引言
如今手机app五彩缤纷,确保手机用户的数据安全是开发人员必须掌握的技巧,下面通过实例介绍DES在android、ios、java平台的使用方法;
DES加密是目前最常用的对称加密方式,性能优于非对称加密(RSA),是手机app请求数据加密的优先选择。
DES简介:
DES全称为Data Encryption Standard,即数据加密标准,是一种使用密钥加密的块算法, 算法的入口参数有三个:Key、Data、Mode。
Key:为7个字节共56位,是DES算法的工作密钥;
Data:为8个字节64位,是要被加密或被解密的数据;
Mode:为DES的工作方式,有两种:加密或解密。
3DES简介:
3DES(或称为Triple DES)是三重数据加密算法(TDEA,Triple Data Encryption Algorithm)块密码的通称。它相当于是对每个数据块应用三次DES加密算法。由于计算机运算能力的增强,原版DES密码的密钥长度变得容易被暴力破解;3DES即是设计用来提供一种相对简单的方法,即通过增加DES的密钥长度来避免类似的攻击,而不是设计一种全新的块密码算法。因此比起最初的DES,3DES更为安全。
加密实例:
java版
package com.v1.linxun.portal.utils;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
/**
* 3DES加密工具类
*/
public class Des3Util {
// 密钥 长度不得小于24
private final static String secretKey = "123456789012345678901234" ;
// 向量 可有可无 终端后台也要约定
private final static String iv = "01234567";
// 加解密统一使用的编码方式
private final static String encoding = "utf-8";
/**
* 3DES加密
*
* @param plainText
* 普通文本
* @return
* @throws Exception
*/
public static String encode(String plainText) throws Exception {
Key deskey = null;
DESedeKeySpec spec = new DESedeKeySpec(secretKey .getBytes());
SecretKeyFactory keyfactory = SecretKeyFactory.getInstance( "desede");
deskey = keyfactory.generateSecret( spec);
Cipher cipher = Cipher.getInstance( "desede/CBC/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec( iv.getBytes());
cipher.init(Cipher. ENCRYPT_MODE, deskey, ips);
byte[] encryptData = cipher.doFinal( plainText.getBytes( encoding));
return Base64. encode( encryptData);
}
/**
* 3DES解密
*
* @param encryptText
* 加密文本
* @return
* @throws Exception
*/
public static String decode(String encryptText) throws Exception {
Key deskey = null;
DESedeKeySpec spec = new DESedeKeySpec( secretKey.getBytes());
SecretKeyFactory keyfactory = SecretKeyFactory.getInstance( "desede");
deskey = keyfactory. generateSecret( spec);
Cipher cipher = Cipher.getInstance( "desede/CBC/PKCS5Padding" );
IvParameterSpec ips = new IvParameterSpec( iv.getBytes());
cipher. init(Cipher. DECRYPT_MODE, deskey, ips);
byte[] decryptData = cipher. doFinal(Base64. decode(encryptText ));
return new String( decryptData, encoding);
}
public static void main(String args[]) throws Exception{
String str = "你好" ;
System. out.println( "----加密前-----:" + str );
String encodeStr = Des3Util. encode( str);
System. out.println( "----加密后-----:" + encodeStr );
System. out.println( "----解密后-----:" + Des3Util.decode( encodeStr));
}
}
|
Android版:
package com.inn.test;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.IvParameterSpec;
import android.util.Base64;
/**
* Android 3DES加密工具类
*/
public class AndroidDes3Util {
// 密钥 长度不得小于24
private final static String secretKey = "123456789012345678901234" ;
// 向量 可有可无 终端后台也要约定
private final static String iv = "01234567" ;
// 加解密统一使用的编码方式
private final static String encoding = "utf-8" ;
/**
* 3DES加密
*
* @param plainText
* 普通文本
* @return
* @throws Exception
*/
public static String encode(String plainText) throws Exception {
Key deskey = null ;
DESedeKeySpec spec = new DESedeKeySpec(secretKey .getBytes());
SecretKeyFactory keyfactory = SecretKeyFactory.getInstance( "desede");
deskey = keyfactory.generateSecret(spec);
Cipher cipher = Cipher.getInstance( "desede/CBC/PKCS5Padding");
IvParameterSpec ips = new IvParameterSpec( iv.getBytes());
cipher.init(Cipher. ENCRYPT_MODE , deskey, ips);
byte [] encryptData = cipher.doFinal(plainText.getBytes(encoding ));
return Base64.encodeToString(encryptData,Base64. DEFAULT );
}
/**
* 3DES解密
*
* @param encryptText
* 加密文本
* @return
* @throws Exception
*/
public static String decode(String encryptText) throws Exception {
Key deskey = null ;
DESedeKeySpec spec = new DESedeKeySpec( secretKey.getBytes());
SecretKeyFactory keyfactory = SecretKeyFactory.getInstance( "desede" );
deskey = keyfactory. generateSecret(spec);
Cipher cipher = Cipher.getInstance( "desede/CBC/PKCS5Padding" );
IvParameterSpec ips = new IvParameterSpec( iv.getBytes());
cipher. init(Cipher. DECRYPT_MODE, deskey, ips);
byte [] decryptData = cipher.doFinal(Base64. decode(encryptText, Base64. DEFAULT));
return new String (decryptData, encoding);
}
}
|
IOS版:
// // DES3EncryptUtil.h // DES3加解密工具 // // Created by xc on 15/12/18. // Copyright © 2015年 xc. All rights reserved. // #import <Foundation/Foundation.h> @interface DES3EncryptUtil : NSObject // 加密方法 + (NSString*)encrypt:(NSString*)plainText; // 解密方法 + (NSString*)decrypt:(NSString*)encryptText; @end |
// // DES3EncryptUtil.m // DES3加解密工具 // Created by xc on 15/12/18. // Copyright © 2015年 xc. All rights reserved. #import <Foundation/Foundation.h> #import <CommonCrypto/CommonCryptor.h> #import "MyBase64.h" //秘钥 #define gkey @"xiangchao@qq.comrnnchina" //向量 #define gIv @"01234567" @implementation DES3EncryptUtil : NSObject // 加密方法 + (NSString*)encrypt:(NSString*)plainText { NSData* data = [plainText dataUsingEncoding:NSUTF8StringEncoding]; size_t plainTextBufferSize = [data length]; const void *vplainText = (const void *)[data bytes]; CCCryptorStatus ccStatus; uint8_t *bufferPtr = NULL; size_t bufferPtrSize = 0; size_t movedBytes = 0; bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1); bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t)); memset((void *)bufferPtr, 0x0, bufferPtrSize); const void *vkey = (const void *) [gkey UTF8String]; const void *vinitVec = (const void *) [gIv UTF8String]; ccStatus = CCCrypt(kCCEncrypt, kCCAlgorithm3DES, kCCOptionPKCS7Padding, vkey, kCCKeySize3DES, vinitVec, vplainText, plainTextBufferSize, (void *)bufferPtr, bufferPtrSize, &movedBytes); NSData *myData = [NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes]; NSString *result = [MyBase64 base64EncodedStringFrom:myData]; return result; } // 解密方法 + (NSString*)decrypt:(NSString*)encryptText { NSData *encryptData = [MyBase64 dataWithBase64EncodedString:encryptText]; size_t plainTextBufferSize = [encryptData length]; const void *vplainText = [encryptData bytes]; CCCryptorStatus ccStatus; uint8_t *bufferPtr = NULL; size_t bufferPtrSize = 0; size_t movedBytes = 0; bufferPtrSize = (plainTextBufferSize + kCCBlockSize3DES) & ~(kCCBlockSize3DES - 1); bufferPtr = malloc( bufferPtrSize * sizeof(uint8_t)); memset((void *)bufferPtr, 0x0, bufferPtrSize); const void *vkey = (const void *) [gkey UTF8String]; const void *vinitVec = (const void *) [gIv UTF8String]; ccStatus = CCCrypt(kCCDecrypt, kCCAlgorithm3DES, kCCOptionPKCS7Padding, vkey, kCCKeySize3DES, vinitVec, vplainText, plainTextBufferSize, (void *)bufferPtr, bufferPtrSize, &movedBytes); NSString *result = [[NSString alloc] initWithData:[NSData dataWithBytes:(const void *)bufferPtr length:(NSUInteger)movedBytes] encoding:NSUTF8StringEncoding] ; return result; } @end |
IOS加密工具中会将加密后的密文 转化程Base64的字符串,用到了Base64编码工具,如下
// // CommonFunc.h // PRJ_base64 // // Created by wangzhipeng on 12-11-29. // Copyright (c) 2012年 com.comsoft. All rights reserved. // #import <Foundation/Foundation.h> #define __BASE64( text ) [CommonFunc base64StringFromText:text] #define __TEXT( base64 ) [CommonFunc textFromBase64String:base64] @interface MyBase64 : NSObject /****************************************************************************** 函数名称 : + (NSString *)base64StringFromText:(NSString *)text 函数描述 : 将文本转换为base64格式字符串 输入参数 : (NSString *)text 文本 输出参数 : N/A 返回参数 : (NSString *) base64格式字符串 备注信息 : ******************************************************************************/ + (NSString *)base64StringFromText:(NSString *)text; /****************************************************************************** 函数名称 : + (NSString *)base64StringFromText:(NSString *)text 函数描述 : 将文本转换为base64格式字符串 输入参数 : (NSString *)text 文本 输出参数 : N/A 返回参数 : (NSString *) base64格式字符串 备注信息 : ******************************************************************************/ + (NSString *)base64EncodedStringFrom:(NSData *)data; /****************************************************************************** 函数名称 : + (NSString *)textFromBase64String:(NSString *)base64 函数描述 : 将base64格式字符串转换为文本 输入参数 : (NSString *)base64 base64格式字符串 输出参数 : N/A 返回参数 : (NSString *) 文本 备注信息 : ******************************************************************************/ + (NSString *)textFromBase64String:(NSString *)base64; /****************************************************************************** 函数名称 : + (NSString *)textFromBase64String:(NSString *)base64 函数描述 : 将base64格式字符串转换为文本 输入参数 : (NSString *)base64 base64格式字符串 输出参数 : N/A 返回参数 : (NSString *) 文本 备注信息 : ******************************************************************************/ + (NSData *)dataWithBase64EncodedString:(NSString *)string; @end |
// // CommonFunc.m // PRJ_base64 // // Created by wangzhipeng on 12-11-29. // Copyright (c) 2012年 com.comsoft. All rights reserved. // #import "MyBase64.h" //引入IOS自带密码库 #import <CommonCrypto/CommonCryptor.h> //空字符串 #define LocalStr_None @"" static const char encodingTable[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; @implementation MyBase64 : NSObject + (NSString *)base64StringFromText:(NSString *)text { if (text && ![text isEqualToString:LocalStr_None]) { //取项目的bundleIdentifier作为KEY 改动了此处 //NSString *key = [[NSBundle mainBundle] bundleIdentifier]; NSData *data = [text dataUsingEncoding:NSUTF8StringEncoding]; //IOS 自带DES加密 Begin 改动了此处 //data = [self DESEncrypt:data WithKey:key]; //IOS 自带DES加密 End return [self base64EncodedStringFrom:data]; } else { return LocalStr_None; } } + (NSString *)textFromBase64String:(NSString *)base64 { if (base64 && ![base64 isEqualToString:LocalStr_None]) { //取项目的bundleIdentifier作为KEY 改动了此处 //NSString *key = [[NSBundle mainBundle] bundleIdentifier]; NSData *data = [self dataWithBase64EncodedString:base64]; //IOS 自带DES解密 Begin 改动了此处 //data = [self DESDecrypt:data WithKey:key]; //IOS 自带DES加密 End return [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding]; } else { return LocalStr_None; } } /****************************************************************************** 函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key 函数描述 : 文本数据进行DES加密 输入参数 : (NSData *)data (NSString *)key 输出参数 : N/A 返回参数 : (NSData *) 备注信息 : 此函数不可用于过长文本 ******************************************************************************/ + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key { char keyPtr[kCCKeySizeAES256+1]; bzero(keyPtr, sizeof(keyPtr)); [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = [data length]; size_t bufferSize = dataLength + kCCBlockSizeAES128; void *buffer = malloc(bufferSize); size_t numBytesEncrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionPKCS7Padding | kCCOptionECBMode, keyPtr, kCCBlockSizeDES, NULL, [data bytes], dataLength, buffer, bufferSize, &numBytesEncrypted); if (cryptStatus == kCCSuccess) { return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted]; } free(buffer); return nil; } /****************************************************************************** 函数名称 : + (NSData *)DESEncrypt:(NSData *)data WithKey:(NSString *)key 函数描述 : 文本数据进行DES解密 输入参数 : (NSData *)data (NSString *)key 输出参数 : N/A 返回参数 : (NSData *) 备注信息 : 此函数不可用于过长文本 ******************************************************************************/ + (NSData *)DESDecrypt:(NSData *)data WithKey:(NSString *)key { char keyPtr[kCCKeySizeAES256+1]; bzero(keyPtr, sizeof(keyPtr)); [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding]; NSUInteger dataLength = [data length]; size_t bufferSize = dataLength + kCCBlockSizeAES128; void *buffer = malloc(bufferSize); size_t numBytesDecrypted = 0; CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt, kCCAlgorithmDES, kCCOptionPKCS7Padding | kCCOptionECBMode, keyPtr, kCCBlockSizeDES, NULL, [data bytes], dataLength, buffer, bufferSize, &numBytesDecrypted); if (cryptStatus == kCCSuccess) { return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted]; } free(buffer); return nil; } /****************************************************************************** 函数名称 : + (NSData *)dataWithBase64EncodedString:(NSString *)string 函数描述 : base64格式字符串转换为文本数据 输入参数 : (NSString *)string 输出参数 : N/A 返回参数 : (NSData *) 备注信息 : ******************************************************************************/ + (NSData *)dataWithBase64EncodedString:(NSString *)string { if (string == nil) [NSException raise:NSInvalidArgumentException format:nil]; if ([string length] == 0) return [NSData data]; static char *decodingTable = NULL; if (decodingTable == NULL) { decodingTable = malloc(256); if (decodingTable == NULL) return nil; memset(decodingTable, CHAR_MAX, 256); NSUInteger i; for (i = 0; i < 64; i++) decodingTable[(short)encodingTable[i]] = i; } const char *characters = [string cStringUsingEncoding:NSASCIIStringEncoding]; if (characters == NULL) // Not an ASCII string! return nil; char *bytes = malloc((([string length] + 3) / 4) * 3); if (bytes == NULL) return nil; NSUInteger length = 0; NSUInteger i = 0; while (YES) { char buffer[4]; short bufferLength; for (bufferLength = 0; bufferLength < 4; i++) { if (characters[i] == ' ') break; if (isspace(characters[i]) || characters[i] == '=') continue; buffer[bufferLength] = decodingTable[(short)characters[i]]; if (buffer[bufferLength++] == CHAR_MAX) // Illegal character! { free(bytes); return nil; } } if (bufferLength == 0) break; if (bufferLength == 1) // At least two characters are needed to produce one byte! { free(bytes); return nil; } // Decode the characters in the buffer to bytes. bytes[length++] = (buffer[0] << 2) | (buffer[1] >> 4); if (bufferLength > 2) bytes[length++] = (buffer[1] << 4) | (buffer[2] >> 2); if (bufferLength > 3) bytes[length++] = (buffer[2] << 6) | buffer[3]; } bytes = realloc(bytes, length); return [NSData dataWithBytesNoCopy:bytes length:length]; } /****************************************************************************** 函数名称 : + (NSString *)base64EncodedStringFrom:(NSData *)data 函数描述 : 文本数据转换为base64格式字符串 输入参数 : (NSData *)data 输出参数 : N/A 返回参数 : (NSString *) 备注信息 : ******************************************************************************/ + (NSString *)base64EncodedStringFrom:(NSData *)data { if ([data length] == 0) return @""; char *characters = malloc((([data length] + 2) / 3) * 4); if (characters == NULL) return nil; NSUInteger length = 0; NSUInteger i = 0; while (i < [data length]) { char buffer[3] = {0,0,0}; short bufferLength = 0; while (bufferLength < 3 && i < [data length]) buffer[bufferLength++] = ((char *)[data bytes])[i++]; // Encode the bytes in the buffer to four characters, including padding "=" characters if necessary. characters[length++] = encodingTable[(buffer[0] & 0xFC) >> 2]; characters[length++] = encodingTable[((buffer[0] & 0x03) << 4) | ((buffer[1] & 0xF0) >> 4)]; if (bufferLength > 1) characters[length++] = encodingTable[((buffer[1] & 0x0F) << 2) | ((buffer[2] & 0xC0) >> 6)]; else characters[length++] = '='; if (bufferLength > 2) characters[length++] = encodingTable[buffer[2] & 0x3F]; else characters[length++] = '='; } return [[NSString alloc] initWithBytesNoCopy:characters length:length encoding:NSASCIIStringEncoding freeWhenDone:YES]; } @end |
到此为止,三平台的加密已经全部结束,代码可以直接使用。