基本介绍

对称加密算法是现在应用范围最广，使用频率最高的加密算法。

对称的原因：
加密密钥 = 解密密钥，加密运算是解密运算的逆运算。
对称加密算法是初等的加密算法，从安全性上说，不是很高。

常用的对称加密算法：
DES(3DES)，AES，PBE，IDEA等。

DES

DES（Data Encryption Standard）：数据加密标准（已经被破解）

例子：

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class DESTest { public static final String src = "hello world"; public static void main(String[] args) { jdkDES(); bcDES(); } // 用jdk实现: public static void jdkDES() { try { // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("DES"); keyGenerator.init(56); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESKeySpec desKeySpec = new DESKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");//getInstance()参数指定的加密方式 Key convertSecretKey = factory.generateSecret(desKeySpec);//生成密钥 // 加密 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//加解密算法：DES，工作方式：ECB，填充方式：PKCS5Padding cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);//第一个参数是模式：加密模式，KEY:转换后的KEY byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("jdk des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // 用bouncy castle实现: public static void bcDES() { try { Security.addProvider(new BouncyCastleProvider()); // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("DES", "BC"); keyGenerator.getProvider(); keyGenerator.init(56); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESKeySpec desKeySpec = new DESKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); Key convertSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("bc des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("bc des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } } 

运行结果：

DES应用场景

3DES

3重DES的好处：
1. 密钥长度增强
2. 迭代次数提高

例子：

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.SecureRandom; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.DESedeKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class DES3Test { public static final String src = "hello world"; public static void main(String[] args) { jdk3DES(); bc3DES(); } // 用jdk实现: public static void jdk3DES() { try { // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede"); // 必须长度是：112或168 // keyGenerator.init(168); keyGenerator.init(new SecureRandom());//SecureRandom()会根据不同的算法生成默认长度的KEY // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); Key convertSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk 3des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("jdk 3des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // 用bouncy castle实现: public static void bc3DES() { try { Security.addProvider(new BouncyCastleProvider()); // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator .getInstance("DESede", "BC"); keyGenerator.getProvider(); keyGenerator.init(168); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); Key convertSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); byte[] result = cipher.doFinal(src.getBytes()); System.out .println("bc 3des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("bc 3des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } } 

AES

产生的原因：
1. DES的算法有些漏洞
2. 3DES的算法相对来说效率比较低

AES是目前使用最多的对称加密算法。
AES的优势之一是至今尚未被破解。
AES通常用于移动通信系统加密以及基于SSH协议的软件（SSH Client，secureCRT）。

无政策限制权限文件是指：因为某些国家的进口管制限制，Java发布的运行环境包中的加解密有一定的限制。

例子：

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class AESTest { public static final String src = "hello world"; public static void main(String[] args) { jdkAES(); bcAES(); } // 用jdk实现: public static void jdkAES() { try { // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] keyBytes = secretKey.getEncoded(); // KEY转换 Key key = new SecretKeySpec(keyBytes, "AES"); // 加密 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk aes encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, key); result = cipher.doFinal(result); System.out.println("jdk aes decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // 用bouncy castle实现: public static void bcAES() { try { Security.addProvider(new BouncyCastleProvider()); // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "BC"); keyGenerator.getProvider(); keyGenerator.init(128); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] keyBytes = secretKey.getEncoded(); // KEY转换 Key key = new SecretKeySpec(keyBytes, "AES"); // 加密 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("bc aes encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, key); result = cipher.doFinal(result); System.out.println("bc aes decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } } 

运行结果：

应用场景：

PBE

PBE算法结合了消息摘要算法和对称加密算法的优点。

PBE算法并不是新的算法，而是对已有的对称加密算法和消息摘要算法的整合。

PBE(Password Based Encryption)：基于口令的加密

口令是用户自己输入的，但通常口令不会很复杂。同时为了防止穷举的方式破解口令，还要对口令进行加盐（也就是在口令中加入随机数）。

PBE算法实际上就是，采用口令替代了之前对称加密算法中生成的KEY。

例子：

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.SecureRandom; import javax.crypto.Cipher; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; import org.apache.commons.codec.binary.Hex; public class PBETest { public static final String src = "hello world"; public static void main(String[] args) { jdkPBE(); } // 用jdk实现: public static void jdkPBE() { try { // 初始化盐(加密的随机数) SecureRandom random = new SecureRandom();//产生随机数 byte[] salt = random.generateSeed(8); // 口令与密钥 String password = "zhangyaohui";//定义用户自己输入的口令 PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); //将口令转换为KEY SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHMD5andDES");//实例化转换为KEY的工厂 Key key = factory.generateSecret(pbeKeySpec); // 加密 PBEParameterSpec pbeParameterSpac = new PBEParameterSpec(salt, 100);//100为需要迭代的次数 Cipher cipher = Cipher.getInstance("PBEWITHMD5andDES"); cipher.init(Cipher.ENCRYPT_MODE, key, pbeParameterSpac); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk pbe encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, key, pbeParameterSpac); result = cipher.doFinal(result); System.out.println("jdk pbe decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } } 

运行结果：

PBE应用场景：

最后问题：

以上的代码中加密和解密是在同一方的，如果加密解密不在同一方怎么办？

把密钥发送给对方（但是密钥通过网络发送很容易被截取到，可以将密钥进行处理）

转自：http://blog.csdn.net/u013991521/article/details/48207171