1. 对称加解密的加密与解密使用的是同样的密钥,所以速度快,但由于需要将密钥在网络上传输,所以安全性不高。
2. 非对称加解密使用了一对密钥(公钥与私钥),所以安全性高,但加密与解密速度慢。
3. 解决的办法是将对称加解密的密钥使用非对称加解密的公钥进行加密,然后发送出去,接收方使用私钥进行解密得到对称加密的密钥,然后双方可以使用对称加密来进行沟通。
三种对称加解密算法的简单测试:3DES、AES、PBE
一.对称加密算法之3DES
DES是对称加解密算法的标准,因为DES可以被黑客破解,所以之后的项目中不在使用DES。由DES延伸出了3DES,在实际应用中十分广泛。
3DES的好处:1.密钥长度增强 2.迭代次数提高 3.JDK和BC都提供了相应的实现
public class Test3DES {二.对称加密算法之AES
private static int KEY_SIZE=168;
private static String KEY_3DES="DESede";
public static void main(String[] args) {
String data = "3DES加密算法";
//1.生成KEY
String keyStr = createKey();
//2.数据加密
String securitData = EnSecuritData(data.getBytes(),Base64.decodeBase64(keyStr));
//3.数据解密
DeSecuritData(Base64.decodeBase64(securitData),Base64.decodeBase64(keyStr));
}
public static String createKey(){
byte[] byteKey = null;
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_3DES);
keyGenerator.init(KEY_SIZE);
//keyGenerator.init(new SecureRandom()); //根据KEY类型生成相应的默认KEY长度
SecretKey secretKey = keyGenerator.generateKey();
byteKey = secretKey.getEncoded();
System.out.println("生成KEY:"+Base64.encodeBase64String(byteKey));
} catch (Exception e) {
e.printStackTrace();
}
return Base64.encodeBase64String(byteKey);
}
public static String EnSecuritData(byte[] data,byte[] byteKey){
String securitData =null;
try {
//KEY转换
Key key = new SecretKeySpec(byteKey, KEY_3DES);
//数据加密
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] byteData = cipher.doFinal(data);
securitData = Base64.encodeBase64String(byteData);
System.out.println("加密后数据:"+securitData);
} catch (Exception e) {
e.printStackTrace();
}
return securitData;
}
public static void DeSecuritData(byte[] data,byte[] byteKey){
try {
//KEY转换
Key key = new SecretKeySpec(byteKey, KEY_3DES);
//数据加密
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] byteData = cipher.doFinal(data);
System.out.println("解密后数据:"+new String(byteData));
} catch (Exception e) {
e.printStackTrace();
}
}
}
目前使用比较广泛的,通常用于移动通信系统加密以及基于SSH协议的软件。
public class TestAES {三.对称加密算法之PBE
private static String KEY_AES="AES";
public static void main(String[] args) {
String data = "AES加密算法";
//1.生成KEY
String keyStr = createKey();
//2.数据加密
String securitData = EnSecuritData(data.getBytes(),Base64.decodeBase64(keyStr));
//3.数据解密
DeSecuritData(Base64.decodeBase64(securitData),Base64.decodeBase64(keyStr));
}
/**
* 生成KEY
*/
public static String createKey(){
byte[] byteKey = null;
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_AES);
keyGenerator.init(new SecureRandom()); //根据KEY类型生成相应的默认KEY长度
SecretKey secretKey = keyGenerator.generateKey();
byteKey = secretKey.getEncoded();
System.out.println("生成KEY:"+Base64.encodeBase64String(byteKey));
} catch (Exception e) {
e.printStackTrace();
}
return Base64.encodeBase64String(byteKey);
}
public static String EnSecuritData(byte[] data,byte[] byteKey){
String securitData =null;
try {
//KEY转换
Key key = new SecretKeySpec(byteKey, KEY_AES);
//数据加密
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] byteData = cipher.doFinal(data);
securitData = Base64.encodeBase64String(byteData);
System.out.println("加密后数据:"+securitData);
} catch (Exception e) {
e.printStackTrace();
}
return securitData;
}
public static String DeSecuritData(byte[] data,byte[] byteKey){
String result =null;
try {
//KEY转换
Key key = new SecretKeySpec(byteKey, KEY_AES);
//数据加密
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] byteData = cipher.doFinal(data);
result = new String(byteData);
System.out.println("解密后数据:"+result);
} catch (Exception e) {
e.printStackTrace();
}
return result;
}
}
PBE算法结合了消息摘要算法和对称加密算法的优点;PBE基于口令加密;是对已有算法的包装;
public class TestPBE {
private static String KEYINS="PBEWITHMD5andDES";
public static void main(String[] args) {
String data = "PBE加解密";
try {
//初始化盐
SecureRandom random = new SecureRandom();
byte[] salt = random.generateSeed(8);
//口令转换成密钥
String pwd = "pwd1234"; //口令
PBEKeySpec keySpec = new PBEKeySpec(pwd.toCharArray());
SecretKeyFactory factory =SecretKeyFactory.getInstance(KEYINS);
Key key = factory.generateSecret(keySpec);
//加密
PBEParameterSpec parameterSpec = new PBEParameterSpec(salt, 100);
Cipher cipher = Cipher.getInstance(KEYINS);
cipher.init(Cipher.ENCRYPT_MODE, key, parameterSpec);
byte[] securitData = cipher.doFinal(data.getBytes());
System.out.println("加密后的数据:"+Base64.encodeBase64String(securitData));
//解密
cipher.init(Cipher.DECRYPT_MODE, key, parameterSpec);
byte[] resultData = cipher.doFinal(securitData);
System.out.println("加密后的数据:"+new String(resultData));
} catch (Exception e) {
e.printStackTrace();
}
}
}