轉自:http://snowolf.iteye.com/blog/380761
除了DES,我們還知道有DESede(TripleDES,就是3DES)、AES、Blowfish、RC2、RC4(ARCFOUR)等多種對稱加密方式,其實現方式大同小異,這裏介紹對稱加密的另一個算法——PBE
PBE
PBE——Password-based encryption(基於密碼加密)。其特點在於口令由用戶自己掌管,不借助任何物理媒體;採用隨機數(這裏我們叫做鹽)雜湊多重加密等方法保證數據的安全性。是一種簡便的加密方式。
通過java代碼實現如下:Coder類見 Java加密技術(一)
- import java.security.Key;
- import java.util.Random;
- import javax.crypto.Cipher;
- import javax.crypto.SecretKey;
- import javax.crypto.SecretKeyFactory;
- import javax.crypto.spec.PBEKeySpec;
- import javax.crypto.spec.PBEParameterSpec;
- /**
- * PBE安全編碼組件
- *
- * @author 樑棟
- * @version 1.0
- * @since 1.0
- */
- public abstract class PBECoder extends Coder {
- /**
- * 支持以下任意一種算法
- *
- * <pre>
- * PBEWithMD5AndDES
- * PBEWithMD5AndTripleDES
- * PBEWithSHA1AndDESede
- * PBEWithSHA1AndRC2_40
- * </pre>
- */
- public static final String ALGORITHM = "PBEWITHMD5andDES";
- /**
- * 鹽初始化
- *
- * @return
- * @throws Exception
- */
- public static byte[] initSalt() throws Exception {
- byte[] salt = new byte[8];
- Random random = new Random();
- random.nextBytes(salt);
- return salt;
- }
- /**
- * 轉換密鑰<br>
- *
- * @param password
- * @return
- * @throws Exception
- */
- private static Key toKey(String password) throws Exception {
- PBEKeySpec keySpec = new PBEKeySpec(password.toCharArray());
- SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(ALGORITHM);
- SecretKey secretKey = keyFactory.generateSecret(keySpec);
- return secretKey;
- }
- /**
- * 加密
- *
- * @param data
- * 數據
- * @param password
- * 密碼
- * @param salt
- * 鹽
- * @return
- * @throws Exception
- */
- public static byte[] encrypt(byte[] data, String password, byte[] salt)
- throws Exception {
- Key key = toKey(password);
- PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 100);
- Cipher cipher = Cipher.getInstance(ALGORITHM);
- cipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);
- return cipher.doFinal(data);
- }
- /**
- * 解密
- *
- * @param data
- * 數據
- * @param password
- * 密碼
- * @param salt
- * 鹽
- * @return
- * @throws Exception
- */
- public static byte[] decrypt(byte[] data, String password, byte[] salt)
- throws Exception {
- Key key = toKey(password);
- PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 100);
- Cipher cipher = Cipher.getInstance(ALGORITHM);
- cipher.init(Cipher.DECRYPT_MODE, key, paramSpec);
- return cipher.doFinal(data);
- }
- }
再給出一個測試類:
- import static org.junit.Assert.*;
- import org.junit.Test;
- /**
- *
- * @author 樑棟
- * @version 1.0
- * @since 1.0
- */
- public class PBECoderTest {
- @Test
- public void test() throws Exception {
- String inputStr = "abc";
- System.err.println("原文: " + inputStr);
- byte[] input = inputStr.getBytes();
- String pwd = "efg";
- System.err.println("密碼: " + pwd);
- byte[] salt = PBECoder.initSalt();
- byte[] data = PBECoder.encrypt(input, pwd, salt);
- System.err.println("加密後: " + PBECoder.encryptBASE64(data));
- byte[] output = PBECoder.decrypt(data, pwd, salt);
- String outputStr = new String(output);
- System.err.println("解密後: " + outputStr);
- assertEquals(inputStr, outputStr);
- }
- }
控制檯輸出:
- 原文: abc
- 密碼: efg
- 加密後: iCZ0uRtaAhE=
- 解密後: abc
後續我們會介紹非對稱加密算法,如RSA、DSA、DH、ECC等。