1 package com.ice.webos.util.security;
2
3 import java.security.Key;
4 import java.security.KeyFactory;
5 import java.security.KeyPair;
6 import java.security.KeyPairGenerator;
7 import java.security.PublicKey;
8 import java.security.spec.PKCS8EncodedKeySpec;
9 import java.security.spec.X509EncodedKeySpec;
10 import java.util.HashMap;
11 import java.util.Map;
12
13 import javax.crypto.Cipher;
14 import javax.crypto.KeyAgreement;
15 import javax.crypto.SecretKey;
16 import javax.crypto.interfaces.DHPrivateKey;
17 import javax.crypto.interfaces.DHPublicKey;
18 import javax.crypto.spec.DHParameterSpec;
19
20 /**21 * DH Diffie-Hellman算法(D-H算法),密钥一致协议。
22 * 是由公开密钥密码体制的奠基人Diffie和Hellman所提出的一种思想。
23 * 简单的说就是允许两名用户在公开媒体上交换信息以生成"一致"的、可以共享的密钥。
24 * 换句话说,就是由甲方产出一对密钥(公钥、私钥),乙方依照甲方公钥产生乙方密钥对(公钥、私钥)。
25 * 以此为基线,作为数据传输保密基础,同时双方使用同一种对称加密算法构建本地密钥(SecretKey)对数据加密。
26 * 这样,在互通了本地密钥(SecretKey)算法后,甲乙双方公开自己的公钥,使用对方的公钥和刚才产生的私钥加密数据,同时可以使用对方的公钥和自己的私钥对数据解密。
27 * 不单单是甲乙双方两方,可以扩展为多方共享数据通讯,这样就完成了网络交互数据的安全通讯!该算法源于中国的同余定理——中国馀数定理。28 * • 29 * 
• 甲方构建密钥对儿,将公钥公布给乙方,将私钥保留;双方约定数据加密算法;乙方通过甲方公钥构建密钥对儿,将公钥公布给甲方,将私钥保留。30 * 
• 甲方使用私钥、乙方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥加密数据,发送给乙方加密后的数据;乙方使用私钥、甲方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥对数据解密。31 * 
• 乙方使用私钥、甲方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥加密数据,发送给甲方加密后的数据;甲方使用私钥、乙方公钥、约定数据加密算法构建本地密钥,然后通过本地密钥对数据解密。32 * 
33 *34 *@authorIce_Liu35 *36 */ 
 
37 public class DHCryptUtil {
38 public static final String ALGORITHM = "DH";
39
40 /**41 * 默认密钥字节数42 *43 * 
 
 
44 *45 * DH46 * Default Keysize 102447 * Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).48 *
49 */ 
 
50 private static final int KEY_SIZE = 1024;
51
52 /**53 * DH 加密下需要一种对称加密算法对数据加密,这里我们使用DES,也可以使用其他对称加密算法。54 */
55 public static final String SECRET_ALGORITHM = "DES";
56 private static final String PUBLIC_KEY = "DHPublicKey";
57 private static final String PRIVATE_KEY = "DHPrivateKey";
58
59 /**60 * 初始化甲方密钥61 *62 *@return63 *@throwsException64 */
65 public static Map initKey() throws Exception {
66 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM);
67 keyPairGenerator.initialize(KEY_SIZE);
68
69 KeyPair keyPair = keyPairGenerator.generateKeyPair();
70
71 //甲方公钥72 DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
73
74 //甲方私钥75 DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
76
77 Map keyMap = new HashMap(2);
78
79 keyMap.put(PUBLIC_KEY, publicKey);
80 keyMap.put(PRIVATE_KEY, privateKey);
81 return keyMap;
82 }
83
84 /**85 * 初始化乙方密钥86 *87 *@paramkey88 * 甲方公钥89 *@return90 *@throwsException91 */
92 public static Map initKey(String key) throws Exception {
93 //解析甲方公钥94 byte[] keyBytes = CryptUtil.decryptBASE64(key);
95 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
96 KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
97 PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
98
99 //由甲方公钥构建乙方密钥100 DHParameterSpec dhParamSpec = ((DHPublicKey) pubKey).getParams();
101
102 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(keyFactory.getAlgorithm());
103 keyPairGenerator.initialize(dhParamSpec);
104
105 KeyPair keyPair = keyPairGenerator.generateKeyPair();
106
107 //乙方公钥108 DHPublicKey publicKey = (DHPublicKey) keyPair.getPublic();
109
110 //乙方私钥111 DHPrivateKey privateKey = (DHPrivateKey) keyPair.getPrivate();
112
113 Map keyMap = new HashMap(2);
114
115 keyMap.put(PUBLIC_KEY, publicKey);
116 keyMap.put(PRIVATE_KEY, privateKey);
117
118 return keyMap;
119 }
120
121 /**122 * 加密
123 *124 *@paramdata125 * 待加密数据126 *@parampublicKey127 * 甲方公钥128 *@paramprivateKey129 * 乙方私钥130 *@return131 *@throwsException132 */133 public static byte[] encrypt(byte[] data, String publicKey, String privateKey) throws Exception {
134
135 //生成本地密钥136 SecretKey secretKey = getSecretKey(publicKey, privateKey);
137
138 //数据加密139 Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm());
140 cipher.init(Cipher.ENCRYPT_MODE, secretKey);
141
142 return cipher.doFinal(data);
143 }
144
145 /**146 * 解密
147 *148 *@paramdata149 * 待解密数据150 *@parampublicKey151 * 乙方公钥152 *@paramprivateKey153 * 乙方私钥154 *@return155 *@throwsException156 */157 public static byte[] decrypt(byte[] data, String publicKey, String privateKey) throws Exception {
158
159 //生成本地密钥160 SecretKey secretKey = getSecretKey(publicKey, privateKey);
161 //数据解密162 Cipher cipher = Cipher.getInstance(secretKey.getAlgorithm());
163 cipher.init(Cipher.DECRYPT_MODE, secretKey);
164
165 return cipher.doFinal(data);
166 }
167
168 /**169 * 构建密钥170 *171 *@parampublicKey172 * 公钥173 *@paramprivateKey174 * 私钥175 *@return176 *@throwsException177 */
178 private static SecretKey getSecretKey(String publicKey, String privateKey) throws Exception {
179 //初始化公钥180 byte[] pubKeyBytes = CryptUtil.decryptBASE64(publicKey);
181
182 KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
183 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(pubKeyBytes);
184 PublicKey pubKey = keyFactory.generatePublic(x509KeySpec);
185
186 //初始化私钥187 byte[] priKeyBytes = CryptUtil.decryptBASE64(privateKey);
188
189 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(priKeyBytes);
190 Key priKey = keyFactory.generatePrivate(pkcs8KeySpec);
191
192 KeyAgreement keyAgree = KeyAgreement.getInstance(keyFactory.getAlgorithm());
193 keyAgree.init(priKey);
194 keyAgree.doPhase(pubKey, true);
195
196 //生成本地密钥197 SecretKey secretKey = keyAgree.generateSecret(SECRET_ALGORITHM);
198
199 return secretKey;
200 }
201
202 /**203 * 取得私钥204 *205 *@paramkeyMap206 *@return207 *@throwsException208 */
209 public static String getPrivateKey(Map keyMap) throws Exception {
210 Key key = (Key) keyMap.get(PRIVATE_KEY);
211
212 return CryptUtil.encryptBASE64(key.getEncoded());
213 }
214
215 /**216 * 取得公钥217 *218 *@paramkeyMap219 *@return220 *@throwsException221 */
222 public static String getPublicKey(Map keyMap) throws Exception {
223 Key key = (Key) keyMap.get(PUBLIC_KEY);
224
225 return CryptUtil.encryptBASE64(key.getEncoded());
226 }
227
228 public static void main(String[] args) {
229 try {
230 RSACryptUtil.main(args);
231 System.out.println("**************************************");
232 System.out.println("DH加密算法");
233 //生成甲方密钥对儿234 Map aKeyMap = DHCryptUtil.initKey();
235 String aPublicKey = DHCryptUtil.getPublicKey(aKeyMap);
236 String aPrivateKey = DHCryptUtil.getPrivateKey(aKeyMap);
237
238 System.out.println("甲方公钥:\r" + aPublicKey);
239 System.out.println("甲方私钥:\r" + aPrivateKey);
240
241 //由甲方公钥产生乙方本地密钥对儿242 Map bKeyMap = DHCryptUtil.initKey(aPublicKey);
243 String bPublicKey = DHCryptUtil.getPublicKey(bKeyMap);
244 String bPrivateKey = DHCryptUtil.getPrivateKey(bKeyMap);
245
246 System.out.println("乙方公钥:\r" + bPublicKey);
247 System.out.println("乙方私钥:\r" + bPrivateKey);
248
249 String aInput = "abc ";
250 System.out.println("原文: " + aInput);
251
252 //由甲方公钥,乙方私钥构建密文253 byte[] aCode = DHCryptUtil.encrypt(aInput.getBytes(), aPublicKey, bPrivateKey);
254
255 //由乙方公钥,甲方私钥解密256 byte[] aDecode = DHCryptUtil.decrypt(aCode, bPublicKey, aPrivateKey);
257 String aOutput = (new String(aDecode));
258
259 System.out.println("解密: " + aOutput);
260
261 System.out.println(" ===============反过来加密解密================== ");
262 String bInput = "def ";
263 System.out.println("原文: " + bInput);
264
265 //由乙方公钥,甲方私钥构建密文266 byte[] bCode = DHCryptUtil.encrypt(bInput.getBytes(), bPublicKey, aPrivateKey);
267
268 //由甲方公钥,乙方私钥解密269 byte[] bDecode = DHCryptUtil.decrypt(bCode, aPublicKey, bPrivateKey);
270 String bOutput = (new String(bDecode));
271
272 System.out.println("解密: " + bOutput);
273 } catch (Exception e) {
274 //TODO Auto-generated catch block275 e.printStackTrace();
276 }
277
278 }
279 }