写在前面
安全测试ECB模式过于简单需要改为CBC模式加密以下为工具类及测试
AESUtils.java
package com.sgcc.mobile.utils;import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.*;/**
* AES加密128位CBC模式工具类
*/
public class AESUtils { //算法/加密模式/填充方式
private static final String ALGORITHMSTR = "AES/CBC/PKCS5Padding";//"算法/模式/补码方式" //解密密钥(自行随机生成)
public static final String KEY = "qxhzngy266a186ke";//秘钥key
public static final String IV = "1ci5crnda6ojzgtr";//偏移量iv //认证密钥(自行随机生成)
public static final String AK = "s2ip9g3y3bjr5zz7ws6kjgx3ysr82zzw";//AccessKey
public static final String SK = "uv8zr0uen7aim8m7umcuooqzdv8cbvtf";//SecretKey //加密
public static String encrypt(String content) throws Exception {
byte[] raw = KEY.getBytes("utf-8");
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
//使用CBC模式,需要一个向量iv,可增加加密算法的强度
IvParameterSpec ips = new IvParameterSpec(IV.getBytes());
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ips);
byte[] encrypted = cipher.doFinal(content.getBytes());
return new BASE64Encoder().encode(encrypted);
} //解密
public static StringBuffer decrypt(String content) throws Exception {
try {
byte[] raw = KEY.getBytes("utf-8");
SecretKeySpec skeySpec = new SecretKeySpec(raw, "AES");
Cipher cipher = Cipher.getInstance(ALGORITHMSTR);
IvParameterSpec ips = new IvParameterSpec(IV.getBytes());
cipher.init(Cipher.DECRYPT_MODE, skeySpec, ips);
byte[] encrypted1 = new BASE64Decoder().decodeBuffer(content);
try {
byte[] original = cipher.doFinal(encrypted1);
StringBuffer originalString = new StringBuffer(new String(original));
return originalString;
} catch (Exception e) {
System.out.println(e.toString());
return null;
}
} catch (Exception ex) {
System.out.println(ex.toString());
return null;
}
} //获取认证签名(身份认证需要)
public static String getSign(String currentTime) throws Exception {
String sign = "";
Map<String, Object> map = new HashMap<String, Object>();
map.put("ak", AK);
map.put("sk", SK);
map.put("ts", currentTime);
//获取 参数字典排序后字符串
String decrypt = getOrderMap(map);
try {
//指定sha1算法
MessageDigest digest = MessageDigest.getInstance("SHA-1");
digest.update(decrypt.getBytes());
//获取字节数组
byte messageDigest[] = digest.digest();
// Create Hex String
StringBuffer hexString = new StringBuffer();
// 字节数组转换为十六进制数
for (int i = 0; i < messageDigest.length; i++) {
String shaHex = Integer.toHexString(messageDigest[i] & 0xFF);
if (shaHex.length() < 2) {
hexString.append(0);
}
hexString.append(shaHex);
}
sign = hexString.toString();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
return sign;
} //获取参数的字典排序
private static String getOrderMap(Map<String, Object> maps) {
List<String> paramNames = new ArrayList<String>();
for (Map.Entry<String, Object> entry : maps.entrySet()) {
paramNames.add(entry.getValue().toString());
}
Collections.sort(paramNames);
StringBuilder paramStr = new StringBuilder();
for (String paramName : paramNames) {
paramStr.append(paramName);
}
return paramStr.toString();
}// public static void main(String[] args) {
//
// String mw = "123qwe!@#";
// StringBuffer stringBuffer = new StringBuffer();
//
// try {
// String en = encrypt(mw);
// StringBuffer append = stringBuffer.append(en);
// System.out.println("加密" + append.toString());//w8RzmA/N1zPTRBKCYjoJgQ==
// StringBuffer decrypt = decrypt(append.toString());
// System.out.println("解密" + decrypt);//123qwe!@#
// } catch (Exception e) {
// e.printStackTrace();
// }
//
// }}
注意事项
需要注意的是, 在获取解密后的内容后是由StringBuffer接收的, 解密内容使用完毕需要将StringBuffer清空, 不得不说也太安全了…
StringBuffer清空方式有三种, 可参考如下方式:
// 清空sb
sb.setLength(0);//或sb.delete(0,sb.length());或sb = new StringBuffer();
