安全问题已经成为一个越来越重要的问题,在Java中如何对重要数据进行加密解密是本文的主要内容。

一、常用的加密/解密算法

1.Base64

  严格来说Base64并不是一种加密/解密算法,而是一种编码方式。Base64不生成密钥,通过Base64编码后的密文就可以直接“翻译”为明文,但是可以通过向明文中添加混淆字符来达到加密的效果。

2.DES

  DES是一种基于56位密钥的对称算法,1976年被美国联邦政府的国家标准局确定为联邦资料处理标准(FIPS),随后在国际上广泛流传开来。现在DES已经不是一种安全的加密算法,已被公开破解,现在DES已经被高级加密标准(AES)所代替。

3.3DES

  3DES是DES的一种派生算法,主要提升了DES的一些实用所需的安全性。

4.AES

  AES是现在对称加密算法中最流行的算法之一。

 

二、实现所需的一些库

  为了实现上述的算法,我们可以实用JDK自带的实现,也可以使用一些开源的第三方库,例如Bouncy Castle(https://www.bouncycastle.org/)和comnons codec(https://commons.apache.org/proper/commons-codec/)。

 

三、具体实现

  1.Base64

1 package com.tancky.security;
 2 
 3 
 4 import java.io.IOException;
 5 
 6 import sun.misc.BASE64Decoder;
 7 import sun.misc.BASE64Encoder;
 8 
 9 public class Base64Demo {
10     
11     
12     private static String src = "TestBase64";
13     
14 
15     public static void main(String[] args) {
16         Base64Demo.jdkBase64();
17         Base64Demo.commonsCodecBase64 ();
18         Base64Demo.bouncyCastleBase64 ();
19     }
20     
21     //使用JDK的base64实现,
22     public static void jdkBase64 (){
23         BASE64Encoder encoder = new BASE64Encoder();
24         String encode = encoder.encode(Base64Demo.src.getBytes());
25         System.out.println("encode:  " + encode);
26         
27         BASE64Decoder decoder = new BASE64Decoder();
28         try {
29             String decode = new String ( decoder.decodeBuffer(encode));
30             System.out.println("decode:  " + decode);
31         } catch (IOException e) {
32             e.printStackTrace();
33         }    
34     }
35     
36     
37     //使用apache的commonsCodec实现
38     public static void commonsCodecBase64 (){
39         byte[] encodeBytes = org.apache.commons.codec.binary.Base64.encodeBase64(Base64Demo.src.getBytes());
40         String encode = new String (encodeBytes);
41         System.out.println("encode:  " + encode);
42         
43         byte[] decodeBytes = org.apache.commons.codec.binary.Base64.decodeBase64(encode);
44         String decode = new String(decodeBytes);
45         System.out.println("decode:  " + decode);
46         
47     }
48     
49     //使用bouncyCastlede实现
50     public static void bouncyCastleBase64 () {
51         byte[] encodeBytes = org.bouncycastle.util.encoders.Base64.encode(Base64Demo.src.getBytes()) ;
52         String encode = new String (encodeBytes);
53         System.out.println("encode:  " + encode);
54 
55         byte[] decodeBytes = org.bouncycastle.util.encoders.Base64.decode(encode);
56         String decode = new String(decodeBytes);
57         System.out.println("decode:  " + decode);
58         
59     }
60 
61 }

 

  2.DES

  

1 package com.tancky.security;
  2 
  3 import java.security.InvalidKeyException;
  4 import java.security.Key;
  5 import java.security.NoSuchAlgorithmException;
  6 import java.security.NoSuchProviderException;
  7 import java.security.Security;
  8 import java.security.spec.InvalidKeySpecException;
  9 
 10 import javax.crypto.BadPaddingException;
 11 import javax.crypto.Cipher;
 12 import javax.crypto.IllegalBlockSizeException;
 13 import javax.crypto.KeyGenerator;
 14 import javax.crypto.NoSuchPaddingException;
 15 import javax.crypto.SecretKey;
 16 import javax.crypto.SecretKeyFactory;
 17 import javax.crypto.spec.DESKeySpec;
 18 
 19 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 20 import org.bouncycastle.util.encoders.Hex;
 21 
 22 public class DESDemo {
 23     
 24     private static String src = "TestDES";
 25     
 26     
 27     public static void jdkDES () {
 28         
 29         try {
 30             //生成密钥Key
 31             KeyGenerator keyGenerator = KeyGenerator.getInstance("DES");
 32             keyGenerator.init(56);
 33             SecretKey secretKey = keyGenerator.generateKey();
 34             byte[] bytesKey = secretKey.getEncoded();
 35         
 36             
 37             //KEY转换
 38             DESKeySpec deSedeKeySpec = new DESKeySpec(bytesKey);
 39             SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");
 40             Key convertSecretKey = factory.generateSecret(deSedeKeySpec);
 41             
 42             //加密
 43             Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
 44             cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
 45             byte[] encodeResult = cipher.doFinal(DESDemo.src.getBytes());
 46             System.out.println("DESEncode :" + Hex.toHexString(encodeResult));
 47             
 48             
 49             //解密
 50             cipher.init(Cipher.DECRYPT_MODE,convertSecretKey);
 51             byte[] DecodeResult = cipher.doFinal(encodeResult);
 52             System.out.println("DESDncode :" + new String (DecodeResult));
 53             
 54             
 55             
 56         } catch (NoSuchAlgorithmException e) {
 57             e.printStackTrace();
 58         } catch (InvalidKeyException e) {
 59             // TODO 自动生成的 catch 块
 60             e.printStackTrace();
 61         } catch (InvalidKeySpecException e) {
 62             // TODO 自动生成的 catch 块
 63             e.printStackTrace();
 64         } catch (NoSuchPaddingException e) {
 65             // TODO 自动生成的 catch 块
 66             e.printStackTrace();
 67         } catch (IllegalBlockSizeException e) {
 68             // TODO 自动生成的 catch 块
 69             e.printStackTrace();
 70         } catch (BadPaddingException e) {
 71             // TODO 自动生成的 catch 块
 72             e.printStackTrace();
 73         }
 74     
 75     }
 76     
 77     
 78     
 79     public static void bcDES (){
 80         try {
 81             
 82             
 83             //使用BouncyCastle 的DES加密
 84             Security.addProvider(new BouncyCastleProvider());
 85             
 86             
 87             //生成密钥Key
 88             KeyGenerator keyGenerator = KeyGenerator.getInstance("DES","BC");
 89             keyGenerator.init(56);
 90             SecretKey secretKey = keyGenerator.generateKey();
 91             byte[] bytesKey = secretKey.getEncoded();
 92         
 93             
 94             //KEY转换
 95             DESKeySpec deSedeKeySpec = new DESKeySpec(bytesKey);
 96             SecretKeyFactory factory = SecretKeyFactory.getInstance("DES");
 97             Key convertSecretKey = factory.generateSecret(deSedeKeySpec);
 98             
 99             //加密
100             Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
101             cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
102             byte[] encodeResult = cipher.doFinal(DESDemo.src.getBytes());
103             System.out.println("DESEncode :" + Hex.toHexString(encodeResult));
104             
105             
106             //解密
107             cipher.init(Cipher.DECRYPT_MODE,convertSecretKey);
108             byte[] DecodeResult = cipher.doFinal(encodeResult);
109             System.out.println("DESDncode :" + new String (DecodeResult));
110             
111             
112             
113         } catch (NoSuchAlgorithmException e) {
114             e.printStackTrace();
115         } catch (InvalidKeyException e) {
116             // TODO 自动生成的 catch 块
117             e.printStackTrace();
118         } catch (InvalidKeySpecException e) {
119             // TODO 自动生成的 catch 块
120             e.printStackTrace();
121         } catch (NoSuchPaddingException e) {
122             // TODO 自动生成的 catch 块
123             e.printStackTrace();
124         } catch (IllegalBlockSizeException e) {
125             // TODO 自动生成的 catch 块
126             e.printStackTrace();
127         } catch (BadPaddingException e) {
128             // TODO 自动生成的 catch 块
129             e.printStackTrace();
130         } catch (NoSuchProviderException e) {
131             // TODO 自动生成的 catch 块
132             e.printStackTrace();
133         }
134     }
135     
136     
137     public static void main(String[] args) {
138         DESDemo.jdkDES ();
139         DESDemo.bcDES();
140     }
141 
142 }

  

  3.3DES

  

1 package com.tancky.security;
  2 
  3 import java.security.InvalidKeyException;
  4 import java.security.Key;
  5 import java.security.NoSuchAlgorithmException;
  6 import java.security.NoSuchProviderException;
  7 import java.security.Security;
  8 import java.security.spec.InvalidKeySpecException;
  9 
 10 import javax.crypto.BadPaddingException;
 11 import javax.crypto.Cipher;
 12 import javax.crypto.IllegalBlockSizeException;
 13 import javax.crypto.KeyGenerator;
 14 import javax.crypto.NoSuchPaddingException;
 15 import javax.crypto.SecretKey;
 16 import javax.crypto.SecretKeyFactory;
 17 
 18 import javax.crypto.spec.DESedeKeySpec;
 19 
 20 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 21 import org.bouncycastle.util.encoders.Hex;
 22 
 23 public class TripleDESDemo {
 24     
 25     private static String src = "TestTripleDES";
 26     
 27     public static void jdkTripleDES () {
 28         
 29         try {
 30             //生成密钥Key
 31             KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede");
 32             keyGenerator.init(168);
 33             SecretKey secretKey = keyGenerator.generateKey();
 34             byte[] bytesKey = secretKey.getEncoded();
 35         
 36             
 37             //KEY转换
 38             DESedeKeySpec deSedeKeySpec = new DESedeKeySpec(bytesKey);
 39             SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
 40             Key convertSecretKey = factory.generateSecret(deSedeKeySpec);
 41             
 42             //加密
 43             Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
 44             cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
 45             byte[] encodeResult = cipher.doFinal(TripleDESDemo.src.getBytes());
 46             System.out.println("TripleDESEncode :" + Hex.toHexString(encodeResult));
 47             
 48             
 49             //解密
 50             cipher.init(Cipher.DECRYPT_MODE,convertSecretKey);
 51             byte[] DecodeResult = cipher.doFinal(encodeResult);
 52             System.out.println("TripleDESDncode :" + new String (DecodeResult));
 53             
 54             
 55             
 56         } catch (NoSuchAlgorithmException e) {
 57             e.printStackTrace();
 58         } catch (InvalidKeyException e) {
 59             // TODO 自动生成的 catch 块
 60             e.printStackTrace();
 61         } catch (InvalidKeySpecException e) {
 62             // TODO 自动生成的 catch 块
 63             e.printStackTrace();
 64         } catch (NoSuchPaddingException e) {
 65             // TODO 自动生成的 catch 块
 66             e.printStackTrace();
 67         } catch (IllegalBlockSizeException e) {
 68             // TODO 自动生成的 catch 块
 69             e.printStackTrace();
 70         } catch (BadPaddingException e) {
 71             // TODO 自动生成的 catch 块
 72             e.printStackTrace();
 73         }
 74     
 75     }
 76 
 77     
 78     
 79     
 80 public static void bcTripleDES () {
 81         
 82         try {
 83             
 84             Security.addProvider(new BouncyCastleProvider());
 85             //生成密钥Key
 86             KeyGenerator keyGenerator = KeyGenerator.getInstance("DESede","BC");
 87             keyGenerator.getProvider();
 88             keyGenerator.init(168);
 89             SecretKey secretKey = keyGenerator.generateKey();
 90             byte[] bytesKey = secretKey.getEncoded();
 91         
 92             
 93             //KEY转换
 94             DESedeKeySpec deSedeKeySpec = new DESedeKeySpec(bytesKey);
 95             SecretKeyFactory factory = SecretKeyFactory.getInstance("DESede");
 96             Key convertSecretKey = factory.generateSecret(deSedeKeySpec);
 97             
 98             //加密
 99             Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
100             cipher.init(Cipher.ENCRYPT_MODE, convertSecretKey);
101             byte[] encodeResult = cipher.doFinal(TripleDESDemo.src.getBytes());
102             System.out.println("TripleDESEncode :" + Hex.toHexString(encodeResult));
103             
104             
105             //解密
106             cipher.init(Cipher.DECRYPT_MODE,convertSecretKey);
107             byte[] DecodeResult = cipher.doFinal(encodeResult);
108             System.out.println("TripleDESDncode :" + new String (DecodeResult));
109             
110             
111             
112         } catch (NoSuchAlgorithmException e) {
113             e.printStackTrace();
114         } catch (InvalidKeyException e) {
115             // TODO 自动生成的 catch 块
116             e.printStackTrace();
117         } catch (InvalidKeySpecException e) {
118             // TODO 自动生成的 catch 块
119             e.printStackTrace();
120         } catch (NoSuchPaddingException e) {
121             // TODO 自动生成的 catch 块
122             e.printStackTrace();
123         } catch (IllegalBlockSizeException e) {
124             // TODO 自动生成的 catch 块
125             e.printStackTrace();
126         } catch (BadPaddingException e) {
127             // TODO 自动生成的 catch 块
128             e.printStackTrace();
129         } catch (NoSuchProviderException e) {
130             // TODO 自动生成的 catch 块
131             e.printStackTrace();
132         }
133     
134     }
135     
136     
137     
138     public static void main(String[] args) {
139         jdkTripleDES ();
140         bcTripleDES ();
141 
142     }
143 
144 }

 

   4.AES

   

1 package com.tancky.security;
  2 
  3 import java.security.InvalidKeyException;
  4 import java.security.Key;
  5 import java.security.NoSuchAlgorithmException;
  6 import java.security.NoSuchProviderException;
  7 import java.security.SecureRandom;
  8 import java.security.Security;
  9 
 10 import javax.crypto.BadPaddingException;
 11 import javax.crypto.Cipher;
 12 import javax.crypto.IllegalBlockSizeException;
 13 import javax.crypto.KeyGenerator;
 14 import javax.crypto.NoSuchPaddingException;
 15 import javax.crypto.SecretKey;
 16 import javax.crypto.spec.SecretKeySpec;
 17 
 18 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 19 import org.bouncycastle.util.encoders.Hex;
 20 
 21 public class AESDemo {
 22     
 23     private static String src = "TestAES";
 24     
 25     public static void jdkAES (){
 26         try {
 27             
 28             
 29             //生成Key
 30             KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
 31             keyGenerator.init(128);  
 32             //keyGenerator.init(128, new SecureRandom("seedseedseed".getBytes()));  
 33             //使用上面这种初始化方法可以特定种子来生成密钥,这样加密后的密文是唯一固定的。
 34             SecretKey secretKey = keyGenerator.generateKey();
 35             byte[] keyBytes = secretKey.getEncoded();
 36             
 37             //Key转换
 38             Key key = new SecretKeySpec(keyBytes, "AES");
 39             
 40             //加密
 41             Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
 42             cipher.init(Cipher.ENCRYPT_MODE, key);
 43             byte[] encodeResult = cipher.doFinal(AESDemo.src.getBytes());
 44             System.out.println("AESencode : " + Hex.toHexString(encodeResult) );
 45             
 46             //解密
 47             cipher.init(Cipher.DECRYPT_MODE, key);
 48             byte[] decodeResult = cipher.doFinal(encodeResult);
 49             System.out.println("AESdecode : " + new String (decodeResult));
 50             
 51             
 52         
 53         
 54         } catch (NoSuchAlgorithmException e) {
 55             // TODO 自动生成的 catch 块
 56             e.printStackTrace();
 57         } catch (NoSuchPaddingException e) {
 58             // TODO 自动生成的 catch 块
 59             e.printStackTrace();
 60         } catch (InvalidKeyException e) {
 61             // TODO 自动生成的 catch 块
 62             e.printStackTrace();
 63         } catch (IllegalBlockSizeException e) {
 64             // TODO 自动生成的 catch 块
 65             e.printStackTrace();
 66         } catch (BadPaddingException e) {
 67             // TODO 自动生成的 catch 块
 68             e.printStackTrace();
 69         }
 70     
 71     }
 72     
 73     
 74     public static void bcAES (){
 75         try {
 76             
 77             //使用BouncyCastle 的DES加密
 78             Security.addProvider(new BouncyCastleProvider());
 79             
 80             //生成Key
 81             KeyGenerator keyGenerator = KeyGenerator.getInstance("AES","BC");
 82             keyGenerator.getProvider();
 83             keyGenerator.init(128);  
 84             SecretKey secretKey = keyGenerator.generateKey();
 85             byte[] keyBytes = secretKey.getEncoded();
 86             
 87             //Key转换
 88             Key key = new SecretKeySpec(keyBytes, "AES");
 89             
 90             //加密
 91             Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
 92             cipher.init(Cipher.ENCRYPT_MODE, key);
 93             byte[] encodeResult = cipher.doFinal(AESDemo.src.getBytes());
 94             System.out.println("AESencode : " + Hex.toHexString(encodeResult) );
 95             
 96             //解密
 97             cipher.init(Cipher.DECRYPT_MODE, key);
 98             byte[] decodeResult = cipher.doFinal(encodeResult);
 99             System.out.println("AESdecode : " + new String (decodeResult));
100             
101             
102         
103         
104         } catch (NoSuchAlgorithmException e) {
105             // TODO 自动生成的 catch 块
106             e.printStackTrace();
107         } catch (NoSuchPaddingException e) {
108             // TODO 自动生成的 catch 块
109             e.printStackTrace();
110         } catch (InvalidKeyException e) {
111             // TODO 自动生成的 catch 块
112             e.printStackTrace();
113         } catch (IllegalBlockSizeException e) {
114             // TODO 自动生成的 catch 块
115             e.printStackTrace();
116         } catch (BadPaddingException e) {
117             // TODO 自动生成的 catch 块
118             e.printStackTrace();
119         } catch (NoSuchProviderException e) {
120             // TODO 自动生成的 catch 块
121             e.printStackTrace();
122         }
123     
124     }
125     
126 
127     public static void main(String[] args) {
128         jdkAES();
129         bcAES();
130 
131     }
132 
133 }