java 密??
类别: JAVA教程 
1. 密瘁?W??介 ?C 加密陪解密
加密是一???⒂?加密的儋料用一些???W忒算弈成一?F令人看不懂的?|西的咿程; 解密?t是?⒓用芪霓D?Q回原始文字的咿程。呃??咿程中,扮演原始文字陪加密文字之殓弈?Q的???W演算法费?槊ipher。
?D1 Cipher的忒作
?F代的Cipher多半??用Key?砑用芘c解密儋料。所洲Key是指一???C密值,我??可?⑺????橐煌ㄐ忻艽a。加密文字必需使用?τ车乃ey才能解密?樵?始文字。
A. ?ΨQ型Cipher
?ΨQ型Cipher在?魉投伺c接收端所用的Key是一?拥模?如?D2所示,?ΨQ型Cipher又叫Private Key Cipher,因?樗ey 的值只有?魉投撕徒邮斩酥?道。如果有第三者知道了Private Key值,也就能解檫加密的儋料。
?D2 ?ΨQ型Cipher的忒作
B. 非?ΨQ型Cipher
非?ΨQ型的Cipher又叫Public Key Cipher,Cipher除了Private Key外,????引咄一可以胗意散办的Public Key。被 Public Key加密的儋料只有相?τ车男rivate Key可以解檫,同?拥谋恍rivate Key加密的儋料也只有相?τ车男ublic Key 可以解檫。如?D3所示,锢示了非?ΨQ型Cipher的忒作咿程。
?D3 非?ΨQ型Cipher的忒作
C. ??息摘要 (Message Digest)
??息摘要是?囊唤M??入儋料??算所得的一??特?e?底郑?其原理忒作就如hash function一般。在密瘁?W的忒用彦,一般是用?眚?酌儋料是否被岗改。
2. JCE下蒌
因?槊???法??的限制,Sun在JDK彦只提供了少?档募用芊椒ǎ?其鹞大部份?t只在SunJCE彦提供,而且SunJCE的 API限制只有美??、加拿大地?^可以下蒌。表1?橛un及SunJCE分?e支援的加密演算法。
名费
型?e
Sun
MD5
??息摘要
SHA-1
??息摘要
DSA
??章
SunJCE
HmacMD5
MAC
HmacSHA1
MAC
DES
?ΨQ型Cipher
DESede
非?ΨQ型Cipher
PBEWithMD5AndDES
?ΨQ型Cipher
DH
Key的交?Q
表1 Sun及SunJCE支援的加密演算法
腠然美??法??有呃?拥南薅ǎ?但是在美??境外也已??有?S商??作出JCE,?K且可以在咀路上直接下蒌,表2就是下蒌咀址的列表。
套件
咀址
免偻
JCE
http://java.sun.com/products/jdk/1.2/jce/
是
Cryptix
http://www.cryptix.org/
是
IAIK
http://wwwjce.iaik.tu-graz.ac.at/
否
表2 JCE??篦下蒌咀址
3. JCE安砚
解?嚎s到JDK目??下
Set ClassPath= C:/JDK/bin/cryptix-jce-api.jar;C:/JDK/bin/cryptix-jce-compat.jar;C:/JDK/bin/cryptix-jce-provider.jar …
在JDK/lib/security/java.security中加入
security.provider.1=sun.security.provider.Sun (原?砭陀械末
security.provider.2=cryptix.jce.provider.Cryptix (加入)
4. 程式??例
在佩例之前,我先完成一??公用???e,用???⒆执?弈成十六咄位表示法。
public class Msg {
public static String toHexString(byte[] b) {
StringBuffer hexString = new StringBuffer();
String plainText;
for (int i = 0; i < b.length; i++) {
plainText = Integer.toHexString(0xFF & b[i]);
if (plainText.length() < 2) {
plainText = "0" + plainText;
}
hexString.append(plainText);
}
return hexString.toString();
}
}
5. ??息摘要 (message digest, 以SHA1?槔?)
?a生??息摘要的步笈:
呼叫getInstance取得MessageDigest??篦
呼叫update?①Y料痍斤MessageDigest
呼叫digest?a生??息摘要
import java.security.*;
public class SHA extends Object {
public static void main(String[] args) throws Exception
{
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(args[0].getBytes());
byte[] digest = md.digest();
System.out.println(Msg.toHexString(digest));
}
}
ps. 比蒉??????息摘要是否相同?r,可呼叫isEqual。
6. ??息帐酌瘁 (MAC, 以HmacSHA1?槔?)
??息帐酌瘁只是在?a生??息摘要的咿程彦,加咄一把key做?楸Wo,目的是使??息摘要更膣被破解。
?a生??息帐酌瘁的步笈:
利用密瘁?a生一把key
呼叫getInstance取得Mac??篦
呼叫init,初始化Mac
呼叫update痍儋料斤Mac
呼叫doFinal?a生??息帐酌瘁
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class MacSHA {
public static void main(String[] args)
{
SecureRandom sr = new SecureRandom();
byte[] keyBytes = new byte[20];
sr.nextBytes(keyBytes);
SecretKey key = new SecretKeySpec(keyBytes, "HmacSHA");
try {
Mac m = Mac.getInstance("HmacSHA");
m.init(key);
m.update(args[0].getBytes());
byte[] mac = m.doFinal();
System.out.println(Msg.toHexString(mac));
}
catch (Exception e) {
System.out.println("Exception!!");
}
}
}
7. 加密陪解密 (以DES?槔?)
呃彦佩的加密/解密是???ΨQ型Cipher; 在金融交易彦,常用?ΨQ型Cipher?砑盈解密儋料。
加密/解密的步笈:
利用密瘁?a生一把key
呼叫getInstance?a生一??Cipher物件
呼叫init韵定?榧用芑蚪饷?
加密/解密
import java.io.*;
import java.security.*;
import javax.crypto.*;
public class PwdDES {
public static final int kBufferSize = 8192;
public static void main(String[] args) throws Exception {
if (args.length < 4) {
System.out.println("Usage: Cloak -e|-d passwd inputfile outputfile");
return;
}
//Get or create key.
Key key;
KeyGenerator generator = KeyGenerator.getInstance("DES");
generator.init(new SecureRandom(args[1].getBytes()));
key = generator.generateKey();
//Get a cipher object
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS#5");
//Encrypt or decrypt
if (args[0].indexOf("e") != -1)
cipher.init(Cipher.ENCRYPT_MODE, key);
else
cipher.init(Cipher.DECRYPT_MODE, key);
FileInputStream in = new FileInputStream(args[2]);
FileOutputStream fileOut = new FileOutputStream(args[3]);
CipherOutputStream out = new CipherOutputStream(fileOut, cipher);
byte[] buffer = new byte[kBufferSize];
int length;
while ((length = in.read(buffer)) != -1)
out.write(buffer, 0, length);
in.close();
out.close();
}
}
8. ?a生??章陪帐酌 (以DSA?槔?)
?滴缓?章常用在咀路上做??人身份催帐。
?a生??章的步笈:
呼叫getInstance取得一??Signature??篦
呼叫initSign初始化Signature
呼叫sign?a生??章
帐酌的步笈:
呼叫getInstance取得一??Signature??篦
呼叫initVerify初始化Signature
呼叫verify帐酌
Sample1: ?a生Private/Public Key
import java.security.*;
import java.security.KeyPairGenerator;
import java.security.KeyPair;
import java.io.*;
public class KeyPair1 {
public static void main(String[] args)
{
try {
KeyPairGenerator genKeyPair = KeyPairGenerator.getInstance("DSA");
genKeyPair.initialize(1024, new SecureRandom());
KeyPair kpKey = genKeyPair.genKeyPair();
PrivateKey prKey = kpKey.getPrivate();
PublicKey puKey = kpKey.getPublic();
ObjectOutputStream osPrivate = new ObjectOutputStream(new FileOutputStream("D://Private.Key"));
ObjectOutputStream osPublic = new ObjectOutputStream(new FileOutputStream("D://Public.Key"));
osPrivate.writeObject(prKey);
osPublic.writeObject(puKey);
osPrivate.close();
osPublic.close();
}
catch (Exception e) {
System.out.println("Error");
}
}
}
Sample2: ?a生??章陪帐酌
import java.io.*;
import java.security.*;
import java.security.Signature;
import java.security.cert.*;
public class GenSign {
public static void main(String[] args) throws Exception {
String options = args[0];
String messagefile = args[1];
String signaturefile = args[2];
Signature signature = Signature.getInstance("DSA");
if (options.indexOf("s") != -1) {
ObjectInputStream is = new ObjectInputStream(new FileInputStream("D://Private.key"));
PrivateKey priKey = (PrivateKey) is.readObject();
signature.initSign(priKey);
is.close();
}
else {
ObjectInputStream is = new ObjectInputStream(new FileInputStream("D://Public.key"));
PublicKey pubKey = (PublicKey) is.readObject();
signature.initVerify(pubKey);
is.close();
}
FileInputStream in = new FileInputStream(messagefile);
byte[] buffer = new byte[8192];
int length;
while ((length = in.read(buffer))!= -1)
signature.update(buffer, 0, length);
in.close();
if (options.indexOf("s") != -1) {
FileOutputStream out = new FileOutputStream(signaturefile);
byte[] raw = signature.sign();
out.write(raw);
out.close();
}
else {
FileInputStream sigIn = new FileInputStream(signaturefile);
byte[] raw = new byte[sigIn.available()];
sigIn.read(raw);
sigIn.close();
if (signature.verify(raw))
System.out.println("The signature is good.");
else
System.out.println("The signature is bad.");
}
}
}
加密是一???⒂?加密的儋料用一些???W忒算弈成一?F令人看不懂的?|西的咿程; 解密?t是?⒓用芪霓D?Q回原始文字的咿程。呃??咿程中,扮演原始文字陪加密文字之殓弈?Q的???W演算法费?槊ipher。
?D1 Cipher的忒作
?F代的Cipher多半??用Key?砑用芘c解密儋料。所洲Key是指一???C密值,我??可?⑺????橐煌ㄐ忻艽a。加密文字必需使用?τ车乃ey才能解密?樵?始文字。
A. ?ΨQ型Cipher
?ΨQ型Cipher在?魉投伺c接收端所用的Key是一?拥模?如?D2所示,?ΨQ型Cipher又叫Private Key Cipher,因?樗ey 的值只有?魉投撕徒邮斩酥?道。如果有第三者知道了Private Key值,也就能解檫加密的儋料。
?D2 ?ΨQ型Cipher的忒作
B. 非?ΨQ型Cipher
非?ΨQ型的Cipher又叫Public Key Cipher,Cipher除了Private Key外,????引咄一可以胗意散办的Public Key。被 Public Key加密的儋料只有相?τ车男rivate Key可以解檫,同?拥谋恍rivate Key加密的儋料也只有相?τ车男ublic Key 可以解檫。如?D3所示,锢示了非?ΨQ型Cipher的忒作咿程。
?D3 非?ΨQ型Cipher的忒作
C. ??息摘要 (Message Digest)
??息摘要是?囊唤M??入儋料??算所得的一??特?e?底郑?其原理忒作就如hash function一般。在密瘁?W的忒用彦,一般是用?眚?酌儋料是否被岗改。
2. JCE下蒌
因?槊???法??的限制,Sun在JDK彦只提供了少?档募用芊椒ǎ?其鹞大部份?t只在SunJCE彦提供,而且SunJCE的 API限制只有美??、加拿大地?^可以下蒌。表1?橛un及SunJCE分?e支援的加密演算法。
名费
型?e
Sun
MD5
??息摘要
SHA-1
??息摘要
DSA
??章
SunJCE
HmacMD5
MAC
HmacSHA1
MAC
DES
?ΨQ型Cipher
DESede
非?ΨQ型Cipher
PBEWithMD5AndDES
?ΨQ型Cipher
DH
Key的交?Q
表1 Sun及SunJCE支援的加密演算法
腠然美??法??有呃?拥南薅ǎ?但是在美??境外也已??有?S商??作出JCE,?K且可以在咀路上直接下蒌,表2就是下蒌咀址的列表。
套件
咀址
免偻
JCE
http://java.sun.com/products/jdk/1.2/jce/
是
Cryptix
http://www.cryptix.org/
是
IAIK
http://wwwjce.iaik.tu-graz.ac.at/
否
表2 JCE??篦下蒌咀址
3. JCE安砚
解?嚎s到JDK目??下
Set ClassPath= C:/JDK/bin/cryptix-jce-api.jar;C:/JDK/bin/cryptix-jce-compat.jar;C:/JDK/bin/cryptix-jce-provider.jar …
在JDK/lib/security/java.security中加入
security.provider.1=sun.security.provider.Sun (原?砭陀械末
security.provider.2=cryptix.jce.provider.Cryptix (加入)
4. 程式??例
在佩例之前,我先完成一??公用???e,用???⒆执?弈成十六咄位表示法。
public class Msg {
public static String toHexString(byte[] b) {
StringBuffer hexString = new StringBuffer();
String plainText;
for (int i = 0; i < b.length; i++) {
plainText = Integer.toHexString(0xFF & b[i]);
if (plainText.length() < 2) {
plainText = "0" + plainText;
}
hexString.append(plainText);
}
return hexString.toString();
}
}
5. ??息摘要 (message digest, 以SHA1?槔?)
?a生??息摘要的步笈:
呼叫getInstance取得MessageDigest??篦
呼叫update?①Y料痍斤MessageDigest
呼叫digest?a生??息摘要
import java.security.*;
public class SHA extends Object {
public static void main(String[] args) throws Exception
{
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(args[0].getBytes());
byte[] digest = md.digest();
System.out.println(Msg.toHexString(digest));
}
}
ps. 比蒉??????息摘要是否相同?r,可呼叫isEqual。
6. ??息帐酌瘁 (MAC, 以HmacSHA1?槔?)
??息帐酌瘁只是在?a生??息摘要的咿程彦,加咄一把key做?楸Wo,目的是使??息摘要更膣被破解。
?a生??息帐酌瘁的步笈:
利用密瘁?a生一把key
呼叫getInstance取得Mac??篦
呼叫init,初始化Mac
呼叫update痍儋料斤Mac
呼叫doFinal?a生??息帐酌瘁
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.*;
public class MacSHA {
public static void main(String[] args)
{
SecureRandom sr = new SecureRandom();
byte[] keyBytes = new byte[20];
sr.nextBytes(keyBytes);
SecretKey key = new SecretKeySpec(keyBytes, "HmacSHA");
try {
Mac m = Mac.getInstance("HmacSHA");
m.init(key);
m.update(args[0].getBytes());
byte[] mac = m.doFinal();
System.out.println(Msg.toHexString(mac));
}
catch (Exception e) {
System.out.println("Exception!!");
}
}
}
7. 加密陪解密 (以DES?槔?)
呃彦佩的加密/解密是???ΨQ型Cipher; 在金融交易彦,常用?ΨQ型Cipher?砑盈解密儋料。
加密/解密的步笈:
利用密瘁?a生一把key
呼叫getInstance?a生一??Cipher物件
呼叫init韵定?榧用芑蚪饷?
加密/解密
import java.io.*;
import java.security.*;
import javax.crypto.*;
public class PwdDES {
public static final int kBufferSize = 8192;
public static void main(String[] args) throws Exception {
if (args.length < 4) {
System.out.println("Usage: Cloak -e|-d passwd inputfile outputfile");
return;
}
//Get or create key.
Key key;
KeyGenerator generator = KeyGenerator.getInstance("DES");
generator.init(new SecureRandom(args[1].getBytes()));
key = generator.generateKey();
//Get a cipher object
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS#5");
//Encrypt or decrypt
if (args[0].indexOf("e") != -1)
cipher.init(Cipher.ENCRYPT_MODE, key);
else
cipher.init(Cipher.DECRYPT_MODE, key);
FileInputStream in = new FileInputStream(args[2]);
FileOutputStream fileOut = new FileOutputStream(args[3]);
CipherOutputStream out = new CipherOutputStream(fileOut, cipher);
byte[] buffer = new byte[kBufferSize];
int length;
while ((length = in.read(buffer)) != -1)
out.write(buffer, 0, length);
in.close();
out.close();
}
}
8. ?a生??章陪帐酌 (以DSA?槔?)
?滴缓?章常用在咀路上做??人身份催帐。
?a生??章的步笈:
呼叫getInstance取得一??Signature??篦
呼叫initSign初始化Signature
呼叫sign?a生??章
帐酌的步笈:
呼叫getInstance取得一??Signature??篦
呼叫initVerify初始化Signature
呼叫verify帐酌
Sample1: ?a生Private/Public Key
import java.security.*;
import java.security.KeyPairGenerator;
import java.security.KeyPair;
import java.io.*;
public class KeyPair1 {
public static void main(String[] args)
{
try {
KeyPairGenerator genKeyPair = KeyPairGenerator.getInstance("DSA");
genKeyPair.initialize(1024, new SecureRandom());
KeyPair kpKey = genKeyPair.genKeyPair();
PrivateKey prKey = kpKey.getPrivate();
PublicKey puKey = kpKey.getPublic();
ObjectOutputStream osPrivate = new ObjectOutputStream(new FileOutputStream("D://Private.Key"));
ObjectOutputStream osPublic = new ObjectOutputStream(new FileOutputStream("D://Public.Key"));
osPrivate.writeObject(prKey);
osPublic.writeObject(puKey);
osPrivate.close();
osPublic.close();
}
catch (Exception e) {
System.out.println("Error");
}
}
}
Sample2: ?a生??章陪帐酌
import java.io.*;
import java.security.*;
import java.security.Signature;
import java.security.cert.*;
public class GenSign {
public static void main(String[] args) throws Exception {
String options = args[0];
String messagefile = args[1];
String signaturefile = args[2];
Signature signature = Signature.getInstance("DSA");
if (options.indexOf("s") != -1) {
ObjectInputStream is = new ObjectInputStream(new FileInputStream("D://Private.key"));
PrivateKey priKey = (PrivateKey) is.readObject();
signature.initSign(priKey);
is.close();
}
else {
ObjectInputStream is = new ObjectInputStream(new FileInputStream("D://Public.key"));
PublicKey pubKey = (PublicKey) is.readObject();
signature.initVerify(pubKey);
is.close();
}
FileInputStream in = new FileInputStream(messagefile);
byte[] buffer = new byte[8192];
int length;
while ((length = in.read(buffer))!= -1)
signature.update(buffer, 0, length);
in.close();
if (options.indexOf("s") != -1) {
FileOutputStream out = new FileOutputStream(signaturefile);
byte[] raw = signature.sign();
out.write(raw);
out.close();
}
else {
FileInputStream sigIn = new FileInputStream(signaturefile);
byte[] raw = new byte[sigIn.available()];
sigIn.read(raw);
sigIn.close();
if (signature.verify(raw))
System.out.println("The signature is good.");
else
System.out.println("The signature is bad.");
}
}
}
- 上一篇: java版本的二分法算法实现
- 下一篇: java 第一次
