对称加密算法

2019年3月6日 310次阅读 来源: 【漫步云端】

基本介绍

对称加密算法是现在应用范围最广,使用频率最高的加密算法。

对称的原因:
加密密钥 = 解密密钥,加密运算是解密运算的逆运算。
对称加密算法是初等的加密算法,从安全性上说,不是很高。

常用的对称加密算法:
DES(3DES),AES,PBE,IDEA等。

DES

DES(Data Encryption Standard):数据加密标准(已经被破解)
《对称加密算法》
例子:

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class DESTest { public static final String src = "hello world"; public static void main(String[] args) { jdkDES(); bcDES(); } // 用jdk实现: public static void jdkDES() { try { // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("DES"); keyGenerator.init(56); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESKeySpec desKeySpec = new DESKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");//getInstance()参数指定的加密方式 Key convertSecretKey = factory.generateSecret(desKeySpec);//生成密钥 // 加密 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");//加解密算法:DES,工作方式:ECB,填充方式:PKCS5Padding cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);//第一个参数是模式:加密模式,KEY:转换后的KEY byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("jdk des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // 用bouncy castle实现: public static void bcDES() { try { Security.addProvider(new BouncyCastleProvider()); // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("DES", "BC"); keyGenerator.getProvider(); keyGenerator.init(56); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESKeySpec desKeySpec = new DESKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); Key convertSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("bc des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("bc des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } }

运行结果:
《对称加密算法》

DES应用场景

《对称加密算法》

3DES

3重DES的好处:
1. 密钥长度增强
2. 迭代次数提高

《对称加密算法》
例子:

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.SecureRandom; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.DESKeySpec; import javax.crypto.spec.DESedeKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class DES3Test { public static final String src = "hello world"; public static void main(String[] args) { jdk3DES(); bc3DES(); } // 用jdk实现: public static void jdk3DES() { try { // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede"); // 必须长度是:112或168 // keyGenerator.init(168); keyGenerator.init(new SecureRandom());//SecureRandom()会根据不同的算法生成默认长度的KEY // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); Key convertSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk 3des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("jdk 3des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // 用bouncy castle实现: public static void bc3DES() { try { Security.addProvider(new BouncyCastleProvider()); // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator .getInstance("DESede", "BC"); keyGenerator.getProvider(); keyGenerator.init(168); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] bytesKey = secretKey.getEncoded(); // KEY转换 DESedeKeySpec desKeySpec = new DESedeKeySpec(bytesKey); SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede"); Key convertSecretKey = factory.generateSecret(desKeySpec); // 加密 Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey); byte[] result = cipher.doFinal(src.getBytes()); System.out .println("bc 3des encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, convertSecretKey); result = cipher.doFinal(result); System.out.println("bc 3des decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } }

《对称加密算法》

AES

产生的原因:
1. DES的算法有些漏洞
2. 3DES的算法相对来说效率比较低

AES是目前使用最多的对称加密算法。
AES的优势之一是至今尚未被破解。
AES通常用于移动通信系统加密以及基于SSH协议的软件(SSH Client,secureCRT)。
《对称加密算法》
无政策限制权限文件是指:因为某些国家的进口管制限制,Java发布的运行环境包中的加解密有一定的限制。

例子:

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.Security; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; import org.apache.commons.codec.binary.Hex; import org.bouncycastle.jce.provider.BouncyCastleProvider; public class AESTest { public static final String src = "hello world"; public static void main(String[] args) { jdkAES(); bcAES(); } // 用jdk实现: public static void jdkAES() { try { // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] keyBytes = secretKey.getEncoded(); // KEY转换 Key key = new SecretKeySpec(keyBytes, "AES"); // 加密 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk aes encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, key); result = cipher.doFinal(result); System.out.println("jdk aes decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } // 用bouncy castle实现: public static void bcAES() { try { Security.addProvider(new BouncyCastleProvider()); // 获取KEY生成器 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "BC"); keyGenerator.getProvider(); keyGenerator.init(128); // 产生KEY SecretKey secretKey = keyGenerator.generateKey(); // 获取KEY byte[] keyBytes = secretKey.getEncoded(); // KEY转换 Key key = new SecretKeySpec(keyBytes, "AES"); // 加密 Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("bc aes encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, key); result = cipher.doFinal(result); System.out.println("bc aes decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } }

运行结果:
《对称加密算法》

应用场景:

《对称加密算法》

PBE

PBE算法结合了消息摘要算法和对称加密算法的优点。

PBE算法并不是新的算法,而是对已有的对称加密算法和消息摘要算法的整合。

PBE(Password Based Encryption):基于口令的加密

口令是用户自己输入的,但通常口令不会很复杂。同时为了防止穷举的方式破解口令,还要对口令进行加盐(也就是在口令中加入随机数)。

PBE算法实际上就是,采用口令替代了之前对称加密算法中生成的KEY。

《对称加密算法》

《对称加密算法》

《对称加密算法》

例子:

package com.timliu.security.symmetric_encryption; import java.security.Key; import java.security.SecureRandom; import javax.crypto.Cipher; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.PBEParameterSpec; import org.apache.commons.codec.binary.Hex; public class PBETest { public static final String src = "hello world"; public static void main(String[] args) { jdkPBE(); } // 用jdk实现: public static void jdkPBE() { try { // 初始化盐(加密的随机数) SecureRandom random = new SecureRandom();//产生随机数 byte[] salt = random.generateSeed(8); // 口令与密钥 String password = "zhangyaohui";//定义用户自己输入的口令 PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); //将口令转换为KEY SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWITHMD5andDES");//实例化转换为KEY的工厂 Key key = factory.generateSecret(pbeKeySpec); // 加密 PBEParameterSpec pbeParameterSpac = new PBEParameterSpec(salt, 100);//100为需要迭代的次数 Cipher cipher = Cipher.getInstance("PBEWITHMD5andDES"); cipher.init(Cipher.ENCRYPT_MODE, key, pbeParameterSpac); byte[] result = cipher.doFinal(src.getBytes()); System.out.println("jdk pbe encrypt:" + Hex.encodeHexString(result)); // 解密 cipher.init(Cipher.DECRYPT_MODE, key, pbeParameterSpac); result = cipher.doFinal(result); System.out.println("jdk pbe decrypt:" + new String(result)); } catch (Exception e) { e.printStackTrace(); } } }

运行结果:
《对称加密算法》

PBE应用场景:
《对称加密算法》

最后问题:

以上的代码中加密和解密是在同一方的,如果加密解密不在同一方怎么办?

把密钥发送给对方(但是密钥通过网络发送很容易被截取到,可以将密钥进行处理)

 

 

转自:http://blog.csdn.net/u013991521/article/details/48207171

    原文作者:【漫步云端】
    原文地址: http://www.cnblogs.com/jinzhiming/p/7527689.html
    本文转自网络文章,转载此文章仅为分享知识,如有侵权,请联系博主进行删除。
点赞