由於近期的要寫一個對稱加密的module,遇到一些問題,在此做個筆記
AES 256原生Java jdk not support it. 需要替換掉其中的lib 下secret 裏的兩個將jar,此處百度十分好找,自行查找。
1.生成keyStore 文件,由於使用的是AES256位的key,使用jce提供的 jceks 文件格式。
keytool -genseckey -keystore c:\UserKeyStore.jceks -storetype jceks -storepass AESCrypto -keyalg AES -keysize 256 -alias jceksaes
會提示別稱jecksaes的key的密碼是否和keystore的密碼是否一致。爲了安全考慮,keystore的訪問是需要密碼的,key的訪問也需要密碼,因爲一個keystore可能存儲多個key,每個key的存儲格式爲 entry 類似。
c:\UserKeyStore.jceks 生成在c盤根目錄下。
AESCrypto -storepass此處是訪問keystore的密碼
jceksaes -alias 參數後跟的是生成的key的別稱
2.查了很多文檔都沒有詳細說明當使用 keytool 工具修改keystore密碼的command,多數都會報錯。因爲格式是jce的,所以有些問題。
keytool -storetype jceks -storepasswd -new 123456 -keystore c:\UserKeyStore.jceks -storepass AESCrypto
修改keystore 的密碼從AESCrypto 換成 123456 ,多次報錯的原因是因爲storetype jceks沒有帶上,導致keytool工具認生。
3.使用keytool工具修改key 的password.
keytool -storetype jceks -keypasswd -alias jceksaes -new 654321 -keypass AESCrypto -keystore c:\UserKeyStore.jceks -storepass 123456
4.keytool read keystore ,同樣加上參數-storetype jceks 後加上
package com.alions;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Base64;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.junit.Test;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public class AES256{
public static boolean initialized = false;
public static final String ALGORITHM = "AES/ECB/PKCS7Padding";
/**
* @param String str 要被加密的字符串
* @param byte[] key 加/解密要用的長度爲32的字節數組(256位)密鑰
* @return byte[] 加密後的字節數組
*/
public static String Aes256Encode(String str, byte[] key){
initialize();
byte[] result = null;
String encoded=null;
try{
Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //生成加密解密需要的Key
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
result = cipher.doFinal(str.getBytes("UTF-8"));
BASE64Encoder encoder = new BASE64Encoder();
encoded = encoder.encode(result);
}catch(Exception e){
e.printStackTrace();
}
return encoded;
}
/**
* @param byte[] bytes 要被解密的字節數組
* @param byte[] key 加/解密要用的長度爲32的字節數組(256位)密鑰
* @return String 解密後的字符串
*/
public static String Aes256Decode(String encryptionStr, byte[] key){
initialize();
String result = null;
try{
Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //生成加密解密需要的Key
cipher.init(Cipher.DECRYPT_MODE, keySpec);
BASE64Decoder decoder = new BASE64Decoder();
byte[] bytes = decoder.decodeBuffer(encryptionStr);
byte[] decoded = cipher.doFinal(bytes);
result = new String(decoded, "UTF-8");
}catch(Exception e){
e.printStackTrace();
}
return result;
}
public static void initialize(){
if (initialized) return;
Security.addProvider(new BouncyCastleProvider());
initialized = true;
}
/***\
* 存儲當前的key
*/
private String pwd="AESCrypto";
@Test
public void saveUserKey(){
try{
File keyStorefile =new File("./UserKeyStore.jceks");
KeyStore keyStore = KeyStore.getInstance("JCEKS");
//create a new the paremete is null , pwd is null
if(AES256.isFileExists(keyStorefile)){
keyStore.load(new FileInputStream(keyStorefile), pwd.toCharArray());
}else{
//新建
keyStore.load(null, null);
}
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
String password="admin";
keyGen.init(256,new SecureRandom(password.getBytes()));
Key key=keyGen.generateKey();
byte[] enCodeFormat = key.getEncoded();
System.out.println(enCodeFormat.length);
//Ss/jICpf9c9GeJj8WKqx1hUClEEELCSL9GF/s23xx5M=
String strTempKey=Base64.getEncoder().encodeToString(enCodeFormat);
System.out.println(strTempKey);
System.out.println(strTempKey.length());
keyStore.setKeyEntry("TMOKey", key, "AESCrypto".toCharArray(), null);
keyStore.store(new FileOutputStream(keyStorefile), pwd.toCharArray());
}catch (Exception ex) {
ex.printStackTrace();
}
}
/**
* get the key from the key store
* keytool -genseckey -keystore UserKeyStore.jceks -storetype jceks -storepass AESCrypto -keyalg AES -keysize 256 -alias jceksaes
*
* AESCrypto keystore的存儲密鑰
*
*/
@Test
public void getKeyFromKeyStore(){
try{
File keyStorefile =new File("./UserKeyStore.jceks");
KeyStore keyStore = KeyStore.getInstance("JCEKS");
if(AES256.isFileExists(keyStorefile)){
keyStore.load(new FileInputStream(keyStorefile),"AESCrypto".toCharArray());
}else{
throw new Exception("No UserKeyStore.JCEKS exists");
}
//Mb25QS0ytWTjzybaBgk4kNx8fzw/ClxsAIyYQJBBFSQ=
Key key = keyStore.getKey("jceksaes", "AESCrypto".toCharArray());
byte[] enCodeFormat = key.getEncoded();
System.out.println(enCodeFormat.length);
String strTempKey=Base64.getEncoder().encodeToString(enCodeFormat);
System.out.println(strTempKey.toString());
}catch(Exception ex){
ex.printStackTrace();
}
}
// 判斷文件夾是否存在
public static void judeDirExists(File file) {
if (file.exists()) {
if (file.isDirectory()) {
System.out.println("dir exists");
} else {
System.out.println("the same name file exists, can not create dir");
}
} else {
System.out.println("dir not exists, create it ...");
file.mkdir();
}
}
// 判斷文件是否存在
public static boolean isFileExists(File file) {
if (file.exists()) {
System.out.println("file exists");
return true;
} else {
System.out.println("file not exists, create it ...");
return false;
}
}
// public static void main(String agrs[]){
// byte[] keys={33, 34, 35, 36, 37, 38, 39, 40, 4, 42, 43, 44, 45, 46, 47, 58, 59, 60, 6, 62, 63, 64, 9, 92, 93, 94, 95, 96, 23, 24, 25, 26};
// String str="i love dsgfsdsf life";
// String resultBytes=AES256.Aes256Encode(str, keys);
// System.out.println("this is the clear text:" +str);
// System.out.print("this is after encryption word: ");
// //print the resultKey array
// System.out.println(resultBytes);
//
// System.out.print("this is the word after decryption :");
// String decryptionStr=AES256.Aes256Decode(resultBytes, keys);
// System.out.println(decryptionStr);
//
// }
}
-list 以及其他參數即可讀取
附上一段java代碼,本人測試使用