Java安全—Java实现消息摘要算法加密
一.概述
我们打开Apache的官网的如下页面,可以看到md5,点击md5的超链接,在新打开的页面将看到一串字符串,即是MD5的消息摘要。
消息摘要算法有:MD(Message Digest)、SHA(Secure Hash Algorithm)、MAC(Message Authentication Code),它们的作用是验证数据完整性,是数字签名核心算法。
二.消息摘要算法MD
MD家族(128位摘要信息),除MD5外,还有MD2、MD4。
BC的算法对JDK算法的补充;CC的MD算法的底层实现其实就是JDK提供的,方便开发者使用。
package com.bijian.study;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.MD4Digest;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class BJMD5 {
private static String src = "bj security md";
public static void main(String[] args) {
jdkMD5();
jdkMD2();
bcMD5();
bcMD4();
bcMD4_2();
getProviderTest();
ccMD5();
ccMD2();
}
public static void jdkMD5() {
try {
MessageDigest md = MessageDigest.getInstance("MD5");
byte[] md5Bytes = md.digest(src.getBytes());
System.out.println("JDK MD5:" + Hex.encodeHexString(md5Bytes));
}catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static void jdkMD2() {
try {
MessageDigest md = MessageDigest.getInstance("MD2");
byte[] md2Bytes = md.digest(src.getBytes());
System.out.println("JDK MD2:" + Hex.encodeHexString(md2Bytes));
}catch(NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static void bcMD5() {
Digest digest = new MD5Digest();
digest.update(src.getBytes(), 0, src.getBytes().length);
byte[] md5Bytes = new byte[digest.getDigestSize()];
digest.doFinal(md5Bytes, 0);
System.out.println("BC MD5:" + org.bouncycastle.util.encoders.Hex.toHexString(md5Bytes));
}
public static void bcMD4() {
Digest digest = new MD4Digest();
digest.update(src.getBytes(), 0, src.getBytes().length);
byte[] md4Bytes = new byte[digest.getDigestSize()];
digest.doFinal(md4Bytes, 0);
System.out.println("BC MD4:" + org.bouncycastle.util.encoders.Hex.toHexString(md4Bytes));
}
//通过Security.addProvider方式给JDK动态添加Provider
public static void bcMD4_2() {
try {
Security.addProvider(new BouncyCastleProvider());
MessageDigest md = MessageDigest.getInstance("MD4");
System.out.println(md.getProvider());//BC version 1.49
byte[] md4Bytes = md.digest(src.getBytes());
System.out.println("BC MD4:" + Hex.encodeHexString(md4Bytes));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
//如果设置了BouncyCastleProvider,再去获得相应算法时,得到的还是JDK的
public static void getProviderTest() {
try {
Security.addProvider(new BouncyCastleProvider());
MessageDigest md = MessageDigest.getInstance("MD5");
System.out.println(md.getProvider());//SUN version 1.6
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static void ccMD5() {
System.out.println("CC MD5:" + DigestUtils.md5Hex(src.getBytes()));
}
public static void ccMD2() {
System.out.println("CC MD2:" + DigestUtils.md2Hex(src.getBytes()));
}
}运行结果:
JDK MD5:0cf7225221a46eb7fb10c46c4e415344 JDK MD2:d4d6c6a7bd4aaf821453ce1df02c597c BC MD5:0cf7225221a46eb7fb10c46c4e415344 BC MD4:e0950c38aedccf757dcb07424425be44 BC version 1.49 BC MD4:e0950c38aedccf757dcb07424425be44 SUN version 1.6 CC MD5:0cf7225221a46eb7fb10c46c4e415344 CC MD2:d4d6c6a7bd4aaf821453ce1df02c597c
应用:在用户注册认证时,对密码进行MD摘要处理后保存。
三.消息摘要算法SHA
SHA算法是一个安全散列算法,是固定长度摘要信息。包括SHA-1、SHA-2(SHA-224、SHA-256、SHA-384、SHA-512)算法。
package com.bijian.study;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.Security;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA224Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class BJSHA {
private static String src = "bj security sha";
public static void main(String[] args) {
jdkSHA1();
bcSHA1();
bcSHA224();
bcSHA224_2();
ccSHA1();
}
public static void jdkSHA1() {
try {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(src.getBytes());
System.out.println("jdk sha-1:" + Hex.encodeHexString(md.digest()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static void bcSHA1() {
Digest digest = new SHA1Digest();
digest.update(src.getBytes(), 0, src.getBytes().length);
byte[] sha1Bytes = new byte[digest.getDigestSize()];
digest.doFinal(sha1Bytes, 0);
System.out.println("bc sha-1:" + org.bouncycastle.util.encoders.Hex.toHexString(sha1Bytes));
}
public static void bcSHA224() {
Digest digest = new SHA224Digest();
digest.update(src.getBytes(), 0, src.getBytes().length);
byte[] sha224Bytes = new byte[digest.getDigestSize()];
digest.doFinal(sha224Bytes, 0);
System.out.println("bc sha-224:" + org.bouncycastle.util.encoders.Hex.toHexString(sha224Bytes));
}
//Provider方式实现SHA224
public static void bcSHA224_2() {
try {
Security.addProvider(new BouncyCastleProvider());
MessageDigest md = MessageDigest.getInstance("SHA224");
System.out.println(md.getProvider());//BC version 1.49
byte[] sha224Bytes = md.digest(src.getBytes());
System.out.println("bc sha-224_2:" + Hex.encodeHexString(sha224Bytes));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static void ccSHA1() {
System.out.println("cc sha1-1:" + DigestUtils.sha1Hex(src.getBytes()));
System.out.println("cc sha1-2:" + DigestUtils.sha1Hex(src));
}
}运行结果:
jdk sha-1:8195da0382300aac158cfc55c61fb58478a0ebe2 bc sha-1:8195da0382300aac158cfc55c61fb58478a0ebe2 bc sha-224:34533e26cfa2b14e6f21d731148bb589233bcc2a10136fa3b4a5ec97 BC version 1.49 bc sha-224_2:34533e26cfa2b14e6f21d731148bb589233bcc2a10136fa3b4a5ec97 cc sha1-1:8195da0382300aac158cfc55c61fb58478a0ebe2 cc sha1-2:8195da0382300aac158cfc55c61fb58478a0ebe2
打开Firxfox,我们可以看到SHA的应用。
消息摘要算法经典用法:
消息鉴别是指在接收方将原始信息进行摘要,然后与接收到的摘要信息进行比对。当然,在发送消息中比较常用的做法是:a.加入约定Key;b.增加时间戳;c.排序。
如:http://***?msg=12Had47mj×tamp=1325252526,其中msg:原始消息+key+时间戳。具体也可以参考腾讯的Open API。
四.消息摘要算法MAC
MAC:Message Authentication Code,HMAC:keyed-Hash Message Authentication Code,含有**的散列函数算法,融合MD、SHA。
MD系列:HmacMD2、HmacMD4、HmacMD5。
SHA系列:HmacSHA1、HmacSHA224、HmacSHA256、HmacSHA384、HmacSHA512。
应用如SecureCRT。
package com.bijian.study;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
public class BJHmac {
private static String src = "bj security hmac";
public static void main(String[] args) {
jdkHmacMD5();
bcHmacMD5();
}
//JDK的Hmac的MD5算法
public static void jdkHmacMD5() {
try {
//初始化KeyGenerator
KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacMD5");
SecretKey secretKey = keyGenerator.generateKey();//产生**
// byte[] key = secretKey.getEncoded();//获得**
byte[] key = Hex.decodeHex(new char[]{'a','a','a','a','a','a','a','a','a','a'});
SecretKey restoreSecreKey = new SecretKeySpec(key, "HmacMD5");//还原**
Mac mac = Mac.getInstance(restoreSecreKey.getAlgorithm());//实例化MAC
mac.init(restoreSecreKey);
byte[] hmacMD5Bytes = mac.doFinal(src.getBytes());
System.out.println("jdk hmacMD5:" + Hex.encodeHexString(hmacMD5Bytes));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (DecoderException e) {
e.printStackTrace();
}
}
//BC的Hmac的MD5算法
public static void bcHmacMD5() {
HMac hmac = new HMac(new MD5Digest());
hmac.init(new KeyParameter(org.bouncycastle.util.encoders.Hex.decode("aaaaaaaaaa")));
hmac.update(src.getBytes(), 0, src.getBytes().length);
byte[] hmacMD5Bytes = new byte[hmac.getMacSize()];//执行摘要
hmac.doFinal(hmacMD5Bytes, 0);
System.out.println("bc hmacMD5:" + Hex.encodeHexString(hmacMD5Bytes));
}
}运行结果:
jdk hmacMD5:cc31626a65895732de1bc6b53cd89dca bc hmacMD5:cc31626a65895732de1bc6b53cd89dca
算法的典型应用:
五.其它消息摘要算法
1.RipeMD
2.Tiger
3.Whirlpool
4.GOST3411
以上几类都是Bouncy Castle实现