æè¿ä¸ä¸ªåä½åæåºä½¿ç¨3DES交æ¢æ°æ®ï¼æ¬æ¥ä»ä»¬æç°æç代ç ï¼å¯æåªæ.netçæ¬ï¼æ们çæå¡å¨é½æ¯Linuxï¼èä¸åºç¨é½æ¯Javaãäºæ¯å¯¹ç
§ä»ä»¬æä¾ç代ç æ¹äºä¸ä¸ªJavaççæ¬åºæ¥ï¼ä¸»è¦æ¯ä¸çæ3DESï¼æè
¾äºä¸å¤©ï¼ç»äºæå®ã
æè°3DESï¼å°±æ¯æDESåä¸æ¬¡ï¼å½ç¶ä¸æ¯ç®åå°DES DES DESå°±è¡äºï¼ä¸éæäºç¹å®çæåãè¿ä¸ªæå¯ä¸å
³å¿ï¼åµåµï¼æçç®çæ¯ä½¿ç¨å®ã
å¨ç½ä¸æç´¢äºä¸ä¸3DESï¼æ¾å°å¾å°èµæãç»è¿æåä»ç»ï¼æ¾å°GNU CryptoåBouncy Castle两个Javaæ©å
å
ï¼éé¢åºè¯¥æ3DESçå®ç°å§ã
ä»GNU Cryptoå
¥æï¼æ¾å°ä¸ä¸ªTripleDESçå®ç°ç±»ï¼åç°åæ¥3DESè¿æä¸ä¸ªååå«DESedeï¼å¨ç½ä¸æç´¢TripleDESåDESedeï¼åµåµï¼ç»äºåç°æ´å¤çèµæäºã
Javaçå®å
¨APIå§ç»é£ä¹é¾ç¨ï¼å
å建ä¸ä¸ªcipherççç®æ³å¨ä¸å¨å§
Cipher cipher = Cipher.getInstance("DESede");
å¦æ没ææå¼å¸¸çè¯ï¼å°±è¯æè¿ä¸ªç®æ³æ¯ææç
çªç¶æ³ççJDKæ没æå
ç½®DESedeï¼äºæ¯æå¼Cryptoï¼ç´æ¥æµè¯ï¼åç°å¯ä»¥æ£ç¡®è¿è¡ãå¨jce.jaréé¢æ¾å°ç¸å
³çç±»ï¼JDKå
ç½®äºã
äºæ¯ç´æ¥ç¨DESç代ç æ¥æ¹&æµè¯ï¼æå代ç åæè¿æ ·
SecureRandom sr = new SecureRandom();
DESedeKeySpec dks = new DESedeKeySpec(PASSWORD_CRYPT_KEY.getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey securekey = keyFactory.generateSecret(dks);
Cipher cipher = Cipher.getInstance("DESede");
cipher.init(Cipher.ENCRYPT_MODE, securekey, sr);
return new String(Hex.encodeHex(cipher.doFinal(str.getBytes())));
éè¦çæçæ¯ï¼è¦ä½¿ç¨DESedeçSpecãFactoryåCipheræè¡
äºæ
è¿æ²¡å®ç»ï¼åä½åç»è¿æ¥çé¤äºå¯é¥ä¹å¤ï¼è¿æä¸ä¸ªIVåéãæç´¢äºä¸ä¸ï¼åç°æä¸ä¸ªIvParameterSpecç±»ï¼äºæ¯ä»£ç åæè¿æ ·
SecureRandom sr = new SecureRandom();
DESedeKeySpec dks = new DESedeKeySpec(PASSWORD_CRYPT_KEY.getBytes());
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
SecretKey securekey = keyFactory.generateSecret(dks);
IvParameterSpec iv = new IvParameterSpec(PASSWORD_IV.getBytes());
Cipher cipher = Cipher.getInstance("DESede");
cipher.init(Cipher.ENCRYPT_MODE, securekey, iv, sr);
return new String(Hex.encodeHex(cipher.doFinal(str.getBytes())));
ä½æ¯ï¼è¿è¡æ¥éäº
java.security.InvalidAlgorithmParameterException: ECB mode cannot use IV
ECBæ¯ä»ä¹å¢ï¼æç代ç å®å
¨æ²¡æåECBä»ä¹ç
åä¸ç½æç´¢ï¼ç»ææDESçæ¥é¾å»èé½ææ¸
æ¥äº
http://www.tropsoft.com/strongenc/des.htmECBæ¯å
¶ä¸ä¸ç§å串åå²æ¹å¼ï¼é¤äºDES以å¤ï¼å
¶ä»å å¯æ¹å¼ä¹ä¼ä½¿ç¨è¿ç§åå²æ¹å¼çï¼èJavaé»è®¤äº§ççDESç®æ³å°±æ¯ç¨ECBæ¹æ³ï¼ECBä¸éè¦åéï¼å½ç¶ä¹å°±ä¸æ¯æåéäº
é¤äºECBï¼DESè¿æ¯æCBCãCFBãOFBï¼è3DESåªæ¯æECBåCBC两ç§
http://www.tropsoft.com/strongenc/des3.htmCBCæ¯æ并ä¸å¿
é¡»æåéï¼å
·ä½ç®æ³è¿éå°±ä¸è¯´äºãåä½åç»ç.net代ç 没æ声æCBC模å¼ï¼ä¼¼ä¹æ¯.neté»è®¤çæ¹å¼å°±æ¯CBCç
äºæ¯æ模å¼æ¹æCBC
Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
æåè¿è¡äº
åè¯ï¼
æç´¢çè¿ç¨ä¸ï¼æ¾å°ä¸ä¸ªä¸éç讨论
http://www.lslnet.com/linux/dosc1/21/linux-197579.htmå¨CBCï¼ä¸å
æ¯DESç®æ³ï¼æ¨¡å¼ä¸ï¼ivéè¿éæºæ°ï¼æ伪éæºï¼æºå¶äº§çæ¯ä¸ç§æ¯è¾å¸¸è§çæ¹æ³ãivçä½ç¨ä¸»è¦æ¯ç¨äºäº§çå¯æç第ä¸ä¸ªblockï¼ä»¥ä½¿
æç»çæçå¯æ产çå·®å¼ï¼ææç¸åçæ
åµä¸ï¼ï¼ä½¿å¯ç æ»å»åå¾æ´ä¸ºå°é¾ï¼é¤æ¤ä¹å¤iv并æ å
¶å®ç¨éãå æ¤ivéè¿éæºæ¹å¼äº§çæ¯ä¸ç§ååç®ä¾¿ãææçé
å¾ãæ¤å¤ï¼å¨IPsecä¸éç¨äºDES-CBCä½ä¸ºç¼ºççå å¯æ¹å¼ï¼å
¶ä½¿ç¨çivæ¯é讯å
çæ¶é´æ³ãä»åçä¸æ¥è¯´ï¼è¿ä¸éæºæ°æºå¶å¹¶æ äºè´ã
çæ¥ï¼åéçä½ç¨å
¶å®å°±æ¯salt
æ大ç好å¤æ¯ï¼å¯ä»¥ä»¤å°å³ä½¿ç¸åçææï¼ç¸åçå¯é¥ï¼è½äº§çä¸åçå¯æ
ä¾å¦ï¼æ们ç¨DESæ¹å¼å¨æ°æ®ä¿åç¨æ·å¯ç çæ¶åï¼å¯ä»¥å¦å¤å¢å ä¸åï¼æåéåæ¶ä¿åä¸æ¥ï¼å¹¶ä¸æ¯æ¬¡ç¨ä¸åçåéãè¿æ ·ç好å¤æ¯ï¼å³ä½¿ä¸¤ä¸ªç¨æ·çå¯ç æ¯ä¸æ ·çï¼æ°æ®åºä¿åçå¯æï¼ä¹ä¼ä¸ä¸æ ·ï¼å°±è½éä½çæµçå¯è½æ§
å¦å¤ä¸ç§ç¨æ³ï¼å°±æ¯ç±»ä¼¼IPsecçåæ³ï¼ä¸¤é¨ä¸»æºäºä¼ æ°æ®ï¼ä¿è¯ä¸¤é¨æºçæ¶éåæ¥çåæä¸ï¼å¯ä»¥åæ ·å°åéææ´é«çåä½é¿å
åå·®ï¼ï¼ç¨æ¶éçååå¼ä½ä¸ºåéï¼å°±è½å¢å 被snifferæ°æ®ç解å¯é¾åº¦