欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  IT编程

des加密工具类(des加密算法详解)

程序员文章站 2023-12-01 19:57:34
des算法简介des 算法  des算法为密码*中的对称密码*,又被称为美国数据加密标准,是1972年美国ibm公司研制的对称密码*加密算法。明文按64位进行分组,密钥长64位,密钥事实上是56...

  des算法简介

des加密工具类(des加密算法详解)

des 算法

  des算法为密码*中的对称密码*,又被称为美国数据加密标准,是1972年美国ibm公司研制的对称密码*加密算法。明文按64位进行分组,密钥长64位,密钥事实上是56位参与des运算(第8、16、24、32、40、48、56、64位是校验位,使得每个密钥都有奇数个1)分组后的明文组和56位的密钥按位替代或交换的方法形成密文组的加密方法。

  des算法具有极高安全性,除了用穷举搜索法对des算法进行攻击外,还没有发现更有效的办法。而56位长的密钥的穷举空间为2^56,这意味着如果一台计算机的速度是每一秒钟检测一百万个密钥,则它搜索完全部密钥就需要将近2285年的时间,可见,这是难以实现的。然而,这并不等于说des是不可破解的。而实际上,随着硬件技术和internet的发展,其破解的可能性越来越大,而且,所需要的时间越来越少。使用经过特殊设计的硬件并行处理要几个小时。

  为了克服des密钥空间小的缺陷,人们又提出了三重des的变形方式。

  maven 依赖

  工具类对于加密后使用base64进行编码,所以需要依赖apache commons codec。

<dependency>
    <groupid>commons-codec</groupid>
    <artifactid>commons-codec</artifactid>
    <version>1.9</version>
</dependency>
<dependency>
    <groupid>log4j</groupid>
    <artifactid>log4j</artifactid>
    <version>1.2.17</version>
</dependency>

  工具类实现

  desutil提供了针对文本内容、字节数组内容的加解密实现,desutil工具类可以直接复制使用,代码如下:

package com.arhorchin.securitit.enordecryption.des;
import java.security.key;
import javax.crypto.cipher;
import javax.crypto.secretkeyfactory;
import javax.crypto.spec.deskeyspec;
import javax.crypto.spec.ivparameterspec;
import org.apache.commons.codec.binary.base64;
import org.apache.log4j.logger;
/**
 * @author securitit.
 * @note des加密算法实现.
 */
public class desutil {
    /**
     * logger.
     */
    private static logger logger = logger.getlogger(desutil.class);
    /**
     * 数据编码.
     */
    private static final string charset_utf8 = "utf-8";
    /**
     * 算法编号.
     */
    public static final string des_name = "des";
    /**
     * cbc模式串.
     */
    public static final string des_name_ecb = "des/cbc/pkcs5padding";
    /**
     * 初始向量.
     */
    public static final byte[] des_key_iv = { 1, 2, 3, 4, 5, 6, 7, 8 };
    /**
     * 根据密码生成key.要求:密码长度是8的倍数.
     * @param deskeypwd 密码字符串.
     * @return des密钥.
     * @throws exception 可能异常.
     */
    public static string generatedeskey(string deskeypwd) throws exception {
        deskeyspec deskeyspec = null;
        secretkeyfactory keyfactory = null;
        byte[] keybytes = null;
        deskeyspec = new deskeyspec(deskeypwd.getbytes(charset_utf8));
        keyfactory = secretkeyfactory.getinstance(des_name);
        keybytes = keyfactory.generatesecret(deskeyspec).getencoded();
        return base64.encodebase64string(keybytes);
    }
    /**
     * 对文本内容进行加密.
     * @param plaintext 待加密明文内容.
     * @param deskey des密钥.
     * @return 加密的密文.
     */
    public static string encodetext(string plaintext, string deskey) throws exception {
        byte[] deskeybytes = null;
        byte[] plainbytes = null;
        byte[] cipherbytes = null;
        try {
            deskeybytes = base64.decodebase64(deskey);
            plainbytes = plaintext.getbytes(charset_utf8);
            cipherbytes = encodebycbc(plainbytes, deskeybytes, des_key_iv);
            return base64.encodebase64string(cipherbytes);
        } catch (exception ex) {
            logger.error("desutil.encodetext.", ex);
            return "";
        }
    }
    /**
     * 对文本密文进行解密.
     * @param ciphertext 待解密密文.
     * @param deskey des密钥.
     * @return 解密的明文.
     */
    public static string decodetext(string ciphertext, string deskey) throws exception {
        byte[] deskeybytes = null;
        byte[] cipherbytes = null;
        byte[] plainbytes = null;
        try {
            deskeybytes = base64.decodebase64(deskey);
            cipherbytes = base64.decodebase64(ciphertext);
            plainbytes = decodebycbc(cipherbytes, deskeybytes, des_key_iv);
            return new string(plainbytes, charset_utf8);
        } catch (exception ex) {
            logger.error("desutil.decodetext.", ex);
            return "";
        }
    }
    /**
     * 对字节数组内容进行加密.
     * @param plaintext 待加密明文内容.
     * @param dsekey des密钥.
     * @return 加密的密文.
     */
    public static byte[] encodebytes(byte[] plainbytes, string deskey) throws exception {
        byte[] deskeybytes = null;
        byte[] cipherbytes = null;
        try {
            deskeybytes = base64.decodebase64(deskey);
            cipherbytes = encodebycbc(plainbytes, deskeybytes, des_key_iv);
            return cipherbytes;
        } catch (exception ex) {
            logger.error("desutil.encodebytes.", ex);
            return new byte[0];
        }
    }
    /**
     * 对字节数组密文进行解密.
     * @param ciphertext 待解密密文.
     * @param deskey des密钥.
     * @return 解密的明文.
     */
    public static byte[] decodebytes(byte[] cipherbytes, string deskey) throws exception {
        byte[] deskeybytes = null;
        byte[] plainbytes = null;
        try {
            deskeybytes = base64.decodebase64(deskey);
            plainbytes = decodebycbc(cipherbytes, deskeybytes, des_key_iv);
            return plainbytes;
        } catch (exception ex) {
            logger.error("desutil.decodebytes.", ex);
            return new byte[0];
        }
    }
    /**
     * des算法使用cbc模式进行加密.
     * @param plainbytes 原文内容.
     * @param deskey des密钥.
     * @param keyiv des初始向量.
     * @return 加密后的内容.
     * @throws exception .
     */
    public static byte[] encodebycbc(byte[] plainbytes, byte[] deskey, byte[] keyiv) throws exception {
        key deskey = null;
        deskeyspec desspec = null;
        secretkeyfactory keyfactory = null;
        cipher cipher = null;
        ivparameterspec ivspec = null;
        byte[] cipherout = null;
        desspec = new deskeyspec(deskey);
        keyfactory = secretkeyfactory.getinstance(des_name);
        deskey = keyfactory.generatesecret(desspec);
        cipher = cipher.getinstance(des_name_ecb);
        ivspec = new ivparameterspec(keyiv);
        cipher.init(cipher.encrypt_mode, deskey, ivspec);
        cipherout = cipher.dofinal(plainbytes);
        return cipherout;
    }
    /**
     * des算法使用cbc模式进行解密.
     * @param plainbytes 密文内容.
     * @param deskey des密钥.
     * @param keyiv des初始向量.
     * @return 解密后的内容.
     * @throws exception .
     */
    public static byte[] decodebycbc(byte[] plainbytes, byte[] deskey, byte[] keyiv) throws exception {
        key deskey = null;
        deskeyspec desspec = null;
        secretkeyfactory keyfactory = null;
        cipher cipher = null;
        ivparameterspec ivspec = null;
        byte[] cipherout = null;
        desspec = new deskeyspec(deskey);
        keyfactory = secretkeyfactory.getinstance(des_name);
        deskey = keyfactory.generatesecret(desspec);
        cipher = cipher.getinstance(des_name_ecb);
        ivspec = new ivparameterspec(keyiv);
        cipher.init(cipher.decrypt_mode, deskey, ivspec);
        cipherout = cipher.dofinal(plainbytes);
        return cipherout;
    }
}

  工具类测试

package com.arhorchin.securitit.enordecryption.des;
import java.util.arrays;
/**
 * @author securitit.
 * @note desutil测试类.
 */
public class desutiltester {
    public static void main(string[] args) throws exception {
        string deskeypwd = "1234567887654321";
        string deskey = null;
        string plaintext = "this is 一段明文内容!";
        string ciphertext = null;
        system.out.println("----------------------- 获取des秘钥 -------------------------");
        deskey = desutil.generatedeskey(deskeypwd);
        system.out.println("秘钥:" + deskey);
        system.out.println();
        // 文本加解密测试.
        system.out.println("----------------------- 文本加解密测试 -------------------------");
        system.out.println("明文:" + plaintext);
        ciphertext = desutil.encodetext(plaintext, deskey);
        system.out.println("密文:" + ciphertext);
        plaintext = desutil.decodetext(ciphertext, deskey);
        system.out.println("解密明文:" + plaintext);
        system.out.println();
        system.out.println("----------------------- 字节数组加解密测试 -------------------------");
        byte[] plainbytes = plaintext.getbytes("utf-8");
        byte[] cipherbytes = null;
        system.out.println("明文:" + arrays.tostring(plainbytes));
        cipherbytes = desutil.encodebytes(plainbytes, deskey);
        system.out.println("密文:" + arrays.tostring(cipherbytes));
        plainbytes = desutil.decodebytes(cipherbytes, deskey);
        system.out.println("解密明文:" + arrays.tostring(plainbytes));
        system.out.println();
    }
}

  控制台输出

  查看console中的控制台内容,明文和解密后明文对比,可以确认desutil可以正常工作,控制台如下图:

----------------------- 获取des秘钥 -------------------------
秘钥:mtiyndq3nzg=
----------------------- 文本加解密测试 -------------------------
明文:this is 一段明文内容!
密文:2guhziwpad0klmjyrzerlw83acn0am0f19nz18nf214=
解密明文:this is 一段明文内容!
----------------------- 字节数组加解密测试 -------------------------
明文:[84, 104, 105, 115, 32, 105, 115, 32, -28, -72, -128, -26, -82, -75, -26, -104, -114, -26, -106, -121, -27, -122, -123, -27, -82, -71, -17, -68, -127]
密文:[-38, 11, -121, -52, -123, -87, 105, -35, 36, -108, -56, -14, 69, -111, 17, 45, 111, 55, 105, -61, 116, 0, -51, 5, -41, -45, 89, -41, -61, 69, -37, 94]
解密明文:[84, 104, 105, 115, 32, 105, 115, 32, -28, -72, -128, -26, -82, -75, -26, -104, -114, -26, -106, -121, -27, -122, -123, -27, -82, -71, -17, -68, -127]

  总结

  现代密码学应用中,des的身影已越来越少见,随着硬件和互联网的发展,des在安全性方面的劣势变得尤为明显。在des之后,逐渐出现了用于过渡的3des以及新一代密码算法aes,3des是为了使得des更加难以破解,使用三次des加解密叠加得到的密码算法。而aes是作为下一代对称密码学算法,使用完全不同的算法进行了实现。在实际应用中,可以根据个人所需,选择合适的算法进行应用。