JAVA实现“AES/ECB/PKCS7Padding”对称加解密,尤其是 AES256的加解密需要注意两点:
技术出口限制,国内的JDK 默认不支持;
PKCS7Padding JAVA默认不支持PKCS7Padding填充模式,需借助第三方提供者。
解决出口限制问题,下载以下两个包替换jdk安装路径下: jre\lib\security 的同名文件
jdk1.7:http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
jdk1.8:http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
解决无提供者的问题,maven工程pom.xml文件中添加以下配置:
完成以上步骤,在类初始化时添加如下代码:
static
{
if (Security.getProvider("BC") == null) {
Security
.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
} else {
Security.removeProvider("BC");
Security
.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
}
完整的工具类:
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
/**
* @program: featureapp
* @description:
* @author: Mr.Li
* @create: 2018-09-13 22:14
**/
public class AES256 {
public static byte[] encrypt(String content, String password) {
try {
//"AES":请求的密钥算法的标准名称
KeyGenerator kgen = KeyGenerator.getInstance("AES");
//256:密钥生成参数;securerandom:密钥生成器的随机源
SecureRandom securerandom = new SecureRandom(tohash256Deal(password));
kgen.init(256, securerandom);
//生成秘密(对称)密钥
SecretKey secretKey = kgen.generateKey();
//返回基本编码格式的密钥
byte[] enCodeFormat = secretKey.getEncoded();
//根据给定的字节数组构造一个密钥。enCodeFormat:密钥内容;"AES":与给定的密钥内容相关联的密钥算法的名称
SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
//将提供程序添加到下一个可用位置
Security.addProvider(new BouncyCastleProvider());
//创建一个实现指定转换的 Cipher对象,该转换由指定的提供程序提供。
//"AES/ECB/PKCS7Padding":转换的名称;"BC":提供程序的名称
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] byteContent = content.getBytes("utf-8");
byte[] cryptograph = cipher.doFinal(byteContent);
return Base64.encode(cryptograph);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static String decrypt(byte[] cryptograph, String password) {
try {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
SecureRandom securerandom = new SecureRandom(tohash256Deal(password));
kgen.init(256, securerandom);
SecretKey secretKey = kgen.generateKey();
byte[] enCodeFormat = secretKey.getEncoded();
SecretKeySpec key = new SecretKeySpec(enCodeFormat, "AES");
Security.addProvider(new BouncyCastleProvider());
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS7Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] content = cipher.doFinal(Base64.decode(cryptograph));
return new String(content);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
private static String parseByte2HexStr(byte buf[]) {
StringBuffer sb = new StringBuffer();
for (int i = 0; i < buf.length; i++) {
String hex = Integer.toHexString(buf[i] & 0xFF);
if (hex.length() == 1) {
hex = '0' + hex;
}
sb.append(hex.toUpperCase());
}
return sb.toString();
}
/*private static byte[] parseHexStr2Byte(String hexStr) {
if (hexStr.length() < 1)
return null;
byte[] result = new byte[hexStr.length()/2];
for (int i = 0;i< hexStr.length()/2; i++) {
int high = Integer.parseInt(hexStr.substring(i*2, i*2+1), 16);
int low = Integer.parseInt(hexStr.substring(i*2+1, i*2+2), 16);
result[i] = (byte) (high * 16 + low);
}
return result;
}*/
private static byte[] tohash256Deal(String datastr) {
try {
MessageDigest digester=MessageDigest.getInstance("SHA-256");
digester.update(datastr.getBytes());
byte[] hex=digester.digest();
return hex;
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e.getMessage());
}
}
public static void main(String[] args) {
String content = "0f607264fc6318a92b9e13c65db7cd3c";
String password = "zsyy";
System.out.println("明文:" + content);
System.out.println("key:" + password);
byte[] encryptResult = AES256.encrypt(content, password);
System.out.println("密文:" + AES256.parseByte2HexStr(encryptResult));
String decryptResult = AES256.decrypt(encryptResult, password);
System.out.println("解密:" + decryptResult);
}
}