The full name of DES is Data EncryptionStandard, which is the data encryption standard. Des encryption algorithm is a symmetric encryption algorithm. The so-called symmetric encryption algorithm means that the encryption of plaintext and the decryption of ciphertext use the same key.
Des uses a 56-bit key with additional 8-bit parity bits, resulting in a maximum block size of 64 bits. This is an iterative block cipher that uses a technique called Feistel, where an encrypted block of text is split in half. Apply a round-robin function to one of the halves using the subkey, then XOR the output with the other half; then swap the two halves, and the process continues, but not for the final round. DES uses 16 cycles and uses four basic operations: exclusive or, permutation, substitution, and shift operations.
Features: Data encryption standard, fast speed, suitable for encrypting a large amount of data.
There are three entry parameters of Des algorithm: Key, Data, Mode.
-
Key: It is 8 bytes with a total of 64 bits. The Des algorithm stipulates that the 8th, 16th, 24th, ...... 56 bits. In the process of Des encryption and decryption, the length of the key must be a multiple of 8 bytes.
-
Data: 8 bytes of 64 bits, is the data to be encrypted and decrypted.
-
Mode: How Des works: encryption, decryption.
Des encryption mode
The encryption modes of Des mainly include CBC mode and ECB mode, which are encrypted by different encryption methods.
ECB mode refers to the electronic codebook mode, which is the oldest and simplest mode. The encrypted data is divided into several groups, and the size of each group is the same as the length of the encryption key; then each group is encrypted with the same key. , If the length of the last packet is not enough to 64 bits, 64 bits must be filled.
The features of ECB mode are:
-
The length of each key, plaintext, and ciphertext must be 64 bits;
-
Repeated sorting of data blocks does not require detection;
-
The same plaintext block (using the same key) produces the same ciphertext block, which is vulnerable to dictionary attacks;
-
An error affects only one ciphertext block;
The CBC mode refers to the encrypted block chain mode. The biggest difference from the ECB mode is the addition of an initial vector.
The characteristics of CBC mode are:
-
The ciphertext length of each encryption is 64 bits (8 bytes);
-
CBC mode always produces the same ciphertext when the same plaintext uses the same key and initial vector;
-
密文块要依赖以前的操作结果,所以,密文块不能进行重新排列;
-
可以使用不同的初始化向量来避免相同的明文产生相同的密文,一定程度上抵抗字典攻击;
-
一个错误发生以后,当前和以后的密文都会被影响;
填充方式
常见的填充方式PKCS5Padding,PKCS5Padding表示当数据位数不足的时候要采用的数据补齐方式,也可以叫做数据填充方式。PKCS5Padding这种填充方式,具体来说就是“填充的数字代表所填字节的总数”
比如说,差两个字节,就是######22,差5个字节就是###55555,这样根据最后一个自己就可以知道填充的数字和数量。
保证加密解密的一致性
在不同的平台上,只要能保证这几个参数的一致,就可以实现加密和解密的一致性。
-
加密和解密的密钥一致
-
采用CBC模式的时候,要保证初始向量一致
-
采用相同的填充模式
* 加密
*
* @param data
* @param sKey
* @return
*/
public static byte[] encrypt(byte[] data, String sKey) {
try {
byte[] key = sKey.getBytes();
// 初始化向量
SecureRandom random = new SecureRandom();
DESKeySpec desKey = new DESKeySpec(key);
// 创建一个密匙工厂,然后用它把DESKeySpec转换成SecretKey
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey securekey = keyFactory.generateSecret(desKey);
// Cipher对象实际完成加密操作
Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
// 用密匙初始化Cipher对象
cipher.init(Cipher.ENCRYPT_MODE, securekey, random);
// 现在,获取数据并加密
// 正式执行加密操作
return cipher.doFinal(data);
} catch (Throwable e) {
e.printStackTrace();
}
return null;
}
/**
* 解密
*
* @param src
* @param sKey
* @return
* @throws Exception
*/
public static byte[] decrypt(byte[] src, String sKey) throws Exception {
byte[] key = sKey.getBytes();
// DES算法要求有一个可信任的随机数源
SecureRandom random = new SecureRandom();
// 创建一个DESKeySpec对象
DESKeySpec desKey = new DESKeySpec(key);
// 创建一个密匙工厂
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
// 将DESKeySpec对象转换成SecretKey对象
SecretKey securekey = keyFactory.generateSecret(desKey);
// Cipher对象实际完成解密操作
Cipher cipher = Cipher.getInstance("DES/ECB/NoPadding");
// 用密匙初始化Cipher对象
cipher.init(Cipher.DECRYPT_MODE, securekey, random);
// 真正开始解密操作
return cipher.doFinal(src);
}