主要是介绍java安全框架的核心包中的部分API作用
java.Security包
java.security包主要用于为安全框架提供类和接口
-
Provider类
Provider类实现了java安全性的一部分或全部,提供者抽象类:
public abstract calss Provider extends Properties
常用的方法:
//获取提供者name public String getName() //获取版本号 public double getName() //设置属性 public synchronizaed Object put(Object key, Object value)
-
Security类
Security类主要是用来管理程序用到的提供者类
//管理提供者,是一个final修饰的类 public final class Security extends Object //向系统中添加一个新的提供者 public static int addProvider(Provider provider) //移除提供者 public static int removeProvider(String name) //获取提供者 public static int getProvider(String name)
-
MessageDigest类
MessageDigest类主要是实现了消息的摘要算法,继承MessageDigestSpi类,MessageDigest提供两大算法类:SHA和MD
//实现创建和验证消息摘要的操作 public abstract class MessageDigest extends MessageDigestSpi
获取MessageDigest对象
//获取MessageDigest对象。 参数:算法名 public static MessageDigest getInstance(String algorithm) //获取MessageDigest对象。 参数:算法名,提供者 public static MessageDigest getInstance(String algorithm, Provider provider) //获取MessageDigest对象。 参数:算法名,提供者名称 public static MessageDigest getInstance(String algorithm, String provider)
基础操作
//更新摘要,参数:字节或字节数组 public void update(byte input) public void update(byte[] input) //更新摘要,参数流 public void update(byte[] input) //在完成摘要更新后,通过digest来完成摘要处理 public byte[] digest() public byte[] digest(byte[] input)
DEMO:
byte[] input = "sha".getBytes(); MessageDigest sha = MessageDigest.getIntance("SHA"); //更新摘要信息 sha.update(input); //获取信息摘要 byte[] output = sha.digest();
通过信息摘要流来实现摘要操作:
信息摘要流包括了信息摘要输入流 DigestInputStream和信息摘要输出流DigestOutputStream
DEMO:
//信息摘要输入流处理 byte[] input = "md5".getBytes(); MessageDigest md = MessageDigest.getIntance("MD5"); DigestInputStream dis = new DigestInputStream(new ByteArrayInputStream(input),md); dis.read(input,0,input.length); byte[] output = dis.getMessageDigest.digest(); dis.close(); //信息摘要输出流处理 byte[] input = "md5".getBytes(); MessageDigest md = MessageDigest.getIntance("MD5"); DigestOutputStream dos = new DigestOutputStream(new ByteArrayInputStream(),md); dis.read(input,0,input.length); byte[] output = dis.getMessageDigest.digest() dis.close();
-
**Key **
Key是所有密钥的顶层接口,包含三大接口,SecretKey(对称密钥顶层接口),PublicKey(非对称密钥顶层接口),PrivateKey(非对称密钥顶层接口)
-
KeyPair 类
KeyPair 类是非对称密钥的扩展,是密钥对的载体,即密钥对
KeyPair包括:公钥和私钥
//构造方法 public KeyPair(PublicKey publickey, PrivateKey privatekey)
-
KeyPairGenerator类
公钥和私钥都是通过KeyPairGenerator来生成,KeyPairGenerator类是可通过getInstance()工厂方法实例化对象
//参数: public static KeyPairGenerator getInstance(String algorithm);
DEMO:
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024); KeyPair keypair = kpg.genKeyPair();
-
keyFactory 类
用来生成密钥的引擎类
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024); KeyPair keypair = kpg.genKeyPair(); byte[] keyBytes = keyBytes.getPrivate().getEncode(); PKCS8EncodedKeySpec peks = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyfactory = KeyFactory.getIntance("RSA"); key privateKey = keyfactory.generatePrivate(peks);
-
Signature 类
Signature 类主要是用于加签和验签
byte[] data = "加签数据data".getBytes(); KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(1024); KeyPair keypair = kpg.genKeyPair(); //实例化Signature 类 Signature signature = Signature.getInstance(kpg.getAlgorithm()); signature.initSign(keypair.getPrivate()); signature.update(data); //加签 byte[] sign = signature.sign(); System.out.println(new String(sign,"utf-8")); //公钥验签 signature.initVerify(keypair.getPublic()); signature.update(data); boolean s = signature.verify(sign);
java.crypt包
java.crypt包为加密操作提供类和接口
-
Mac类
属于信息摘要的一种
byte[] input = "mac".getBytes(); KeyGenerate keygenerate = KeyGenerate.getInstance("HmacMD5"); SecretKey key = keygenerate.generateKey(); //初始化mac对象 Mac mac = Mac.getInstance(key.getAlgorithm()); mac.init(key); byte[] output = mac.doFinal(input);
-
KeyGenerate类
与KeyPairGenerate类相似,keygenerate是密钥生成器
KeyGenerate keygenerate = KeyGenerate.getInstance(); SecretKey key = keygenerate.generateKey();
-
Cipher类
Cipher类为加密和解密提供了密码功能,是JCE的核心
//获取Cipher对象 public static Cipher getInstance(String transformation); //例子 Cipher c = Cipher getInstance("DES"); //”算法/工作模式/填充模式“ Cipher c = Cipher getInstance("DES/CBC/PKCS8Padding");
//解密模式的常量 public final static int DECRYPT_HOME //加密模式的常量 public final static int ENCRYPT_HOME //初始化 public final void init(int opmode, Key key) public final void init(int opmode, Key key, AlgorithmParameters params) //借助证书初始化 public final void init(int opmode, Certificate certificate) //数据更新 public final byte[] update(bute[] input); public final int update(ByteBuffer input,ByteBuffer output); //执行加密(解密)操作: public final byte[] doFinal();
DEMO
byte[] data = "加签数据data".getBytes(); KeyGenerate keygenerate = KeyGenerate.getInstance("DES"); SecretKey key = keygenerate.generateKey(); Cipher cipher = Cipher getInstance("DES"); cipher.init(Cipher.ENCRYPT_HOME, key); byte[] input = cipher.diFinal(data); cipher.init(Cipher.DECRYPT_HOME, key); byte[] output = cipher.diFinal(input);
-
CipherInputStream 类和CipherOutputStream 类
属于密钥流
CipherInputStream cis = new CipherInputStream(new FileInputStream(new File("secret")),cipher) DataInputStream dis = new DataInputStream(cis); String putput = dis.readUTF(); dis.close();
-
KeySpec 接口
用于将所有密钥规范分组,有密钥的规范必须实现此接口
KeySpec的抽象实现类(EncodeKeySpec)构建了用于构建公钥和私钥规范,X509EncodeKeySpec用于构建公钥规范,PKCS8EncodeKeySpec用于构建私钥规范,
SecretKeySpec是KeySpec实现类,用于构建私密密钥规范
//X509EncodeKeySpec byte[] publicKeyBytes = keys.getPublic().getEncoded(); X509EncodeKeySpec keyspec = new X509EncodeKeySpec(publickeyBytes); KeyFactory keyfactory = KeyFactory.getInstance("DSA"); PublicKey pk = keyfactory.generatePublic(keyspec); //PKCS8EncodeKeySpec byte[] privateKeyBytes = keys.getPrivate().getEncoded(); PKCS8EncodeKeySpec keyspec = new PKCS8EncodeKeySpec(privateKeyBytes); KeyFactory keyfactory = KeyFactory.getInstance("DSA"); PrivateKey pk = keyfactory.generatePrivate(keyspec);
-
Certificate 类
用于管理证书的抽象类,证书类型有X.509证书,PGP证书和SDSI证书
//基本操作 //返回证书的编码形式 public abstract byte[] getEncoded(); //从证书中获取公钥 public abstract PublicKey getPublicKey();
CertificateFactory 可以通过它将证书导入程序中
public final static CertificateFactory getInstance(String type) //通过CertificateFactory 来生成证书 public final Certificate generateCertificate(InputStream inputstream)
DEMO:
//指明证书为X.509 CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509"); //获取证书输入流 FileInputStream in = new FileInputStream("证书地址"); Certificate certificate = certificatefactory.generateCertificate(in); in.close();
参考:
《java加密与解密的艺术第二版》