JAVA實現AES加密
1. 因子
上次介紹了《JAVA實現AES加密》,中間提到近些年DES使用越來越少,原因就在於其使用56位密鑰,比較容易被破解,近些年來逐漸被AES替代,AES已經變成目前對稱加密中最流行算法之一;AES可以使用128、192、和256位密鑰,並且用128位分組加密和解密數據。本文就簡單介紹如何通過JAVA實現AES加密。
2. JAVA實現
閒話少許,掠過AES加密原理及算法,關於這些直接搜索專業網站吧,我們直接看JAVA的具體實現。
2.1 加密
代碼有詳細解釋,不多廢話。
- /**
- * 加密
- *
- * @param content 需要加密的內容
- * @param password 加密密碼
- * @return
- */
- public static byte[] encrypt(String content, String password) {
- try {
- KeyGenerator kgen = KeyGenerator.getInstance("AES");
- kgen.init(128, new SecureRandom(password.getBytes()));
- SecretKey secretKey = kgen.generateKey();
- byte[] enCodeFormat = secretKey.getEncoded();
- SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
- Cipher cipher = Cipher.getInstance("AES");// 創建密碼器
- byte[] byteContent = content.getBytes("utf-8");
- cipher.init(Cipher.ENCRYPT_MODE, key);// 初始化
- byte[] result = cipher.doFinal(byteContent);
- return result; // 加密
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- } catch (NoSuchPaddingException e) {
- e.printStackTrace();
- } catch (InvalidKeyException e) {
- e.printStackTrace();
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- } catch (IllegalBlockSizeException e) {
- e.printStackTrace();
- } catch (BadPaddingException e) {
- e.printStackTrace();
- }
- return null;
- }
2.2 解密
代碼有詳細註釋,不多廢話
注意:解密的時候要傳入byte數組
- /**解密
- * @param content 待解密內容
- * @param password 解密密鑰
- * @return
- */
- public static byte[] decrypt(byte[] content, String password) {
- try {
- KeyGenerator kgen = KeyGenerator.getInstance("AES");
- kgen.init(128, new SecureRandom(password.getBytes()));
- SecretKey secretKey = kgen.generateKey();
- byte[] enCodeFormat = secretKey.getEncoded();
- SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
- Cipher cipher = Cipher.getInstance("AES");// 創建密碼器
- cipher.init(Cipher.DECRYPT_MODE, key);// 初始化
- byte[] result = cipher.doFinal(content);
- return result; // 加密
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- } catch (NoSuchPaddingException e) {
- e.printStackTrace();
- } catch (InvalidKeyException e) {
- e.printStackTrace();
- } catch (IllegalBlockSizeException e) {
- e.printStackTrace();
- } catch (BadPaddingException e) {
- e.printStackTrace();
- }
- return null;
- }
2.3 測試代碼
- String content = "test";
- String password = "12345678";
- //加密
- System.out.println("加密前:" + content);
- byte[] encryptResult = encrypt(content, password);
- //解密
- byte[] decryptResult = decrypt(encryptResult,password);
- System.out.println("解密後:" + new String(decryptResult));
輸出結果如下:
加密前:test
解密後:test
解密後:test
2.4 容易出錯的地方
但是如果我們將測試代碼修改一下,如下:
- String content = "test";
- String password = "12345678";
- //加密
- System.out.println("加密前:" + content);
- byte[] encryptResult = encrypt(content, password);
- try {
- String encryptResultStr = new String(encryptResult,"utf-8");
- //解密
- byte[] decryptResult = decrypt(encryptResultStr.getBytes("utf-8"),password);
- System.out.println("解密後:" + new String(decryptResult));
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- }
則,系統會報出如下異常:
javax.crypto.IllegalBlockSizeException: Input length must be multiple of 16 when decrypting with padded cipher
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
這主要是因爲加密後的byte數組是不能強制轉換成字符串的,換言之:字符串和byte數組在這種情況下不是互逆的;要避免這種情況,我們需要做一些修訂,可以考慮將二進制數據轉換成十六進制表示,主要有如下兩個方法:
2.4.1將二進制轉換成16進制
- /**將二進制轉換成16進制
- * @param buf
- * @return
- */
- public static String parseByte2HexStr(byte buf[]) {
- StringBuffer sb = new StringBuffer();
- for (int i = 0; i < buf.length; i++) {
- String hex = Integer.toHexString(buf[i] & 0xFF);
- if (hex.length() == 1) {
- hex = '0' + hex;
- }
- sb.append(hex.toUpperCase());
- }
- return sb.toString();
- }
2.4.2 將16進制轉換爲二進制
- /**將16進制轉換爲二進制
- * @param hexStr
- * @return
- */
- public static byte[] parseHexStr2Byte(String hexStr) {
- if (hexStr.length() < 1)
- return null;
- byte[] result = new byte[hexStr.length()/2];
- for (int i = 0;i< hexStr.length()/2; i++) {
- int high = Integer.parseInt(hexStr.substring(i*2, i*2+1), 16);
- int low = Integer.parseInt(hexStr.substring(i*2+1, i*2+2), 16);
- result[i] = (byte) (high * 16 + low);
- }
- return result;
- }
然後,我們再修訂以上測試代碼,如下:
- String content = "test";
- String password = "12345678";
- //加密
- System.out.println("加密前:" + content);
- byte[] encryptResult = encrypt(content, password);
- String encryptResultStr = parseByte2HexStr(encryptResult);
- System.out.println("加密後:" + encryptResultStr);
- //解密
- byte[] decryptFrom = parseHexStr2Byte(encryptResultStr);
- byte[] decryptResult = decrypt(decryptFrom,password);
- System.out.println("解密後:" + new String(decryptResult));
測試結果如下:
加密前:test
加密後:73C58BAFE578C59366D8C995CD0B9D6D
解密後:test
加密後:73C58BAFE578C59366D8C995CD0B9D6D
解密後:test
2.5 另外一種加密方式
還有一種加密方式,大家可以參考如下:
- /**
- * 加密
- *
- * @param content 需要加密的內容
- * @param password 加密密碼
- * @return
- */
- public static byte[] encrypt2(String content, String password) {
- try {
- SecretKeySpec key = new SecretKeySpec(password.getBytes(), "AES");
- Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
- byte[] byteContent = content.getBytes("utf-8");
- cipher.init(Cipher.ENCRYPT_MODE, key);// 初始化
- byte[] result = cipher.doFinal(byteContent);
- return result; // 加密
- } catch (NoSuchAlgorithmException e) {
- e.printStackTrace();
- } catch (NoSuchPaddingException e) {
- e.printStackTrace();
- } catch (InvalidKeyException e) {
- e.printStackTrace();
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- } catch (IllegalBlockSizeException e) {
- e.printStackTrace();
- } catch (BadPaddingException e) {
- e.printStackTrace();
- }
- return null;
- }
這種加密方式有兩種限制
- 密鑰必須是16位的
- 待加密內容的長度必須是16的倍數,如果不是16的倍數,就會出如下異常:
javax.crypto.IllegalBlockSizeException: Input length not multiple of 16 bytes
at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.SunJCE_f.b(DashoA13*..)
at com.sun.crypto.provider.AESCipher.engineDoFinal(DashoA13*..)
at javax.crypto.Cipher.doFinal(DashoA13*..)
要解決如上異常,可以通過補全傳入加密內容等方式進行避免。