客户端加密(JAVA)

最近更新时间:2021-12-16 11:41:52

环境配置(以JDK7示例)

下载UnlimitedJCEPolicyJDK7,将local_policy.jar和US_export_policy.jar放在{JAVA_HOME}\jre\lib\security目录下,覆盖原有的。

下载bcprov-jdk15on-152.jar,放在{JAVA_HOME}\jre\lib\ext目录下。

初始化主密钥

使用对称主密钥

	import java.io.File;
	
	import java.io.FileInputStream;
	
	import java.io.FileOutputStream;
	
	import java.io.IOException;
	
	import java.security.InvalidKeyException;
	
	import java.security.NoSuchAlgorithmException;
	
	import java.security.spec.InvalidKeySpecException;
	
	import java.security.spec.X509EncodedKeySpec;
	
	import java.util.Arrays;
	
	import javax.crypto.KeyGenerator;
	
	import javax.crypto.SecretKey;
	
	import javax.crypto.spec.SecretKeySpec;
	
	import org.junit.Assert;
	
	public class GenerateSymmetricMasterKey {
	
	    private static final String keyDir  = System.getProperty("java.io.tmpdir"); 
	
	    private static final String keyName = "secret.key";

	    public static void main(String[] args) throws Exception {

	        //Generate symmetric 256 bit AES key.
	
	        KeyGenerator symKeyGenerator = KeyGenerator.getInstance("AES");
	
	        symKeyGenerator.init(256); 
	
	        SecretKey symKey = symKeyGenerator.generateKey();

	        //Save key.
	
	        saveSymmetricKey(keyDir, symKey);

	        //Load key.
	
	        SecretKey symKeyLoaded = loadSymmetricAESKey(keyDir, "AES");           
	
	        Assert.assertTrue(Arrays.equals(symKey.getEncoded(), symKeyLoaded.getEncoded()));
	
	    }
	
	    public static void saveSymmetricKey(String path, SecretKey secretKey) 
	
	        throws IOException {
	
	        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
	
	                secretKey.getEncoded());
	
	        FileOutputStream keyfos = new FileOutputStream(path + "/" + keyName);
	
	        keyfos.write(x509EncodedKeySpec.getEncoded());
	
	        keyfos.close();
	
	    }



	    public static SecretKey loadSymmetricAESKey(String path, String algorithm) 
	
	        throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException{
	
	        //Read private key from file.
	
	        File keyFile = new File(path + "/" + keyName);
	
	        FileInputStream keyfis = new FileInputStream(keyFile);
	
	        byte[] encodedPrivateKey = new byte[(int)keyFile.length()];
	
	        keyfis.read(encodedPrivateKey);
	
	        keyfis.close(); 
	
	        //Generate secret key.
	
	        return new SecretKeySpec(encodedPrivateKey, "AES");
	
	    }
	
	}

使用非对称主密钥

	import static org.junit.Assert.assertTrue;
	
	import java.io.File;
	
	import java.io.FileInputStream;
	
	import java.io.FileOutputStream;
	
	import java.io.IOException;
	
	import java.security.KeyFactory;
	
	import java.security.KeyPair;
	
	import java.security.KeyPairGenerator;
	
	import java.security.NoSuchAlgorithmException;
	
	import java.security.PrivateKey;
	
	import java.security.PublicKey;
	
	import java.security.SecureRandom;
	
	import java.security.spec.InvalidKeySpecException;
	
	import java.security.spec.PKCS8EncodedKeySpec;
	
	import java.security.spec.X509EncodedKeySpec;
	
	import java.util.Arrays;
	
	public class GenerateAsymmetricMasterKey {
	
	    private static final String keyDir  = System.getProperty("java.io.tmpdir");
	
	    private static final SecureRandom srand = new SecureRandom();
	
	    public static void main(String[] args) throws Exception {
	
	        // Generate RSA key pair of 1024 bits
	
	        KeyPair keypair = genKeyPair("RSA", 1024);
	
	        // Save to file system
	
	        saveKeyPair(keyDir, keypair);
	
	        // Loads from file system
	
	        KeyPair loaded = loadKeyPair(keyDir, "RSA");
	
	        // Sanity check
	
	        assertTrue(Arrays.equals(keypair.getPublic().getEncoded(), loaded
	
	            .getPublic().getEncoded()));
	
	        assertTrue(Arrays.equals(keypair.getPrivate().getEncoded(), loaded
	
	            .getPrivate().getEncoded()));
	
	    }
	
	    public static KeyPair genKeyPair(String algorithm, int bitLength)
	
	        throws NoSuchAlgorithmException {
	
	        KeyPairGenerator keyGenerator = KeyPairGenerator.getInstance(algorithm);
	
	        keyGenerator.initialize(1024, srand);
	
	        return keyGenerator.generateKeyPair();
	
	    }
	
	    public static void saveKeyPair(String dir, KeyPair keyPair)
	
	        throws IOException {
	
	        PrivateKey privateKey = keyPair.getPrivate();
	
	        PublicKey publicKey = keyPair.getPublic();
	
	        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
	
	            publicKey.getEncoded());
	
	        FileOutputStream fos = new FileOutputStream(dir + "/public.key");
	
	        fos.write(x509EncodedKeySpec.getEncoded());
	
	        fos.close();
	
	        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(
	
	            privateKey.getEncoded());
	
	        fos = new FileOutputStream(dir + "/private.key");
	
	        fos.write(pkcs8EncodedKeySpec.getEncoded());
	
	        fos.close();
	
	    }
	
	    public static KeyPair loadKeyPair(String path, String algorithm)
	
	        throws IOException, NoSuchAlgorithmException,
	
	        InvalidKeySpecException {
	
	        // read public key from file
	
	        File filePublicKey = new File(path + "/public.key");
	
	        FileInputStream fis = new FileInputStream(filePublicKey);
	
	        byte[] encodedPublicKey = new byte[(int) filePublicKey.length()];
	
	        fis.read(encodedPublicKey);
	
	        fis.close();


​	

	        // read private key from file
	
	        File filePrivateKey = new File(path + "/private.key");
	
	        fis = new FileInputStream(filePrivateKey);
	
	        byte[] encodedPrivateKey = new byte[(int) filePrivateKey.length()];
	
	        fis.read(encodedPrivateKey);
	
	        fis.close();
	
	        // Convert them into KeyPair
	
	        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
	
	        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(
	
	            encodedPublicKey);
	
	        PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
	
	        PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(
	
	            encodedPrivateKey);
	
	        PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec);
	
	        return new KeyPair(publicKey, privateKey);
	
	    }
	
	}

初始化客户端

SecretKey symKey = ??//主密钥
	
EncryptionMaterials keyMaterials = new EncryptionMaterials(symKey);
	
Ks3  client = new Ks3EncryptionClient("<accesskeyid>","<accesskeysecret>",keyMaterials);

注意事项

  1. 上传上去的文件是经过加密的。

  2. 下载文件只能通过该客户端getObject方法下载,用其他方法下载下来的文件是经过加密的。

  3. 分块上传时必须依次上传每一块。当上传最后一块时必须通过request.setLastPart指定最后一块。上传顺序不能错乱,不能使用多线程分块上传。

  4. 请妥善保管自己的主密钥,如果主密钥丢失,将无法解密数据。

  5. 涉及重定向的请求,需要传输的数据流小于128k

文档内容是否对您有帮助?

根本没帮助
文档较差
文档一般
文档不错
文档很好

在文档使用中是否遇到以下问题

内容不全,不深入
内容更新不及时
描述不清晰,比较混乱
系统或功能太复杂,缺乏足够的引导
内容冗长

更多建议

0/200

评价建议不能为空

提交成功!

非常感谢您的反馈,我们会继续努力做到更好!

问题反馈