常用加密算法

祈雨的笔记

2019-08-07

java

Base64

import org.apache.commons.codec.binary.Base64;

public class Base64Utils {

    public static void main(String args[]) {
        String value = "hello world";

        // 加密
        String encode = Base64.encodeBase64String(value.getBytes());
        System.out.println("encode:" + encode);
        // 解密
        String decode = new String(Base64.decodeBase64(encode));
        System.out.println("decode:" + decode);
    }
}

AES

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class AESUtils {

    public static String encrypt(String key, String data) throws Exception {
        Cipher cipher = initCipher(key, Cipher.ENCRYPT_MODE);
        byte[] encryptedByte = cipher.doFinal(data.getBytes());
        return Base64.encodeBase64String(encryptedByte);
    }

    public static String decrypt(String key, String data) throws Exception {
        Cipher cipher = initCipher(key, Cipher.DECRYPT_MODE);
        byte[] decryptedByte = cipher.doFinal(Base64.decodeBase64(data));
        return new String(decryptedByte);
    }

    private static Cipher initCipher(String key, int encryptMode) throws Exception {
        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
        cipher.init(encryptMode, new SecretKeySpec(key.getBytes(), "AES"));
        return cipher;
    }

    public static void main(String[] args) throws Exception {
        // 16字节秘钥即128比特
        String key = "1234567890123456";
        String value = "HelloWorld";

        // 16进制的加密参数key
        System.out.println("key hex: " + Hex.encodeHexString(key.getBytes()));

        // 加密
        String encrypt = encrypt(key, value);
        System.out.println("encrypt: " + encrypt);
        // 解密
        String decrypt = decrypt(key, encrypt);
        System.out.println("decrypt: " + decrypt);
    }

}

DES

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class DESUtils {

    public static String encrypt(String key, String data) throws Exception {
        Cipher cipher = initCipher(key, Cipher.ENCRYPT_MODE);
        byte[] encryptedByte = cipher.doFinal(data.getBytes());
        return Base64.encodeBase64String(encryptedByte);
    }

    public static String decrypt(String key, String data) throws Exception {
        Cipher cipher = initCipher(key, Cipher.DECRYPT_MODE);
        byte[] decryptedByte = cipher.doFinal(Base64.decodeBase64(data));
        return new String(decryptedByte);
    }

    private static Cipher initCipher(String key, int encryptMode) throws Exception {
        Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
        cipher.init(encryptMode, new SecretKeySpec(key.getBytes(), "DES"));
        return cipher;
    }

    public static void main(String[] args) throws Exception {
        String key = "12345678";
        String value = "HelloWorld";

        // 16进制的加密参数key
        System.out.println("key hex: " + Hex.encodeHexString(key.getBytes()));

        // 加密
        String encrypt = encrypt(key, value);
        System.out.println("encrypt: " + encrypt);
        // 解密
        String decrypt = decrypt(key, encrypt);
        System.out.println("decrypt: " + decrypt);
    }

}

RSA

import java.io.*;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;


/**
 * RSA非对称加密算法
 *
 * 生成私钥(格式未转换):openssl genrsa -out pvk0.pem 1024
 * 生成公钥:openssl rsa -in pvk0.pem -out puk.pem -pubout
 * 私钥格式转换:openssl pkcs8 -topk8 -in pvk0.pem -out pvk.pem -nocrypt
 */
public class RSASignUtil {

    private static final String SIGNATURE_INSTANCE = "SHA256WithRSA";
    private static final String RSA_INSTANCE = "RSA";
    private static final int MAX_ENCRYPT_BLOCK = 245;
    private static final int MAX_DECRYPT_BLOCK = 256;

    /**
     * RSA私钥签名
     *
     * @param pvkString 秘钥
     * @param source    文本
     */
    public static String signBySHA256WithRSA(String pvkString, String source) throws Exception {
        Signature signature = Signature.getInstance(SIGNATURE_INSTANCE);

        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.decodeBase64(pvkString.getBytes()));
        KeyFactory ky = KeyFactory.getInstance(RSA_INSTANCE);
        PrivateKey privateKey = ky.generatePrivate(spec);

        signature.initSign(privateKey);
        signature.update(source.getBytes());
        byte result[] = signature.sign();

        return Base64.encodeBase64String(result);
    }

    /**
     * RSA公钥验签
     *
     * @param pukString 公钥
     * @param signValue 签名
     * @param source    文本
     */
    public static boolean verifySignBySHA256WithRSA(String pukString, String signValue, String source) throws Exception {
        X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.decodeBase64(pukString.getBytes()));
        KeyFactory ky = KeyFactory.getInstance(RSA_INSTANCE);
        PublicKey pukKey = ky.generatePublic(spec);

        Signature signature = Signature.getInstance(SIGNATURE_INSTANCE);
        signature.initVerify(pukKey);
        signature.update(source.getBytes());
        // 验证商户签名
        return signature.verify(Base64.decodeBase64(signValue.getBytes()));
    }

    /**
     * RSA公钥加密
     *
     * @param data      文本
     * @param publicKey 公钥
     */
    public static byte[] encryptByPuk(byte[] data, String publicKey) throws Exception {
        byte[] decoded = Base64.decodeBase64(publicKey);
        PublicKey pubKey = KeyFactory.getInstance(RSA_INSTANCE).generatePublic(new X509EncodedKeySpec(decoded));
        try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
            Cipher cipher = Cipher.getInstance(RSA_INSTANCE);
            cipher.init(Cipher.ENCRYPT_MODE, pubKey);
            int offSet = 0;
            while (data.length > offSet) {
                int length = data.length - offSet > MAX_ENCRYPT_BLOCK ? MAX_ENCRYPT_BLOCK : data.length - offSet;
                byte[] cache = cipher.doFinal(data, offSet, length);
                out.write(cache, 0, cache.length);
                offSet += length;
            }
            return out.toByteArray();
        }
    }

    /**
     * RSA私钥解密
     *
     * @param data       文本
     * @param privateKey 私钥
     */
    public static byte[] decryptByPvk(byte[] data, String privateKey) throws Exception {
        byte[] decoded = Base64.decodeBase64(privateKey);
        PrivateKey priKey = KeyFactory.getInstance(RSA_INSTANCE).generatePrivate(new PKCS8EncodedKeySpec(decoded));
        try (ByteArrayOutputStream out = new ByteArrayOutputStream()) {
            Cipher cipher = Cipher.getInstance(RSA_INSTANCE);
            cipher.init(Cipher.DECRYPT_MODE, priKey);
            int offSet = 0;
            while (data.length > offSet) {
                int length = data.length - offSet > MAX_DECRYPT_BLOCK ? MAX_DECRYPT_BLOCK : data.length - offSet;
                byte[] cache = cipher.doFinal(data, offSet, length);
                out.write(cache, 0, cache.length);
                offSet += length;
            }
            return out.toByteArray();
        }
    }

    /**
     * 读取公钥
     */
    private static String getPemPukkey(String pukPath) {
        String pukString = null;
        try (InputStream in = new FileInputStream(pukPath)) {
            pukString = IOUtils.toString(in);
            pukString = pukString.replace("-----BEGIN PUBLIC KEY-----", "");
            pukString = pukString.replace("-----END PUBLIC KEY-----", "");
            pukString = pukString.replaceAll("\n", "");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return pukString;
    }

    /**
     * 读取私钥
     */
    private static String getPemPriKey(String pvkPath) {
        String pvkString = null;
        try (InputStream in = new FileInputStream(pvkPath)) {
            pvkString = IOUtils.toString(in);
            pvkString = pvkString.replace("-----BEGIN PRIVATE KEY-----", "");
            pvkString = pvkString.replace("-----END PRIVATE KEY-----", "");
            pvkString = pvkString.replaceAll("\n", "");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return pvkString;
    }

    /**
     * 生成RSA公钥私钥
     */
    public static Pair<RSAPublicKey, RSAPrivateKey> initKey() throws Exception {
        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(RSA_INSTANCE);
        keyPairGen.initialize(2048);
        KeyPair keyPair = keyPairGen.generateKeyPair();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        return new Pair<>(publicKey, privateKey);
    }

    public static void main(String[] args) throws Exception {
        String pukPath = "C:/Users/zm/Desktop/puk.pem";
        String publicKey = getPemPukkey(pukPath);

        String pvkPath = "C:/Users/zm/Desktop/pvk.pem";
        String privateKey = getPemPriKey(pvkPath);

        String value = "43554656786889";

        // 加密
        byte[] encrypt = encryptByPuk(value.getBytes(), publicKey);
        System.out.println("encrypt:" + Base64.encodeBase64String(encrypt));
        // 解密
        byte[] decrypt = decryptByPvk(encrypt, privateKey);
        System.out.println("decrypt:" + new String(decrypt));

        // 签名
        String sign = signBySHA256WithRSA(privateKey, value);
        System.out.println("sign:" + sign);
        // 验签
        boolean isSuccess = verifySignBySHA256WithRSA(publicKey, sign, value);
        System.out.println(isSuccess);
    }
}

SM2

sm2,sm3,sm4国密算法的纯c语言版本

SM2国密算法SDK包SADK-3.2.1.3.jar。

import java.io.File;
import java.io.FileOutputStream;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;

import cfca.sadk.cgb.toolkit.SM2Toolkit;
import org.apache.commons.io.IOUtils;

/**
 * 国密SM2非对称加密算法公钥私钥生成器
 */
public class SM2GenKey {

    public static void keyGen(String fileName) throws Exception {
        SM2Toolkit tool = new SM2Toolkit();
        KeyPair key = tool.SM2GenerateKeyPair();

        // 私钥
        PrivateKey pvk = key.getPrivate();
        byte[] pvkBytes = pvk.getEncoded();
        String pvkPath = String.format("cert/%s.pvk", fileName);

        // 公钥
        PublicKey puk = key.getPublic();
        byte[] pukBytes = puk.getEncoded();
        String pukPath = String.format("cert/%s.puk", fileName);

        File dir = new File("cert");
        if (!dir.exists()) {
            dir.mkdir();
        }

        try (FileOutputStream pukOut = new FileOutputStream(pukPath);
             FileOutputStream pvkOut = new FileOutputStream(pvkPath)) {
            IOUtils.write(pukBytes, pukOut);
            IOUtils.write(pvkBytes, pvkOut);
        }
    }

    public static void main(String[] args) throws Exception {
        String keyName = "100000";
        keyGen(keyName);
    }
}

import cfca.sadk.algorithm.sm2.SM2PrivateKey;
import cfca.sadk.algorithm.sm2.SM2PublicKey;
import cfca.sadk.cgb.toolkit.BASE64Toolkit;
import cfca.sadk.cgb.toolkit.SM2Toolkit;
import org.apache.commons.io.IOUtils;

import java.io.FileInputStream;

/**
 * SM2国密算法
 */
public class SM2Utils {

    /**
     * 签名
     */
    public static String signString(String srcStr, byte[] pvkBytes) throws Exception {
        SM2Toolkit sm2Tool = new SM2Toolkit();
        SM2PrivateKey sm2PrivateKey = (SM2PrivateKey) sm2Tool.SM2BuildPrivateKey(BASE64Toolkit.encode(pvkBytes));
        return BASE64Toolkit.encode(sm2Tool.SM2Sign(sm2PrivateKey, srcStr.getBytes()));
    }

    /**
     * 验签
     */
    public static boolean verfySignString(byte[] pukBytes, String signValue, String srcString) throws Exception {
        //读取公钥
        SM2Toolkit sm2Tool = new SM2Toolkit();
        SM2PublicKey sm2MerPublicKey = (SM2PublicKey) sm2Tool.SM2BuildPublicKey(BASE64Toolkit.encode(pukBytes));
        //验证签名
        return sm2Tool.SM2Verify(sm2MerPublicKey, srcString.getBytes(), BASE64Toolkit.decode(signValue));
    }

    /**
     * 使用公钥加密
     */
    public static String encrypt(byte[] pukBytes, String data) throws Exception {
        SM2Toolkit sm2Tool = new SM2Toolkit();
        SM2PublicKey sm2MerPublicKey = (SM2PublicKey) sm2Tool.SM2BuildPublicKey(BASE64Toolkit.encode(pukBytes));
        return BASE64Toolkit.encode(sm2Tool.SM2EncryptData(sm2MerPublicKey, data.getBytes()));
    }

    /**
     * 使用私钥解密
     */
    public static String decrypt(byte[] pvkBytes, String data) throws Exception {
        SM2Toolkit sm2Tool = new SM2Toolkit();
        SM2PrivateKey sm2PrivateKey = (SM2PrivateKey) sm2Tool.SM2BuildPrivateKey(BASE64Toolkit.encode(pvkBytes));
        return new String(sm2Tool.SM2DecryptData(sm2PrivateKey, BASE64Toolkit.decode(data)));
    }

    public static void main(String[] args) throws Exception {
        String pvkPath = "C:/Users/zm/Desktop/dppaykey.pvk";
        byte[] pvkBytes = IOUtils.toByteArray(new FileInputStream(pvkPath));
        String pukPath = "C:/Users/zm/Desktop/dppaykey.puk";
        byte[] pukBytes = IOUtils.toByteArray(new FileInputStream(pukPath));

        String value = "hello world";

        // 加密
        String encrypt = encrypt(pukBytes, value);
        System.out.println("encrypt:" + encrypt);
        // 解密
        String decrypt = decrypt(pvkBytes, encrypt);
        System.out.println("decrypt:" + decrypt);

        // 签名
        String sign = SM2Utils.signString(value, pvkBytes);
        System.out.println("sign:" + sign);
        // 验签
        boolean isSuccess = SM2Utils.verfySignString(pukBytes, sign, value);
        System.out.println(isSuccess);
    }
}

SM4

sm2,sm3,sm4国密算法的纯c语言版本

SM4国密算法SDK包SADK-3.2.1.3.jar。

import cfca.sadk.cgb.toolkit.BASE64Toolkit;
import cfca.sadk.cgb.toolkit.SM4Toolkit;

/**
 * SM4国密算法
 */
public class SM4Utils {

    /**
     * 使用国密SM4加密字符串
     */
    public static String encrypt(String key, String data) throws Exception {
        SM4Toolkit toolkit = new SM4Toolkit();
        toolkit.SM4Init(key.getBytes(), key.getBytes());
        byte[] enByte = toolkit.SM4EncryptData(data.getBytes());
        return BASE64Toolkit.encode(enByte);
    }

    /**
     * 使用国密SM4解密字符串
     */
    public static String decrypt(String key, String data) throws Exception {
        SM4Toolkit toolkit = new SM4Toolkit();
        toolkit.SM4Init(key.getBytes(), key.getBytes());
        byte[] enByte = toolkit.SM4DecryptData(BASE64Toolkit.decode(data));
        return new String(enByte);
    }

    public static void main(String[] args) throws Exception {
        String key = "1234567890123456";
        String value = "hello world";

        // 加密
        String encrypt = encrypt(key, value);
        System.out.println("encrypt:" + encrypt);
        // 解密
        String decrypt = decrypt(key, encrypt);
        System.out.println("decrypt:" + decrypt);
    }
}