des算法简介
des 算法
des算法为密码体制中的对称密码体制,又被称为美国数据加密标准,是1972年美国ibm公司研制的对称密码体制加密算法。明文按64位进行分组,密钥长64位,密钥事实上是56位参与des运算(第8、16、24、32、40、48、56、64位是校验位,使得每个密钥都有奇数个1)分组后的明文组和56位的密钥按位替代或交换的方法形成密文组的加密方法。
des算法具有极高安全性,除了用穷举搜索法对des算法进行攻击外,还没有发现更有效的办法。而56位长的密钥的穷举空间为2^56,这意味着如果一台计算机的速度是每一秒钟检测一百万个密钥,则它搜索完全部密钥就需要将近2285年的时间,可见,这是难以实现的。然而,这并不等于说des是不可破解的。而实际上,随着硬件技术和internet的发展,其破解的可能性越来越大,而且,所需要的时间越来越少。使用经过特殊设计的硬件并行处理要几个小时。
为了克服des密钥空间小的缺陷,人们又提出了三重des的变形方式。
maven 依赖
工具类对于加密后使用base64进行编码,所以需要依赖apache commons codec。
<dependency>
<groupid>commons-codec</groupid>
<artifactid>commons-codec</artifactid>
<version>1.9</version>
</dependency>
<dependency>
<groupid>log4j</groupid>
<artifactid>log4j</artifactid>
<version>1.2.17</version>
</dependency>工具类实现
desutil提供了针对文本内容、字节数组内容的加解密实现,desutil工具类可以直接复制使用,代码如下:
package com.arhorchin.securitit.enordecryption.des;
import java.security.key;
import javax.crypto.cipher;
import javax.crypto.secretkeyfactory;
import javax.crypto.spec.deskeyspec;
import javax.crypto.spec.ivparameterspec;
import org.apache.commons.codec.binary.base64;
import org.apache.log4j.logger;
/**
* @author securitit.
* @note des加密算法实现.
*/
public class desutil {
/**
* logger.
*/
private static logger logger = logger.getlogger(desutil.class);
/**
* 数据编码.
*/
private static final string charset_utf8 = "utf-8";
/**
* 算法编号.
*/
public static final string des_name = "des";
/**
* cbc模式串.
*/
public static final string des_name_ecb = "des/cbc/pkcs5padding";
/**
* 初始向量.
*/
public static final byte[] des_key_iv = { 1, 2, 3, 4, 5, 6, 7, 8 };
/**
* 根据密码生成key.要求:密码长度是8的倍数.
* @param deskeypwd 密码字符串.
* @return des密钥.
* @throws exception 可能异常.
*/
public static string generatedeskey(string deskeypwd) throws exception {
deskeyspec deskeyspec = null;
secretkeyfactory keyfactory = null;
byte[] keybytes = null;
deskeyspec = new deskeyspec(deskeypwd.getbytes(charset_utf8));
keyfactory = secretkeyfactory.getinstance(des_name);
keybytes = keyfactory.generatesecret(deskeyspec).getencoded();
return base64.encodebase64string(keybytes);
}
/**
* 对文本内容进行加密.
* @param plaintext 待加密明文内容.
* @param deskey des密钥.
* @return 加密的密文.
*/
public static string encodetext(string plaintext, string deskey) throws exception {
byte[] deskeybytes = null;
byte[] plainbytes = null;
byte[] cipherbytes = null;
try {
deskeybytes = base64.decodebase64(deskey);
plainbytes = plaintext.getbytes(charset_utf8);
cipherbytes = encodebycbc(plainbytes, deskeybytes, des_key_iv);
return base64.encodebase64string(cipherbytes);
} catch (exception ex) {
logger.error("desutil.encodetext.", ex);
return "";
}
}
/**
* 对文本密文进行解密.
* @param ciphertext 待解密密文.
* @param deskey des密钥.
* @return 解密的明文.
*/
public static string decodetext(string ciphertext, string deskey) throws exception {
byte[] deskeybytes = null;
byte[] cipherbytes = null;
byte[] plainbytes = null;
try {
deskeybytes = base64.decodebase64(deskey);
cipherbytes = base64.decodebase64(ciphertext);
plainbytes = decodebycbc(cipherbytes, deskeybytes, des_key_iv);
return new string(plainbytes, charset_utf8);
} catch (exception ex) {
logger.error("desutil.decodetext.", ex);
return "";
}
}
/**
* 对字节数组内容进行加密.
* @param plaintext 待加密明文内容.
* @param dsekey des密钥.
* @return 加密的密文.
*/
public static byte[] encodebytes(byte[] plainbytes, string deskey) throws exception {
byte[] deskeybytes = null;
byte[] cipherbytes = null;
try {
deskeybytes = base64.decodebase64(deskey);
cipherbytes = encodebycbc(plainbytes, deskeybytes, des_key_iv);
return cipherbytes;
} catch (exception ex) {
logger.error("desutil.encodebytes.", ex);
return new byte[0];
}
}
/**
* 对字节数组密文进行解密.
* @param ciphertext 待解密密文.
* @param deskey des密钥.
* @return 解密的明文.
*/
public static byte[] decodebytes(byte[] cipherbytes, string deskey) throws exception {
byte[] deskeybytes = null;
byte[] plainbytes = null;
try {
deskeybytes = base64.decodebase64(deskey);
plainbytes = decodebycbc(cipherbytes, deskeybytes, des_key_iv);
return plainbytes;
} catch (exception ex) {
logger.error("desutil.decodebytes.", ex);
return new byte[0];
}
}
/**
* des算法使用cbc模式进行加密.
* @param plainbytes 原文内容.
* @param deskey des密钥.
* @param keyiv des初始向量.
* @return 加密后的内容.
* @throws exception .
*/
public static byte[] encodebycbc(byte[] plainbytes, byte[] deskey, byte[] keyiv) throws exception {
key deskey = null;
deskeyspec desspec = null;
secretkeyfactory keyfactory = null;
cipher cipher = null;
ivparameterspec ivspec = null;
byte[] cipherout = null;
desspec = new deskeyspec(deskey);
keyfactory = secretkeyfactory.getinstance(des_name);
deskey = keyfactory.generatesecret(desspec);
cipher = cipher.getinstance(des_name_ecb);
ivspec = new ivparameterspec(keyiv);
cipher.init(cipher.encrypt_mode, deskey, ivspec);
cipherout = cipher.dofinal(plainbytes);
return cipherout;
}
/**
* des算法使用cbc模式进行解密.
* @param plainbytes 密文内容.
* @param deskey des密钥.
* @param keyiv des初始向量.
* @return 解密后的内容.
* @throws exception .
*/
public static byte[] decodebycbc(byte[] plainbytes, byte[] deskey, byte[] keyiv) throws exception {
key deskey = null;
deskeyspec desspec = null;
secretkeyfactory keyfactory = null;
cipher cipher = null;
ivparameterspec ivspec = null;
byte[] cipherout = null;
desspec = new deskeyspec(deskey);
keyfactory = secretkeyfactory.getinstance(des_name);
deskey = keyfactory.generatesecret(desspec);
cipher = cipher.getinstance(des_name_ecb);
ivspec = new ivparameterspec(keyiv);
cipher.init(cipher.decrypt_mode, deskey, ivspec);
cipherout = cipher.dofinal(plainbytes);
return cipherout;
}
}工具类测试
package com.arhorchin.securitit.enordecryption.des;
import java.util.arrays;
/**
* @author securitit.
* @note desutil测试类.
*/
public class desutiltester {
public static void main(string[] args) throws exception {
string deskeypwd = "1234567887654321";
string deskey = null;
string plaintext = "this is 一段明文内容!";
string ciphertext = null;
system.out.println("----------------------- 获取des秘钥 -------------------------");
deskey = desutil.generatedeskey(deskeypwd);
system.out.println("秘钥:" + deskey);
system.out.println();
// 文本加解密测试.
system.out.println("----------------------- 文本加解密测试 -------------------------");
system.out.println("明文:" + plaintext);
ciphertext = desutil.encodetext(plaintext, deskey);
system.out.println("密文:" + ciphertext);
plaintext = desutil.decodetext(ciphertext, deskey);
system.out.println("解密明文:" + plaintext);
system.out.println();
system.out.println("----------------------- 字节数组加解密测试 -------------------------");
byte[] plainbytes = plaintext.getbytes("utf-8");
byte[] cipherbytes = null;
system.out.println("明文:" + arrays.tostring(plainbytes));
cipherbytes = desutil.encodebytes(plainbytes, deskey);
system.out.println("密文:" + arrays.tostring(cipherbytes));
plainbytes = desutil.decodebytes(cipherbytes, deskey);
system.out.println("解密明文:" + arrays.tostring(plainbytes));
system.out.println();
}
}控制台输出
查看console中的控制台内容,明文和解密后明文对比,可以确认desutil可以正常工作,控制台如下图:
----------------------- 获取des秘钥 -------------------------
秘钥:mtiyndq3nzg=
----------------------- 文本加解密测试 -------------------------
明文:this is 一段明文内容!
密文:2guhziwpad0klmjyrzerlw83acn0am0f19nz18nf214=
解密明文:this is 一段明文内容!
----------------------- 字节数组加解密测试 -------------------------
明文:[84, 104, 105, 115, 32, 105, 115, 32, -28, -72, -128, -26, -82, -75, -26, -104, -114, -26, -106, -121, -27, -122, -123, -27, -82, -71, -17, -68, -127]
密文:[-38, 11, -121, -52, -123, -87, 105, -35, 36, -108, -56, -14, 69, -111, 17, 45, 111, 55, 105, -61, 116, 0, -51, 5, -41, -45, 89, -41, -61, 69, -37, 94]
解密明文:[84, 104, 105, 115, 32, 105, 115, 32, -28, -72, -128, -26, -82, -75, -26, -104, -114, -26, -106, -121, -27, -122, -123, -27, -82, -71, -17, -68, -127]总结
现代密码学应用中,des的身影已越来越少见,随着硬件和互联网的发展,des在安全性方面的劣势变得尤为明显。在des之后,逐渐出现了用于过渡的3des以及新一代密码算法aes,3des是为了使得des更加难以破解,使用三次des加解密叠加得到的密码算法。而aes是作为下一代对称密码学算法,使用完全不同的算法进行了实现。在实际应用中,可以根据个人所需,选择合适的算法进行应用。
