(1)非對稱加密算法DH的加解密效率比較低,對要加密的數據長度有着苛刻的要求,這也就是效率換安全吧。
(2)雖然對稱加密效率高,但密鑰的傳輸需要另外的信道(方式),非對稱加密通過構建本地密鑰來解決密鑰的傳輸問題。
二.加解密過程簡析
1.發送方A構建密鑰對,A公佈公鑰
2.接收方B根據A公佈的公鑰構建密鑰對,B公佈公鑰
3.發送方A使用A構建的私鑰+B公佈的公鑰對數據加密
4.接收方B使用B構建的私鑰+A公佈的公鑰對數據解密
三.CODE SHOW
package com.sys.common;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;
import org.apache.commons.codec.binary.Base64;
public class test {
private static String src="DH加密算法";
public static void main(String[] args){
jdkDH();
}
public static void jdkDH(){
try {
//初始化發送方密鑰
KeyPairGenerator senderKeyPairGenerator=KeyPairGenerator.getInstance("DH");
senderKeyPairGenerator.initialize(512);
KeyPair senderKeyPair=senderKeyPairGenerator.generateKeyPair();
PrivateKey sendPrivateKey=senderKeyPair.getPrivate();
byte[] senderPublicKeyEnc=senderKeyPair.getPublic().getEncoded(); //公佈發送方公鑰
//初始化接收方密鑰 (需要使用發送方公佈的公鑰)
KeyFactory receiverKeyFactory=KeyFactory.getInstance("DH");
X509EncodedKeySpec x509EncodedKeySpec=new X509EncodedKeySpec(senderPublicKeyEnc);
PublicKey receiverPublicKey=receiverKeyFactory.generatePublic(x509EncodedKeySpec);
DHParameterSpec dhParameterSpec=((DHPublicKey)receiverPublicKey).getParams();
KeyPairGenerator receiverKeyPairGenerator=KeyPairGenerator.getInstance("DH");
receiverKeyPairGenerator.initialize(dhParameterSpec);
KeyPair receiverKeyPair=receiverKeyPairGenerator.generateKeyPair();
PrivateKey receiverPrivateKey=receiverKeyPair.getPrivate();
byte[] receiverPublicKeyEnc =receiverKeyPair.getPublic().getEncoded(); //公佈接收方公鑰
//發送方對數據加密 (發送發私鑰+接收方公佈的公鑰)
KeyFactory senderKeyFactory=KeyFactory.getInstance("DH");
x509EncodedKeySpec=new X509EncodedKeySpec(receiverPublicKeyEnc);
PublicKey senderPublicKey=senderKeyFactory.generatePublic(x509EncodedKeySpec);
KeyAgreement senderKeyAgreement=KeyAgreement.getInstance("DH");
senderKeyAgreement.init(sendPrivateKey);
senderKeyAgreement.doPhase(senderPublicKey, true);
Cipher cipher=Cipher.getInstance("DES");
SecretKey senderDesKey=senderKeyAgreement.generateSecret("DES");
cipher.init(Cipher.ENCRYPT_MODE,senderDesKey);
byte[] result=cipher.doFinal(src.getBytes());
System.out.println("jdk dh encrypt:"+Base64.encodeBase64String(result));
//接收方對加密數據解密 (接收方私鑰+發送方公佈的公鑰)
KeyAgreement receiverKeyAgreement = KeyAgreement.getInstance("DH");
receiverKeyAgreement.init(receiverPrivateKey);
receiverKeyAgreement.doPhase(receiverPublicKey, true);
SecretKey receiverDesKey=receiverKeyAgreement.generateSecret("DES");
cipher=Cipher.getInstance("DES");
cipher.init(Cipher.DECRYPT_MODE,receiverDesKey);
result=cipher.doFinal(result);
System.out.println("jdk dh encrypt:"+new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}
}
四.輸出結果