key = new SecretKeySpec(keyBytes, "AES"); 89 90 //加密 91 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); 92 cipher.init(Cipher.ENCRYPT_MODE, key); 93 byte[] encodeResult = cipher.doFinal(AESDemo.src.getBytes()); 94 System.out.println("AESencode : " + Hex.toHexString(encodeResult) ); 95 96 //解密 97 cipher.init(Cipher.DECRYPT_MODE, key); 98 byte[] decodeResult = cipher.doFinal(encodeResult); 99 System.out.println("AESdecode : " + new String (decodeResult)); 100 101 102 103 104 } catch (NoSuchAlgorithmException e) { 105 // TODO 自动生成的 catch 块 106 e.printStackTrace(); 107 } catch (NoSuchPaddingException e) { 108 // TODO 自动生成的 catch 块 109 e.printStackTrace(); 110 } catch (InvalidKeyException e) { 111 // TODO 自动生成的 catch 块 112 e.printStackTrace(); 113 } catch (IllegalBlockSizeException e) { 114 // TODO 自动生成的 catch 块 115 e.printStackTrace(); 116 } catch (BadPaddingException e) { 117 // TODO 自动生成的 catch 块 118 e.printStackTrace(); 119 } catch (NoSuchProviderException e) { 120 // TODO 自动生成的 catch 块 121 e.printStackTrace(); 122 } 123 124 } 125 126 127 public static void main(String[] args) { 128 jdkAES(); 129 bcAES(); 130 131 } 132 133 }