`
learnmore
  • 浏览: 588929 次
  • 性别: Icon_minigender_1
  • 来自: 上海
社区版块
存档分类
最新评论

java加密解密算法记录

    博客分类:
  • java
 
阅读更多
以下内容均摘自我买的书籍《java加密与解密的艺术》作者 梁栋

    
    package com.algorithm;  
      
    import java.security.Key;  
    import java.security.KeyFactory;  
    import java.security.KeyPair;  
    import java.security.KeyPairGenerator;  
    import java.security.PrivateKey;  
    import java.security.PublicKey;  
    import java.security.Signature;  
    import java.security.interfaces.RSAPrivateKey;  
    import java.security.interfaces.RSAPublicKey;  
    import java.security.spec.PKCS8EncodedKeySpec;  
    import java.security.spec.X509EncodedKeySpec;  
    import java.util.HashMap;  
    import java.util.Map;  
      
    import javax.crypto.Cipher;  
      
    import org.apache.commons.codec.binary.Hex;  
      
    /** 
    * RSA非对称加密算法安全编码组件 
    * @author Administrator 
    * 
    */  
    public abstract class RSACoder {  
       //非对称加密密钥算法  
       public static final String KEY_ALGORITHM="RSA";  
       //数字签名 签名/验证算法  
       public static final String SIGNATURE_ALGORRITHM="SHA1withRSA";  
       //公钥  
       private static final String PUBLIC_KEY="RSAPublicKey";  
       //私钥  
       private static final String PRIVATE_KEY="RSAPrivateKey";  
       //RSA密钥长度,默认为1024,密钥长度必须是64的倍数,范围在521~65526位之间  
       private static final int KEY_SIZE=512;  
       /** 
        * 私钥解密 
        * @param data 待解密数据 
        * @param key 私钥 
        * @return byte[] 解密数据 
        * @throws Exception 
        */  
       public static byte[] decryptByPrivateKey(byte[] data,byte[]key) throws Exception  
       {  
       //取得私钥  
       PKCS8EncodedKeySpec pkcs8KeySpec=new PKCS8EncodedKeySpec(key);  
       KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);  
       //生成私钥  
       PrivateKey privateKey=keyFactory.generatePrivate(pkcs8KeySpec);  
       //对数据解密  
       Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());  
       cipher.init(Cipher.DECRYPT_MODE, privateKey);  
       return cipher.doFinal(data);  
       }  
       /** 
        * 私钥解密 
        * @param data 待解密数据 
        * @param key 私钥 
        * @return byte[] 解密数据 
        * @throws Exception 
        */  
       public static byte[] decryptByPrivateKey(byte[] data,String privateKey) throws Exception  
       {  
       return decryptByPrivateKey(data,getKey(privateKey));  
       }  
       /** 
        * 公钥解密 
        * @param data 待解密数据 
        * @param key 公钥 
        * @return byte[] 解密数据 
        * @throws Exception 
        */  
       public static byte[] decryptByPublicKey(byte[] data,byte[] key) throws Exception  
       {  
       //取得公钥  
       X509EncodedKeySpec x509KeySpec=new X509EncodedKeySpec(key);  
       KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);  
       //生成公钥  
       PublicKey publicKey=keyFactory.generatePublic(x509KeySpec);  
       //对数据解密  
       Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());  
       cipher.init(Cipher.DECRYPT_MODE, publicKey);  
       return cipher.doFinal(data);  
       }  
       /** 
        * 公钥解密 
        * @param data 待解密数据 
        * @param key 公钥 
        * @return byte[] 解密数据 
        * @throws Exception 
        */  
       public static byte[] decryptByPublicKey(byte[] data,String publicKey) throws Exception  
       {  
       return decryptByPublicKey(data,getKey(publicKey));  
       }  
       /** 
        * 公钥加密 
        * @param data 待加密数据 
        * @param key 公钥 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] encryptByPublicKey(byte[] data,byte[] key) throws Exception  
       {  
       //取得公钥  
       X509EncodedKeySpec x509KeySpec=new X509EncodedKeySpec(key);  
       KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);  
       PublicKey publicKey=keyFactory.generatePublic(x509KeySpec);  
      //对数据加密  
       Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());  
       cipher.init(Cipher.ENCRYPT_MODE, publicKey);  
       return cipher.doFinal(data);  
       }  
       /** 
        * 公钥加密 
        * @param data 待加密数据 
        * @param key 公钥 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] encryptByPublicKey(byte[] data,String publicKey) throws Exception  
       {  
       return encryptByPublicKey(data,getKey(publicKey));  
       }  
       /** 
        * 私钥加密 
        * @param data 待加密数据 
        * @param key 私钥 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] encryptByPrivateKey(byte[] data,byte[] key) throws Exception  
       {  
       //取得私钥  
       PKCS8EncodedKeySpec pkcs8KeySpec=new PKCS8EncodedKeySpec(key);  
       KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);  
       //生成私钥  
       PrivateKey privateKey=keyFactory.generatePrivate(pkcs8KeySpec);  
       //对数据加密  
       Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());  
       cipher.init(Cipher.ENCRYPT_MODE, privateKey);  
       return cipher.doFinal(data);  
       }  
       /** 
        * 私钥加密 
        * @param data 待加密数据 
        * @param key 私钥 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] encryptByPrivateKey(byte[] data,String key) throws Exception  
       {  
       return encryptByPrivateKey(data,getKey(key));  
       }  
       /** 
        * 取得私钥 
        * @param keyMap 密钥Map 
        * @return byte[] 私钥 
        * @throws Exception 
        */  
       public static byte[] getPrivateKey(Map<String,Object> keyMap) throws Exception  
       {  
       Key key=(Key)keyMap.get(PRIVATE_KEY);  
       return key.getEncoded();  
       }  
       /** 
        * 取得公钥 
        * @param keyMap 密钥Map 
        * @return byte[] 公钥 
        * @throws Exception 
        */  
       public static byte[] getPublicKey(Map<String,Object> keyMap) throws Exception  
       {  
       Key key=(Key)keyMap.get(PUBLIC_KEY);  
       return key.getEncoded();  
       }  
       /** 
        * 初始化密钥 
        * @return 密钥Map 
        * @throws Exception 
        */  
       public static Map<String,Object> initKey() throws Exception  
       {  
       //实例化实钥对生成器  
       KeyPairGenerator keyPairGen=KeyPairGenerator.getInstance(KEY_ALGORITHM);  
       //初始化密钥对生成器  
       keyPairGen.initialize(KEY_SIZE);  
       //生成密钥对  
       KeyPair keyPair=keyPairGen.generateKeyPair();  
       //公钥  
       RSAPublicKey publicKey=(RSAPublicKey) keyPair.getPublic();  
       //私钥  
       RSAPrivateKey privateKey=(RSAPrivateKey) keyPair.getPrivate();  
       //封装密钥  
       Map<String,Object> keyMap=new HashMap<String,Object>(2);  
       keyMap.put(PUBLIC_KEY, publicKey);  
       keyMap.put(PRIVATE_KEY, privateKey);  
       return keyMap;  
       }  
       /** 
        * 签名 
        * @param data 待签名数据 
        * @param privateKey 私钥 
        * @return byte[] 数字签名 
        * @throws Exception 
        */  
       public static byte[] sign(byte[] data,byte[] privateKey) throws Exception  
       {  
       //转接私钥材料  
       PKCS8EncodedKeySpec pkcs8KeySpec=new PKCS8EncodedKeySpec(privateKey);  
       //实例化密钥工厂  
       KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);  
       //取私钥对象  
       PrivateKey priKey=keyFactory.generatePrivate(pkcs8KeySpec);  
       //实例化Signature  
       Signature signature=Signature.getInstance(SIGNATURE_ALGORRITHM);  
       //初始化Signature  
       signature.initSign(priKey);  
       //更新  
       signature.update(data);  
       //签名  
       return signature.sign();  
       }  
       /** 
        * 公钥校验 
        * @param data 待校验数据 
        * @param publicKey 公钥 
        * @param sign 数字签名 
        * @return 
        * @throws Exception 
        */  
       public static boolean verify(byte[] data,byte[] publicKey,byte[] sign) throws Exception  
       {  
       //转接公钥材料  
       X509EncodedKeySpec x509KeySpec=new X509EncodedKeySpec(publicKey);  
       //实例化密钥工厂  
       KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);  
       //生成公钥  
       PublicKey pubKey=keyFactory.generatePublic(x509KeySpec);  
       //实例化Signature  
       Signature signature=Signature.getInstance(SIGNATURE_ALGORRITHM);  
       //初始化Signature  
       signature.initVerify(pubKey);  
       //更新  
       signature.update(data);  
       //验证  
       return signature.verify(sign);  
       }  
       /** 
        * 私钥签名 
        * @param data 待签名数据 
        * @param privateKey 私钥 
        * @return String 十六进制签名字符串 
        * @throws Exception 
        */  
       public static String sign(byte[] data,String privateKey) throws Exception  
       {  
       byte[] sign=sign(data,getKey(privateKey));  
       return Hex.encodeHexString(sign);  
       }  
       /** 
        * 公钥校验 
        * @param data 待验证数据 
        * @param publicKey 公钥 
        * @param sign 签名 
        * @return boolean 成功返回true,失败返回false 
        * @throws Exception 
        */  
       public static boolean verify(byte[] data,String publicKey,String sign) throws Exception  
       {  
       return verify(data,getKey(publicKey),Hex.decodeHex(sign.toCharArray()));  
       }  
      
       /** 
        * 取得私钥十六进制表示形式 
        * @param keyMap 密钥Map 
        * @return String 私钥十六进制字符串 
        * @throws Exception 
        */  
       public static String getPrivateKeyString(Map<String,Object> keyMap) throws Exception  
       {  
       return Hex.encodeHexString(getPrivateKey(keyMap));  
       }  
       /** 
        * 取得公钥十六进制表示形式 
        * @param keyMap 密钥Map 
        * @return String 公钥十六进制字符串 
        * @throws Exception 
        */  
       public static String getPublicKeyString(Map<String,Object> keyMap) throws Exception  
       {  
       return Hex.encodeHexString(getPublicKey(keyMap));  
       }  
       /** 
        * 获取密钥 
        * @param key 密钥 
        * @return byte[] 密钥 
        * @throws Exception 
        */  
       public static byte[] getKey(String key) throws Exception  
       {  
       return Hex.decodeHex(key.toCharArray());  
       }  
    }




    

    package com.algorithm;  
      
    import java.util.Map;  
      
    import org.apache.commons.codec.binary.Base64;  
      
    /** 
     * RSA算法测试用例 
     * @author Administrator 
     * 
     */  
    public class RSACoderTest {  
        //公钥  
        private static byte[] publicKey;  
        //私钥  
        private static byte[] privateKey;  
        /** 
         * 初始化密钥 
         * @throws Exception 
         */  
        public static void initKey() throws Exception  
        {  
            //初始化密钥  
            Map<String,Object> keyMap=RSACoder.initKey();  
            publicKey=RSACoder.getPublicKey(keyMap);  
            privateKey=RSACoder.getPrivateKey(keyMap);  
            System.out.println("公钥:"+Base64.encodeBase64String(publicKey));  
            System.out.println("私钥:"+Base64.encodeBase64String(privateKey));  
        }  
        public static void test() throws Exception  
        {  
            String inputStr="RSA加密算法,私钥加密,公钥解密";  
            byte[] data=inputStr.getBytes();  
            //私钥加密  
            byte[] enCodeData=RSACoder.encryptByPrivateKey(data,privateKey);  
            System.out.println("加密字符串:"+Base64.encodeBase64String(enCodeData));  
            //公钥解密  
            byte[] deCodeData=RSACoder.decryptByPublicKey(enCodeData, publicKey);  
            System.out.println(new String(deCodeData).equals(inputStr));  
        }  
        /** 
         * @param args 
         * @throws Exception  
         */  
        public static void main(String[] args) throws Exception {  
             // TODO Auto-generated method stub  
             initKey();  
             RSACoderTest.test();  
        }  
      
    }



    

    package com.algorithm;  
      
    import java.io.FileInputStream;  
    import java.security.KeyStore;  
    import java.security.PrivateKey;  
    import java.security.PublicKey;  
    import java.security.Signature;  
    import java.security.cert.Certificate;  
    import java.security.cert.CertificateFactory;  
    import java.security.cert.X509Certificate;  
      
    import javax.crypto.Cipher;  
      
    /** 
     * 证书组件 
     * @author Administrator 
     */  
    public abstract class CertificateCoder {  
       //类型证书  
       private static final String CERT_TYPE="X.509";  
       /** 
        * 由KeyStore获得私钥 
        * @param keyStorePath 密钥库路径 
        * @param alias 别名 
        * @param password 密码 
        * @return PrivateKey 密钥 
        * @throws Exception 
        */  
       private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath,String alias,String password) throws Exception  
       {  
           //获得密钥库  
           KeyStore ks=getKeyStore(keyStorePath,password);  
           //获得私钥  
           return (PrivateKey)ks.getKey(alias, password.toCharArray());  
       }  
       /** 
        * 由Certificate获得公钥 
        * @param certificatePath 证书路径 
        * @return PublicKey 公钥 
        */  
       private static PublicKey getPublicKeyByCertificate(String certificatePath) throws Exception  
       {  
           //获得证书  
           Certificate certificate=getCertificate(certificatePath);  
           //获得公钥  
           return certificate.getPublicKey();  
       }  
       /** 
        * 获得certificate 
        * @param certificatePath 证书路径 
        * @return Certificate 证书 
        * @throws Exception 
        */  
       private static Certificate getCertificate(String certificatePath) throws Exception  
       {  
           //实例化证书工厂  
           CertificateFactory certificateFactory=CertificateFactory.getInstance(CERT_TYPE);  
           //取得证书文件流  
           FileInputStream in=new FileInputStream(certificatePath);  
           //生成证书  
           Certificate certificate=certificateFactory.generateCertificate(in);  
           //关闭证书文件流  
           in.close();  
           return certificate;  
       }  
       /** 
        * 取得Certificate 
        * @param keyStorePath 密钥库路径 
        * @param alias 别名 
        * @param password 密码 
        * @return Certificate 证书 
        * @throws Exception 
        */  
       private static Certificate getCertificate(String keyStorePath,String alias,String password) throws Exception  
       {  
           //获得密钥库  
           KeyStore ks=getKeyStore(keyStorePath,password);  
           //获得证书  
           return ks.getCertificate(alias);  
       }  
       /** 
        * 获得密钥库 
        * @param keyStorePath 密钥库路径 
        * @param password 密码 
        * @return KeyStore 密钥库 
        * @throws Exception 
        */  
       private static KeyStore getKeyStore(String keyStorePath,String password) throws Exception  
       {  
           //实例化密钥库  
           KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());  
           //获得密钥库文件流  
           FileInputStream in=new FileInputStream(keyStorePath);  
           //加载密钥库  
           ks.load(in, password.toCharArray());  
           //关闭密钥库文件流  
           in.close();  
           return ks;  
       }  
       /** 
        * 私钥加密 
        * @param data 待加密数据 
        * @param keyStorePath 密钥库路径 
        * @param alias 别名 
        * @param password 密码 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] encryptByPrivateKey(byte[] data,String keyStorePath,String alias,String password) throws Exception  
       {  
           //取得私钥  
           PrivateKey privateKey=getPrivateKeyByKeyStore(keyStorePath,alias,password);  
           //对数据加密  
           Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());  
           cipher.init(Cipher.ENCRYPT_MODE, privateKey);  
           return cipher.doFinal(data);  
       }  
       /** 
        * 私钥解密 
        * @param data 待解密数据 
        * @param keyStorePath 密钥库路径 
        * @param alias 别名 
        * @param password 密码 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] decryptByPrivateKey(byte[] data,String keyStorePath,String alias,String password) throws Exception  
       {  
           //取得私钥  
           PrivateKey privateKey=getPrivateKeyByKeyStore(keyStorePath,alias,password);  
           //对数据解密  
           Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());  
           cipher.init(Cipher.DECRYPT_MODE, privateKey);  
           return cipher.doFinal(data);  
       }  
       /** 
        * 公钥加密 
        * @param data 待加密数据 
        * @param certificatePath 证书路径 
        * @return byte[] 加密数据 
        * @throws Exception 
        */  
       public static byte[] encryptByPublicKey(byte[] data,String certificatePath) throws Exception  
       {  
           //取得公钥  
           PublicKey publicKey=getPublicKeyByCertificate(certificatePath);  
           //对数据加密  
           Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());  
           cipher.init(Cipher.ENCRYPT_MODE, publicKey);  
           return cipher.doFinal(data);  
       }  
       /** 
        * 公钥解密 
        * @param data 待解密数据 
        * @param certificatePath 证书路径 
        * @return byte[] 解密数据 
        * @throws Exception 
        */  
       public static byte[] decryptByPublicKey(byte[] data,String certificatePath) throws Exception  
       {  
           //取得公钥  
           PublicKey publicKey=getPublicKeyByCertificate(certificatePath);  
           //对数据解密  
           Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());  
           cipher.init(Cipher.DECRYPT_MODE, publicKey);  
           return cipher.doFinal(data);  
       }  
       /** 
        * 签名 
        * @param data 待签名数据 
        * @param keyStorePath 密钥库路径 
        * @param alias 别名 
        * @param password 密码 
        * @return byte[] 签名 
        * @throws Exception 
        */  
       public static byte[] sign(byte[] data,String keyStorePath,String alias,String password) throws Exception  
       {  
           //获得证书  
           X509Certificate x509Certificate=(X509Certificate)getCertificate(keyStorePath,alias,password);  
           //构建签名,由证书指定签名算法  
           Signature signature=Signature.getInstance(x509Certificate.getSigAlgName());  
           //获取私钥  
           PrivateKey privateKey=getPrivateKeyByKeyStore(keyStorePath, alias, password);  
           //初始化签名,由私钥构建  
           signature.initSign(privateKey);  
           signature.update(data);  
           return signature.sign();  
       }  
       /** 
        * 签名验证 
        * @param data 数据 
        * @param sign 签名 
        * @param certificatePath 证书路径 
        * @return boolean 验证通过为true 
        * @throws Exception 
        */  
       public static boolean verify(byte[] data,byte[] sign,String certificatePath) throws Exception  
       {  
           //获得证书  
           X509Certificate x509Certificate=(X509Certificate)getCertificate(certificatePath);  
           //构建签名,由证书指定签名算法  
           Signature signature=Signature.getInstance(x509Certificate.getSigAlgName());  
           //由证书初始化签名,实际上是使用了证书中的公钥  
           signature.initVerify(x509Certificate);  
           signature.update(data);  
           return signature.verify(sign);  
       }  
    }



    
package com.algorithm;  
      
    import java.io.InputStream;  
      
    import org.apache.commons.codec.binary.Hex;  
      
    /** 
     * 数字证书测试用例 
     * @author Administrator 
     * 
     */  
    public class CertificateCoderTest {  
        //生成证书时的密码  
        private static String password="123456";  
        //别名  
        private static String alias="www.dominic.com";  
        //证书路径  
        private static String certificatePath="D:\\Program Files\\OpenSSL-Win32\\ca\\certs\\dominic.cer";  
        //密钥库路径  
        private static String keyStorePath="D:\\Program Files\\OpenSSL-Win32\\ca\\certs\\domini.keystore";  
        /** 
         * 公钥加密私钥解密 
         */  
        public static void test1() throws Exception  
        {  
            String inputStr="数字证书";  
            byte[] data=inputStr.getBytes();  
            //公钥加密  
            byte[] encrypt=CertificateCoder.encryptByPublicKey(data, certificatePath);  
            //私钥解密  
            byte[] decrypt=CertificateCoder.decryptByPrivateKey(encrypt, keyStorePath, alias, password);  
            System.out.println(new String(decrypt).equals(inputStr));  
        }  
        /** 
         * 私加密公钥解密 
         */  
        public static void test2() throws Exception  
        {  
            String inputStr="数字证书";  
            byte[] data=inputStr.getBytes();  
            //私钥加密  
            byte[] encrypt=CertificateCoder.encryptByPrivateKey(data, keyStorePath, alias, password);  
            //公钥解密  
            byte[] decrypt=CertificateCoder.decryptByPublicKey(encrypt, certificatePath);  
            System.out.println(new String(decrypt).equals(inputStr));  
        }  
        /** 
         * 签名验证 
         */  
        public static void test3() throws Exception  
        {  
            String inputStr="数字签名";  
            byte[] data=inputStr.getBytes();  
            //私钥签名  
            byte[] sign=CertificateCoder.sign(data, keyStorePath, alias, password);  
            System.out.println("签名:"+Hex.encodeHexString(sign));  
            //公钥验证  
            System.out.println(CertificateCoder.verify(data, sign, certificatePath));  
        }  
        public static void main(String[] args) throws Exception  
        {  
            CertificateCoderTest.test1();  
            CertificateCoderTest.test2();  
            CertificateCoderTest.test3();  
        }  
    }



    
   
    package com.algorithm;  
      
    import java.security.Key;  
      
    import javax.crypto.Cipher;  
    import javax.crypto.KeyGenerator;  
    import javax.crypto.SecretKey;  
    import javax.crypto.spec.SecretKeySpec;  
      
    import org.apache.commons.codec.binary.Base64;  
    import org.apache.commons.codec.digest.DigestUtils;  
    /** 
     * AES对称加密算法,组件类 
     * @author Administrator 
     * 
     */  
    public abstract class AESCoder {  
      //密钥算法  
      public static final String ALGORITHM="AES";  
      //密钥长度(java默认只能处理128位以内的长度,如果需要处理大于128位可以使用JCE解除密钥长度限制)  
      public static final int KEY_SIZE=128;  
      /** 
       * 转换密钥 
       * @param key 二进制密钥 
       * @return Key 密钥 
       * @throws Exception 
       */  
      private static Key toKey(byte[] key) throws Exception   
      {  
          //实例化AES密钥材料  
          SecretKey secretKey=new SecretKeySpec(key,ALGORITHM);  
          return secretKey;  
      }  
      /** 
       * 解密 
       * @param data 待解密数据 
       * @param key 密钥 
       * @return byte[] 解密数据 
       * @throws Exception 
       */  
      public static byte[] decrypt(byte[] data,byte[] key) throws Exception   
      {  
          //还原密钥  
          Key k=toKey(key);  
          //实例化  
          Cipher cipher=Cipher.getInstance(ALGORITHM);  
          //初始化,设置为解密模式  
          cipher.init(Cipher.DECRYPT_MODE, k);  
          //执行操作  
          return cipher.doFinal(data);  
      }  
      /** 
       * 解密 
       * @param data 待解密数据 
       * @param key 密钥 
       * @return byte[] 解密数据 
       * @throws Exception 
       */  
      public static byte[] decrypt(byte[] data,String key) throws Exception   
      {  
          return decrypt(data,getKey(key));  
      }  
      /** 
       * 加密 
       * @param data 待加密数据 
       * @param key 密钥 
       * @return byte[] 加密数据 
       * @throws Exception 
       */  
      public static byte[] encrypt(byte[] data,byte[] key) throws Exception   
      {  
          //还原密钥  
          Key k=toKey(key);  
          //实例化  
          Cipher cipher=Cipher.getInstance(ALGORITHM);  
          //初始化,设置为加密模式  
          cipher.init(Cipher.ENCRYPT_MODE, k);  
          //执行操作  
          return cipher.doFinal(data);  
      }  
      /** 
       * 加密 
       * @param data 待加密数据 
       * @param key 密钥 
       * @return byte[] 加密数据 
       * @throws Exception 
       */  
      public static byte[] encrypt(byte[] data,String key) throws Exception   
      {  
          return encrypt(data,getKey(key));  
      }  
      /** 
       * 生成密钥 
       * @return byte[] 二进制密钥 
       * @throws Exception 
       */  
      public static byte[] initKey() throws Exception   
      {  
          //实例化  
          KeyGenerator kg=KeyGenerator.getInstance(ALGORITHM);  
          //初始化密钥长度  
          kg.init(KEY_SIZE);  
          //生成秘密密钥  
          SecretKey secretKey=kg.generateKey();  
          //获得密钥的二进制编码形式  
          return secretKey.getEncoded();  
      }  
      /** 
       * 初始化密钥 
       * @return String Base64编码密钥 
       * @throws Exception 
       */  
      public static String initKeyString() throws Exception   
      {  
          return Base64.encodeBase64String(initKey());  
      }  
      /** 
       * 获取密钥 
       * @param key 
       * @return byte[] 密钥 
       * @throws Exception 
       */  
      public static byte[] getKey(String key) throws Exception   
      {  
          return Base64.decodeBase64(key);  
      }  
      /** 
       * 摘要处理 
       * @param data 待摘要数据 
       * @return String 摘要字符串 
       */  
      public static String shaHex(byte[] data)  
      {  
          return DigestUtils.md5Hex(data);  
      }  
      /** 
       * 验证 
       * @param data 待摘要数据 
       * @param messageDigest 摘要字符串 
       * @return 验证结果 
       */  
      public static boolean validate(byte[] data,String messageDigest)  
      {  
          return messageDigest.equals(shaHex(data));  
      }  
        
    }


    
 
    package com.algorithm;  
    /** 
     * 对称加密算法测试用例 
     * @author Administrator 
     * 
     */  
    public class AESCoderTest {  
            
          public static void main(String args[])  
          {  
              try {  
                 //初始化密钥  
                 String secretKey=AESCoder.initKeyString();  
                 System.out.println("密钥为:"+secretKey);  
                 String s="我们的大中国";  
                 //加密数据  
                 byte[] encryptData=AESCoder.encrypt(s.getBytes(), secretKey);  
                 //解密数据  
                 byte[] data=AESCoder.decrypt(encryptData, secretKey);  
                 //比较  
                 System.out.println(new String(data).equals(s));  
              } catch (Exception e) {  
                // TODO Auto-generated catch block  
                e.printStackTrace();  
            }  
          }  
    }

 


附证书生成命令:
  keytool生成证书
  keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 360 -alias www.dominic.com -keystore dominic.keystore
  导出数字证书
  keytool -exportcert -alias www.dominic.com -keystore dominic.keystore -file dominic.cer -rfc 
  打印数字证书
  keytool -printcert -file dominic.cer
  这里是自制证书,如果需要权威机构签发,需要导出证书申请文件由第三方签发
 
  openssl证书创建
 
  根证书构建命令?
  echo 构建随机数 private/.rand
  openssl rand -out private/.rand 1000
  echo 构建根证书私钥 private/ca.key.pem
  openssl genrsa -aes256 -out private/ca.key.pem 2048
  echo 生成根证书签发申请 private/ca.csr
  openssl req -new -key private/ca.key.pem -out private/ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
  echo 签发根证书 private/ca.cer
  openssl x509 -req -days 10000 -sha1 -extensions v3_ca -signkey private/ca.key.pem -in private/ca.csr -out certs/ca.cer
  echo 根证书转换 private/ca.p12
  openssl pkcs12 -export -cacerts inkey private/ca.key.pem -in private/ca.csr -out certs/ca.cer
 
  服务器证书构建步骤命令?
  (1)echo 构建服务器私钥 private/server.key.pem
  (2)openssl genrsa -aes256 -out private/server.key.pem 2048
     echo 生成服务器证书签发申请 private/server.csr
  (3)openssl req -new -key private/server.key.pem -out private/server.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
      echo 签发服务器证书 private/server.cer
  openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA certs/ca.cer -CAkey private/ca.key.pem -CAserial ca.srl -CAcreateserial -in private/server.csr -out certs/server.cer
      echo 服务器证书转换 private/server.p12
  openssl pkcs12 -export -clcerts -inkey private/server.key.pem -in certs/server.cer -out certs/server.p12
  
   客户证书构建命令?
   echo 构建客户私钥 private/client.key.pem
   openssl genrsa -aes256 -out private/client.key.pem 2048
   echo 生成服务器证书签发申请 private/client.csr
   openssl req -new -key private/client.key.pem -out private/client.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
   echo 签发客户证书 private/server.cer
   openssl ca -days 3650 -in private/client.csr -out certs/client.cer -cert certs/ca.cer -keyfile private/ca.key.pem
   echo 客户证书转换 certs/client.p12
   openssl pkcs12 -export -inkey private/client.key.pem -in certs/client.cer -out certs/client.p12
分享到:
| PPT无法放映,点击下一张,空格或鼠标左键 ...
评论
发表评论

您还没有登录,请您登录后再发表评论

相关推荐

Magicbox
Global site tag (gtag.js) - Google Analytics