AES加密算法的理解及Java实现
程序员文章站
2022-07-10 15:23:32
...
一、AES算法的基本概念
AES是高级加密标准(Advanced Encryption Standard)的简称,AES有如下三个特点。
1 AES是对称加密算法
对称加密的概念,百度百科是这样解释的:在对称加密算法中,数据发信方将明文(原始数据)和加***一起经过特殊加密算法处理后,使其变成复杂的加密密文发送出去。收信方收到密文后,若想解读原文,则需要使用加密用过的**及相同算法的逆算法对密文进行解密,才能使其恢复成可读明文。在对称加密算法中,使用的**只有一个,发收信双方都使用这个**对数据进行加密和解密,这就要求解密方事先必须知道加***。关键点有两个:1、加密方、解密方使用同一个**,2、加密算法与解密算法互为逆算法。举例说明:123456-->234567的加***就是1,加密算法是每位+;234567-->123456的解***也是1,解密算法是每位-;其中加密算法(+)和解密算法(-)互为逆算法,这种加密算法就称作对称加密。
2、AES属于块加密
AES在加密前需要把明文分为固定长度的若干块,然后对每块明文进行加密,最后再拼成一个完成的加密字符串。块加密要填充满最后一块,加密方、解密方要使用相同的padding填充方式。
3、AES**、初始向量、加密模式、填充方式
我们常说的AES-128、AES-192、AES-256三种加密方式,数字表示的是**长度,比如AES-128说的是**是128位,也就是16个字节长度的字符串。JDK目前只支持AES-128加密,也就是传入的**必须是长度为16的字符串。
初始向量Iv(Initialization Vector),使用除ECB以外的其他加密模式均需要传入一个初始向量,其大小与块大小相等,AES块大小是128bit,所以Iv的长度是16字节,初始向量可以加强算法强度。
加密模式(Cipher Mode)有CBC、ECB、CTR、OFB、CFB五种。
填充方式(Padding)决定了最后的一个块需要填充的内容,填充方式有PKCS5Padding、PKCS7Padding、NOPADDING三种,但是JDK只提供了PKCS5Padding、NOPADDING两种,填充方式为PKCS5Padding时,最后一个块需要填充χ个字节,填充的值就是χ;填充方式为NOPADDING时,最后的一个块填充的内容由程序员自己决定,通常填充0。
二、AES算法的Java实现
package com.xi.liuliu.topnews.utils;
import android.util.Log;
import java.io.UnsupportedEncodingException;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
/**
* Created by zhangxiaobei on 2017/1/16.
*/
public class AesEncryptUtil {
private static final String TAG = "AesEncryptUtil";
private static final String UTF8 = "UTF-8";
private static final String AES = "AES";
private static final String AES_CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";
private static final String AES_CBC_NO_PADDING = "AES/CBC/NoPadding";
/**
* JDK只支持AES-128加密,也就是**长度必须是128bit;参数为**key,key的长度小于16字符时用"0"补充,key长度大于16字符时截取前16位
**/
private static SecretKeySpec create128BitsKey(String key) {
if (key == null) {
key = "";
}
byte[] data = null;
StringBuffer buffer = new StringBuffer(16);
buffer.append(key);
//小于16后面补0
while (buffer.length() < 16) {
buffer.append("0");
}
//大于16,截取前16个字符
if (buffer.length() > 16) {
buffer.setLength(16);
}
try {
data = buffer.toString().getBytes(UTF8);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return new SecretKeySpec(data, AES);
}
/**
* 创建128位的偏移量,iv的长度小于16时后面补0,大于16,截取前16个字符;
*
* @param iv
* @return
*/
private static IvParameterSpec create128BitsIV(String iv) {
if (iv == null) {
iv = "";
}
byte[] data = null;
StringBuffer buffer = new StringBuffer(16);
buffer.append(iv);
while (buffer.length() < 16) {
buffer.append("0");
}
if (buffer.length() > 16) {
buffer.setLength(16);
}
try {
data = buffer.toString().getBytes(UTF8);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return new IvParameterSpec(data);
}
/**
* 填充方式为Pkcs5Padding时,最后一个块需要填充χ个字节,填充的值就是χ,也就是填充内容由JDK确定
*
* @param srcContent
* @param password
* @param iv
* @return
*/
public static byte[] aesCbcPkcs5PaddingEncrypt(byte[] srcContent, String password, String iv) {
SecretKeySpec key = create128BitsKey(password);
IvParameterSpec ivParameterSpec = create128BitsIV(iv);
try {
Cipher cipher = Cipher.getInstance(AES_CBC_PKCS5_PADDING);
cipher.init(Cipher.ENCRYPT_MODE, key, ivParameterSpec);
byte[] encryptedContent = cipher.doFinal(srcContent);
return encryptedContent;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static byte[] aesCbcPkcs5PaddingDecrypt(byte[] encryptedContent, String password, String iv) {
SecretKeySpec key = create128BitsKey(password);
IvParameterSpec ivParameterSpec = create128BitsIV(iv);
try {
Cipher cipher = Cipher.getInstance(AES_CBC_PKCS5_PADDING);
cipher.init(Cipher.DECRYPT_MODE, key, ivParameterSpec);
byte[] decryptedContent = cipher.doFinal(encryptedContent);
return decryptedContent;
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* 填充方式为NoPadding时,最后一个块的填充内容由程序员确定,通常为0.
* AES/CBC/NoPadding加密的明文长度必须是16的整数倍,明文长度不满足16时,程序员要扩充到16的整数倍
*
* @param sSrc
* @param aesKey
* @param aesIV
* @return
*/
public static byte[] aesCbcNoPaddingEncrypt(byte[] sSrc, String aesKey, String aesIV) {
//加密的数据长度不是16的整数倍时,原始数据后面补0,直到长度满足16的整数倍
int len = sSrc.length;
//计算补0后的长度
while (len % 16 != 0) len++;
byte[] result = new byte[len];
//在最后补0
for (int i = 0; i < len; ++i) {
if (i < sSrc.length) {
result[i] = sSrc[i];
} else {
//填充字符'a'
//result[i] = 'a';
result[i] = 0;
}
}
SecretKeySpec skeySpec = create128BitsKey(aesKey);
//使用CBC模式,需要一个初始向量iv,可增加加密算法的强度
IvParameterSpec iv = create128BitsIV(aesIV);
Cipher cipher = null;
try {
//算法/模式/补码方式
cipher = Cipher.getInstance(AES_CBC_NO_PADDING);
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, iv);
} catch (Exception e) {
e.printStackTrace();
Log.i(TAG, "aesCbcNoPaddingEncrypt Exception");
}
byte[] encrypted = null;
try {
encrypted = cipher.doFinal(result);
} catch (Exception e) {
e.printStackTrace();
Log.i(TAG, "aesCbcNoPaddingEncrypt Exception");
}
return encrypted;
}
public static byte[] aesCbcNoPaddingDecrypt(byte[] sSrc, String aesKey, String aesIV) {
SecretKeySpec skeySpec = create128BitsKey(aesKey);
IvParameterSpec iv = create128BitsIV(aesIV);
try {
Cipher cipher = Cipher.getInstance(AES_CBC_NO_PADDING);
cipher.init(Cipher.DECRYPT_MODE, skeySpec, iv);
byte[] decryptContent = cipher.doFinal(sSrc);
return decryptContent;
} catch (Exception ex) {
Log.i(TAG, "aesCbcNoPaddingDecrypt Exception");
}
return null;
}
}
三、Base64转码概念及实现
AES加密后返回的是byte[ ],打印出来会显示很多乱码,为了提高可读性,一般将byte[]转为base64编码,base64不是加密算法,是一种编码方式,base64编码方式包括A-Z,a-z,0-9,+,/ 这些字符,编码时会把byte[ ]转成含有上述字符的字符串。Base64Encoder Java实现:
package com.xi.liuliu.topnews.utils;
/**
* Created by zhangxiaobei on 2017/1/9.
*/
public class Base64Encoder {
private static final byte[] encodingTable = {
(byte) 'A', (byte) 'B', (byte) 'C', (byte) 'D', (byte) 'E',
(byte) 'F', (byte) 'G', (byte) 'H', (byte) 'I', (byte) 'J',
(byte) 'K', (byte) 'L', (byte) 'M', (byte) 'N', (byte) 'O',
(byte) 'P', (byte) 'Q', (byte) 'R', (byte) 'S', (byte) 'T',
(byte) 'U', (byte) 'V', (byte) 'W', (byte) 'X', (byte) 'Y',
(byte) 'Z', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd',
(byte) 'e', (byte) 'f', (byte) 'g', (byte) 'h', (byte) 'i',
(byte) 'j', (byte) 'k', (byte) 'l', (byte) 'm', (byte) 'n',
(byte) 'o', (byte) 'p', (byte) 'q', (byte) 'r', (byte) 's',
(byte) 't', (byte) 'u', (byte) 'v', (byte) 'w', (byte) 'x',
(byte) 'y', (byte) 'z', (byte) '0', (byte) '1', (byte) '2',
(byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
(byte) '8', (byte) '9', (byte) '+', (byte) '/'
};
private static final byte[] decodingTable;
static {
decodingTable = new byte[128];
for (int i = 0; i < 128; i++) {
decodingTable[i] = (byte) -1;
}
for (int i = 'A'; i <= 'Z'; i++) {
decodingTable[i] = (byte) (i - 'A');
}
for (int i = 'a'; i <= 'z'; i++) {
decodingTable[i] = (byte) (i - 'a' + 26);
}
for (int i = '0'; i <= '9'; i++) {
decodingTable[i] = (byte) (i - '0' + 52);
}
decodingTable['+'] = 62;
decodingTable['/'] = 63;
}
public static byte[] encode(byte[] data) {
byte[] bytes;
int modulus = data.length % 3;
if (modulus == 0) {
bytes = new byte[(4 * data.length) / 3];
} else {
bytes = new byte[4 * ((data.length / 3) + 1)];
}
int dataLength = (data.length - modulus);
int a1;
int a2;
int a3;
for (int i = 0, j = 0; i < dataLength; i += 3, j += 4) {
a1 = data[i] & 0xff;
a2 = data[i + 1] & 0xff;
a3 = data[i + 2] & 0xff;
bytes[j] = encodingTable[(a1 >>> 2) & 0x3f];
bytes[j + 1] = encodingTable[((a1 << 4) | (a2 >>> 4)) & 0x3f];
bytes[j + 2] = encodingTable[((a2 << 2) | (a3 >>> 6)) & 0x3f];
bytes[j + 3] = encodingTable[a3 & 0x3f];
}
int b1;
int b2;
int b3;
int d1;
int d2;
switch (modulus) {
case 0: /* nothing left to do */
break;
case 1:
d1 = data[data.length - 1] & 0xff;
b1 = (d1 >>> 2) & 0x3f;
b2 = (d1 << 4) & 0x3f;
bytes[bytes.length - 4] = encodingTable[b1];
bytes[bytes.length - 3] = encodingTable[b2];
bytes[bytes.length - 2] = (byte) '=';
bytes[bytes.length - 1] = (byte) '=';
break;
case 2:
d1 = data[data.length - 2] & 0xff;
d2 = data[data.length - 1] & 0xff;
b1 = (d1 >>> 2) & 0x3f;
b2 = ((d1 << 4) | (d2 >>> 4)) & 0x3f;
b3 = (d2 << 2) & 0x3f;
bytes[bytes.length - 4] = encodingTable[b1];
bytes[bytes.length - 3] = encodingTable[b2];
bytes[bytes.length - 2] = encodingTable[b3];
bytes[bytes.length - 1] = (byte) '=';
break;
}
return bytes;
}
public static byte[] decode(byte[] data) {
byte[] bytes;
byte b1;
byte b2;
byte b3;
byte b4;
data = discardNonBase64Bytes(data);
if (data[data.length - 2] == '=') {
bytes = new byte[(((data.length / 4) - 1) * 3) + 1];
} else if (data[data.length - 1] == '=') {
bytes = new byte[(((data.length / 4) - 1) * 3) + 2];
} else {
bytes = new byte[((data.length / 4) * 3)];
}
for (int i = 0, j = 0; i < (data.length - 4); i += 4, j += 3) {
b1 = decodingTable[data[i]];
b2 = decodingTable[data[i + 1]];
b3 = decodingTable[data[i + 2]];
b4 = decodingTable[data[i + 3]];
bytes[j] = (byte) ((b1 << 2) | (b2 >> 4));
bytes[j + 1] = (byte) ((b2 << 4) | (b3 >> 2));
bytes[j + 2] = (byte) ((b3 << 6) | b4);
}
if (data[data.length - 2] == '=') {
b1 = decodingTable[data[data.length - 4]];
b2 = decodingTable[data[data.length - 3]];
bytes[bytes.length - 1] = (byte) ((b1 << 2) | (b2 >> 4));
} else if (data[data.length - 1] == '=') {
b1 = decodingTable[data[data.length - 4]];
b2 = decodingTable[data[data.length - 3]];
b3 = decodingTable[data[data.length - 2]];
bytes[bytes.length - 2] = (byte) ((b1 << 2) | (b2 >> 4));
bytes[bytes.length - 1] = (byte) ((b2 << 4) | (b3 >> 2));
} else {
b1 = decodingTable[data[data.length - 4]];
b2 = decodingTable[data[data.length - 3]];
b3 = decodingTable[data[data.length - 2]];
b4 = decodingTable[data[data.length - 1]];
bytes[bytes.length - 3] = (byte) ((b1 << 2) | (b2 >> 4));
bytes[bytes.length - 2] = (byte) ((b2 << 4) | (b3 >> 2));
bytes[bytes.length - 1] = (byte) ((b3 << 6) | b4);
}
return bytes;
}
public static byte[] decode(String data) {
byte[] bytes;
byte b1;
byte b2;
byte b3;
byte b4;
data = discardNonBase64Chars(data);
if (data.charAt(data.length() - 2) == '=') {
bytes = new byte[(((data.length() / 4) - 1) * 3) + 1];
} else if (data.charAt(data.length() - 1) == '=') {
bytes = new byte[(((data.length() / 4) - 1) * 3) + 2];
} else {
bytes = new byte[((data.length() / 4) * 3)];
}
for (int i = 0, j = 0; i < (data.length() - 4); i += 4, j += 3) {
b1 = decodingTable[data.charAt(i)];
b2 = decodingTable[data.charAt(i + 1)];
b3 = decodingTable[data.charAt(i + 2)];
b4 = decodingTable[data.charAt(i + 3)];
bytes[j] = (byte) ((b1 << 2) | (b2 >> 4));
bytes[j + 1] = (byte) ((b2 << 4) | (b3 >> 2));
bytes[j + 2] = (byte) ((b3 << 6) | b4);
}
if (data.charAt(data.length() - 2) == '=') {
b1 = decodingTable[data.charAt(data.length() - 4)];
b2 = decodingTable[data.charAt(data.length() - 3)];
bytes[bytes.length - 1] = (byte) ((b1 << 2) | (b2 >> 4));
} else if (data.charAt(data.length() - 1) == '=') {
b1 = decodingTable[data.charAt(data.length() - 4)];
b2 = decodingTable[data.charAt(data.length() - 3)];
b3 = decodingTable[data.charAt(data.length() - 2)];
bytes[bytes.length - 2] = (byte) ((b1 << 2) | (b2 >> 4));
bytes[bytes.length - 1] = (byte) ((b2 << 4) | (b3 >> 2));
} else {
b1 = decodingTable[data.charAt(data.length() - 4)];
b2 = decodingTable[data.charAt(data.length() - 3)];
b3 = decodingTable[data.charAt(data.length() - 2)];
b4 = decodingTable[data.charAt(data.length() - 1)];
bytes[bytes.length - 3] = (byte) ((b1 << 2) | (b2 >> 4));
bytes[bytes.length - 2] = (byte) ((b2 << 4) | (b3 >> 2));
bytes[bytes.length - 1] = (byte) ((b3 << 6) | b4);
}
return bytes;
}
private static byte[] discardNonBase64Bytes(byte[] data) {
byte[] temp = new byte[data.length];
int bytesCopied = 0;
for (int i = 0; i < data.length; i++) {
if (isValidBase64Byte(data[i])) {
temp[bytesCopied++] = data[i];
}
}
byte[] newData = new byte[bytesCopied];
System.arraycopy(temp, 0, newData, 0, bytesCopied);
return newData;
}
private static String discardNonBase64Chars(String data) {
StringBuffer sb = new StringBuffer();
int length = data.length();
for (int i = 0; i < length; i++) {
if (isValidBase64Byte((byte) (data.charAt(i)))) {
sb.append(data.charAt(i));
}
}
return sb.toString();
}
private static boolean isValidBase64Byte(byte b) {
if (b == '=') {
return true;
} else if ((b < 0) || (b >= 128)) {
return false;
} else if (decodingTable[b] == -1) {
return false;
}
return true;
}
}
综上我们经常使用的发送加密数据的流程是:
前端、移动端:
1 AES加密得到加密数据
2 Base64编码加密数据
3 发送Base64编码数据
后端:
4 Base64解码数据
5 AES解密数据
6 存储原始数据
参考:
http://blog.csdn.net/uikoo9/article/details/27983071
http://blog.csdn.net/qq_18870023/article/details/52183755