非對稱加密演算法之DH
阿新 • • 發佈:2019-02-05
一.概述
(1)非對稱加密演算法DH的加解密效率比較低,對要加密的資料長度有著苛刻的要求,這也就是效率換安全吧。
(2)雖然對稱加密效率高,但金鑰的傳輸需要另外的通道(方式),非對稱加密通過構建本地金鑰來解決金鑰的傳輸問題。
二.加解密過程簡析
1.傳送方A構建金鑰對,A公佈公鑰
2.接收方B根據A公佈的公鑰構建金鑰對,B公佈公鑰
3.傳送方A使用A構建的私鑰+B公佈的公鑰對資料加密
4.接收方B使用B構建的私鑰+A公佈的公鑰對資料解密
三.CODE SHOW
(1)非對稱加密演算法DH的加解密效率比較低,對要加密的資料長度有著苛刻的要求,這也就是效率換安全吧。
(2)雖然對稱加密效率高,但金鑰的傳輸需要另外的通道(方式),非對稱加密通過構建本地金鑰來解決金鑰的傳輸問題。
二.加解密過程簡析
1.傳送方A構建金鑰對,A公佈公鑰
2.接收方B根據A公佈的公鑰構建金鑰對,B公佈公鑰
3.傳送方A使用A構建的私鑰+B公佈的公鑰對資料加密
4.接收方B使用B構建的私鑰+A公佈的公鑰對資料解密
三.CODE SHOW
package com.sys.common; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.spec.X509EncodedKeySpec; import javax.crypto.Cipher; import javax.crypto.KeyAgreement; import javax.crypto.SecretKey; import javax.crypto.interfaces.DHPublicKey; import javax.crypto.spec.DHParameterSpec; import org.apache.commons.codec.binary.Base64; public class test { private static String src="DH加密演算法"; public static void main(String[] args){ jdkDH(); } public static void jdkDH(){ try { //初始化傳送方金鑰 KeyPairGenerator senderKeyPairGenerator=KeyPairGenerator.getInstance("DH"); senderKeyPairGenerator.initialize(512); KeyPair senderKeyPair=senderKeyPairGenerator.generateKeyPair(); PrivateKey sendPrivateKey=senderKeyPair.getPrivate(); byte[] senderPublicKeyEnc=senderKeyPair.getPublic().getEncoded(); //公佈傳送方公鑰 //初始化接收方金鑰 (需要使用傳送方公佈的公鑰) KeyFactory receiverKeyFactory=KeyFactory.getInstance("DH"); X509EncodedKeySpec x509EncodedKeySpec=new X509EncodedKeySpec(senderPublicKeyEnc); PublicKey receiverPublicKey=receiverKeyFactory.generatePublic(x509EncodedKeySpec); DHParameterSpec dhParameterSpec=((DHPublicKey)receiverPublicKey).getParams(); KeyPairGenerator receiverKeyPairGenerator=KeyPairGenerator.getInstance("DH"); receiverKeyPairGenerator.initialize(dhParameterSpec); KeyPair receiverKeyPair=receiverKeyPairGenerator.generateKeyPair(); PrivateKey receiverPrivateKey=receiverKeyPair.getPrivate(); byte[] receiverPublicKeyEnc =receiverKeyPair.getPublic().getEncoded(); //公佈接收方公鑰 //傳送方對資料加密 (傳送發私鑰+接收方公佈的公鑰) KeyFactory senderKeyFactory=KeyFactory.getInstance("DH"); x509EncodedKeySpec=new X509EncodedKeySpec(receiverPublicKeyEnc); PublicKey senderPublicKey=senderKeyFactory.generatePublic(x509EncodedKeySpec); KeyAgreement senderKeyAgreement=KeyAgreement.getInstance("DH"); senderKeyAgreement.init(sendPrivateKey); senderKeyAgreement.doPhase(senderPublicKey, true); Cipher cipher=Cipher.getInstance("DES"); SecretKey senderDesKey=senderKeyAgreement.generateSecret("DES"); cipher.init(Cipher.ENCRYPT_MODE,senderDesKey); byte[] result=cipher.doFinal(src.getBytes()); System.out.println("jdk dh encrypt:"+Base64.encodeBase64String(result)); //接收方對加密資料解密 (接收方私鑰+傳送方公佈的公鑰) KeyAgreement receiverKeyAgreement = KeyAgreement.getInstance("DH"); receiverKeyAgreement.init(receiverPrivateKey); receiverKeyAgreement.doPhase(receiverPublicKey, true); SecretKey receiverDesKey=receiverKeyAgreement.generateSecret("DES"); cipher=Cipher.getInstance("DES"); cipher.init(Cipher.DECRYPT_MODE,receiverDesKey); result=cipher.doFinal(result); System.out.println("jdk dh encrypt:"+new String(result)); } catch (Exception e) { e.printStackTrace(); } } }
四.輸出結果