Java加密与安全 (3)

  Hmac：Hash-based Message Authentication Code的缩写，基于密钥的消息认证码算法，是更安全的消息摘要算法。HmacMD5相当于md5（secure_random_key,data），所以HmacMD5可以看作带安全Salt的MD5。Hmac是把key混入摘要的算法，并不是新发明的一种算法，必须配合MD5,SHA-1等摘要算法，摘要长度和原摘要算法长度相同。

加密算法 对称加密算法

  对称加密算法的加密和解密使用同一个密钥，例如WinRAR，我们在对文件进行压缩时，可以设一个密码，再解压时，我们需要使用 同一个密码才能进行解压，winRAR就是使用的对称加密算法。加密：encrypt(密钥key,原文message)->密文s，解密：decrypt（密钥key,密文s）-> 原文message。常用的对称加密算法有DES，AES，IDEA等。由于DES的密钥较短，可以在短时间内暴力破解，现在已经不使用了。
Java使用 AES的ECB模式下的加密和解密：

public class AES_ECB_Cipher { private static final String CIPHER_NAME = "AES/ECB/PKCS5Padding"; //加密 public static byte[] encrypt(byte[] key, byte[] input) throws Exception { Cipher cipher = Cipher.getInstance(CIPHER_NAME); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //使用加密模式 cipher.init(Cipher.ENCRYPT_MODE, keySpec); //通过doFinal()得到加密后的字节数组 return cipher.doFinal(input); } //解密 public static byte[] decrypt(byte[] key, byte[] input) throws Exception { Cipher cipher = Cipher.getInstance(CIPHER_NAME); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //使用解密模式 cipher.init(Cipher.DECRYPT_MODE, keySpec); //通过doFinal()将密文还原为原文 return cipher.doFinal(input); } public static void main(String[] args) throws Exception { //原文 String message = "Hello, World! encrypted using AES"; System.out.println("Message: " + message); // message: Hello, World! encrypted using AES //128位密钥 = 16 bytes key byte[] key = "1234567890abcdef".getBytes("UTF-8"); //加密 byte[] data = message.getBytes(StandardCharsets.UTF_8); byte[] encrypted = encrypt(key, data); //加密后的密文： Encrypted data: g89TtEMHXpwwjrEbXcljDQIUi09dPO9fVx4OgZ7ozsFgo8Zilj6cypxChst75GTR System.out.println("Encrypted data: " + Base64.getEncoder().encodeToString(encrypted)); //解密 byte[] decrypted = decrypt(key, encrypted); //解密后得到结果与原文相同：Decrypted data: Hello, World! encrypted using AES System.out.println("Decrypted data: " + new String(decrypted,"UTF-8")); } }

Java使用 AES的CBC模式下的加密和解密：

public class AES_CBC_Cipher { private static final String CIPHER_NAME = "AES/CBC/PKCS5Padding"; //加密 public static byte[] encrypt(byte[] key, byte[] input) throws Exception { Cipher cipher = Cipher.getInstance(CIPHER_NAME); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //CBC模式需要生成一个16字节的initiallization vector SecureRandom sr = SecureRandom.getInstanceStrong(); //获取向量，即16位字节的随机数 byte[] iv = sr.generateSeed(16); //把字节数组转为IvParameterSpec对象 IvParameterSpec ivps = new IvParameterSpec(iv); cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivps); byte[] data = cipher.doFinal(input); //IV不需要保密，把IV和密文一起返回 return join(iv, data); } private static byte[] join(byte[] iv, byte[] data) { byte[] r = new byte[iv.length + data.length]; System.arraycopy(iv, 0 ,r, 0, iv.length); System.arraycopy(data, 0 ,r, iv.length, data.length); return r; } //解密 public static byte[] decrypt(byte[] key, byte[] input) throws Exception { //把input分割成iv和密文 byte[] iv = new byte[16]; byte[] data = new byte[input.length - 16]; System.arraycopy(input, 0 ,iv, 0, 16); System.arraycopy(input, 16 ,data, 0, data.length); //解密 Cipher cipher = Cipher.getInstance(CIPHER_NAME); SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); IvParameterSpec ivps = new IvParameterSpec(iv); cipher.init(Cipher.DECRYPT_MODE,keySpec,ivps); return cipher.doFinal(data); } public static void main(String[] args) throws Exception { //原文 String message = "Hello, World! encrypted using AES"; System.out.println("Message: " + message); // message: Hello, World! encrypted using AES //128位密钥 = 16 bytes key byte[] key = "1234567890abcdef".getBytes("UTF-8"); //加密 byte[] data = message.getBytes(StandardCharsets.UTF_8); byte[] encrypted = encrypt(key, data); //加密后的密文： Encrypted data: 3iwMkdAqR0eQYQqaxOEKao+N0gSp/05i+mULmLvndSKq4Z2xz122wmFARWbAwF6dElmnceO/x5pJHcwXSr8inQ== System.out.println("Encrypted data: " + Base64.getEncoder().encodeToString(encrypted)); //解密 byte[] decrypted = decrypt(key, encrypted); //解密后得到结果与原文相同：Decrypted data: Hello, World! encrypted using AES System.out.println("Decrypted data: " + new String(decrypted,"UTF-8")); } } 口令加密算法