第十七篇：JAVA加密解密之PBE（Password Based Encryption）算法

PBE算法简介

PBE（Password Based Encryption，基于口令加密）是一种基于口令的加密算法，其特点是使用口令代替了密钥，而口令由用户自己掌管，采用随机数杂凑多重加密等方法保证数据的安全性。PBE算法在加密过程中并不是直接使用口令来加密，而是加密的密钥由口令生成，这个功能由PBE算法中的KDF函数完成。KDF函数的实现过程为：将用户输入的口令首先通过“盐”（salt）的扰乱产生准密钥，再将准密钥经过散列函数多次迭代后生成最终加密密钥，密钥生成后，PBE算法再选用对称加密算法对数据进行加密，可以选择DES、3DES、RC5等对称加密算法。

PBE算法实现

package com.jianggujin.codec;import java.security.Key;import java.util.Random;import javax.crypto.Cipher;import javax.crypto.SecretKey;import javax.crypto.SecretKeyFactory;import javax.crypto.spec.PBEKeySpec;import javax.crypto.spec.PBEParameterSpec;/** * Password-based encryption（基于密码加密） *  * @author jianggujin * */public class HQPBE{   private static HQPBE pbe = new HQPBE();   public static HQPBE getInstance()   {      return pbe;   }   private HQPBE()   {   }   /**    * PBE算法    *     * @author jianggujin    *    */   public static enum HQPBEAlgorithm   {      PBEWithMD5AndDES("PBEWithMD5AndDES"), PBEWithSHA1AndDESede("PBEWithSHA1AndDESede"), PBEWithSHA1AndRC2_40(            "PBEWithSHA1AndRC2_40");      private String name;      private HQPBEAlgorithm(String name)      {         this.name = name;      }      public String getName()      {         return this.name;      }   }   /**    * 初始化盐    *     * @return    */   public byte[] initSalt()   {      byte[] salt = new byte[8];      Random random = new Random();      random.nextBytes(salt);      return salt;   }   private static Key toKey(String peb, char[] password) throws Exception   {      PBEKeySpec keySpec = new PBEKeySpec(password);      SecretKeyFactory keyFactory = SecretKeyFactory.getInstance(peb);      SecretKey secretKey = keyFactory.generateSecret(keySpec);      return secretKey;   }   public byte[] encrypt(HQPBEAlgorithm algorithm, byte[] data, char[] password, byte[] salt) throws Exception   {      return encrypt(algorithm.getName(), data, password, salt);   }   public byte[] encrypt(String algorithm, byte[] data, char[] password, byte[] salt) throws Exception   {      return operate(Cipher.ENCRYPT_MODE, algorithm, data, password, salt);   }   public byte[] decrypt(HQPBEAlgorithm algorithm, byte[] data, char[] password, byte[] salt) throws Exception   {      return decrypt(algorithm.getName(), data, password, salt);   }   public byte[] decrypt(String algorithm, byte[] data, char[] password, byte[] salt) throws Exception   {      return operate(Cipher.DECRYPT_MODE, algorithm, data, password, salt);   }   private byte[] operate(int mode, String algorithm, byte[] data, char[] password, byte[] salt) throws Exception   {      Key key = toKey(algorithm, password);      PBEParameterSpec paramSpec = new PBEParameterSpec(salt, 100);      Cipher cipher = Cipher.getInstance(algorithm.toString());      cipher.init(mode, key, paramSpec);      return cipher.doFinal(data);   }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

测试代码：

import org.junit.Test;import com.jianggujin.codec.HQBase64;import com.jianggujin.codec.HQPBE;import com.jianggujin.codec.HQPBE.HQPBEAlgorithm;public class PBETest{   HQPBE pbe = HQPBE.getInstance();   HQBase64 base64 = HQBase64.getInstance();   @Test   public void encode() throws Exception   {      byte[] data = "jianggujin".getBytes();      byte[] salt = pbe.initSalt();      char[] password = "123456".toCharArray();      HQPBEAlgorithm[] algorithms = HQPBEAlgorithm.values();      for (HQPBEAlgorithm algorithm : algorithms)      {         byte[] result = pbe.encrypt(algorithm, data, password, salt);         System.err.println(algorithm + ":" + base64.encodeToString(result));      }   }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

测试结果： 
PBEWithMD5AndDES:KU/sNP0/JAD70vvmT8wagg== 
PBEWithSHA1AndDESede:+q0BC6yF2wbPbvIMUgMHjw== 
PBEWithSHA1AndRC2_40:tPdCEQDIlR+qpbctCgVuOQ==