1.採用GCM方式加密
高級加密標準(AES)加密算法可以在各種模式下使用。某些組合不安全:
- 電子密碼本(ECB)模式:在給定密鑰下,任何給定的明文塊始終被加密爲相同的密文塊。因此,它不能很好地隱藏數據模式。從某種意義上說,它不提供嚴重的消息機密性,並且完全不建議在加密協議中使用它。
- 具有PKCS#5填充(或PKCS#7)的密碼塊鏈接(CBC)易受填充oracle攻擊。
在這兩種情況下,都應首選無填充的Galois /計數器模式(GCM)
2.方法
首先,由於java默認不支持GCM方式,所以需要修改java配置
在 jdk安裝目錄下( %JAVA_HOME%\jre\lib\security )修改 java.security 文件,將
security.provider.7=com.sun.security.sasl.Provider
替換爲
security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
然後編輯代碼
//KEY_ALGORITHM = "AES";
//DEFAULT_CIPHER_ALGORITHM = "AES/GCM/NoPadding";
javax.crypto.spec.SecretKeySpec skeySpec = new javax.crypto.spec.SecretKeySpec(raw, KEY_ALGORITHM);
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM); //"算法/模式/補碼方式"
IvParameterSpec IV = new IvParameterSpec(skeySpec.getEncoded(),0,16);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, skeySpec,IV);
3.常見問題
main函數內運行正常,在其他類中調用失敗。
解決方法:加上bcprov-jdk14-1.50.jar包,在使用加密方法的地方加上如下代碼
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
4.完整代碼
import javax.crypto.spec.IvParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.sun.jersey.core.util.Base64;
public class AESUtil
{
private static final String KEY_ALGORITHM = "AES";
private static final String DEFAULT_CIPHER_ALGORITHM = "AES/GCM/NoPadding";
private static final Logger logger = LoggerFactory.getLogger(AESUtil.class);
public static String AESEncrypt(String sSrc, String sKey,String charset)
{
if (sSrc == null || sSrc.length() == 0) {
return sSrc;
}
try
{
//charset ="UTF-8"
byte[] raw = null;
if (charset == null || "".equals(charset))
{
raw= sKey.getBytes();
}
else{
raw= sKey.getBytes(charset);
}
javax.crypto.spec.SecretKeySpec skeySpec = new javax.crypto.spec.SecretKeySpec(raw, KEY_ALGORITHM);
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM); //"算法/模式/補碼方式"
IvParameterSpec IV = new IvParameterSpec(skeySpec.getEncoded(),0,16);
cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, skeySpec,IV);
byte[] encrypted;
encrypted = cipher.doFinal(sSrc.getBytes(charset));
String miwen = new String( Base64.encode(encrypted),charset);
return miwen;
}
catch (Exception e)
{
logger.error("excute encode failed,error=", e);
}
return null;
}
public static String AESDecrypt(String sSrc, String sKey,String charset)
{
if (sSrc == null || sSrc.length() == 0) {
return sSrc;
}
try
{
//charset ="UTF-8"
byte[] raw = null;
if (charset == null || "".equals(charset))
{
raw= sKey.getBytes();
}
else{
raw= sKey.getBytes(charset);
}
javax.crypto.spec.SecretKeySpec skeySpec = new javax.crypto.spec.SecretKeySpec(raw, KEY_ALGORITHM);
javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM); //"算法/模式/補碼方式"
IvParameterSpec IV = new IvParameterSpec(skeySpec.getEncoded(),0,16);
cipher.init(javax.crypto.Cipher.DECRYPT_MODE, skeySpec,IV );
byte[] encrypted1 = Base64.decode(sSrc);//先用base64解密
byte[] original = cipher.doFinal(encrypted1);
String originalString = new String(original,charset).trim();
return originalString;
}
catch (Exception e)
{
logger.error("excute encode failed,error=", e);
}
return null;
}
public static void main(String[] args)
{
String data1 = "中文測試?》、/";
//AES key 長度必須16位
String miwen=AESEncrypt(data1,"ABCDEFGHJKLMNOPQ","UTF-8");
System.out.println("新加密後內容: string:" + miwen);
String originalString=AESDecrypt(miwen,"ABCDEFGHJKLMNOPQ","UTF-8");
System.out.println("新解密後內容: string:" + originalString);
}
}