MD5签名、DES、数据指纹

 

一 ，MessageDigest MD5（信息-摘要算法5）和 SHA（安全哈希算法） 区别

跳转收银台，使用数据指纹
String payUrl = cashier_url + MapUtil.createLinkString(parmMap) + "&sign_type=SHA-256&sign=" + sign; sign_type=SHA-256&sign=58e102c13bc4c643ba6619a600ea6060788c522298da367ce6c70b42dc0a6634

1，SHA-1是由美国标准技术局（NIST）颁布的国家标准，是一种应用最为广泛的hash函数算法，也是目前最先进的加密技术，而SHA-1基于MD5，MD5又基于MD4
2，MD5和SHA-1是单项散列函数的典型代表，它们广泛地应用在信息安全和数字签名等各个领域。从而有效地抗击了信息的主动式攻击
两者比较：
（1）对强行攻击的安全性：最显著和最重要的区别是SHA-1摘要比MD5摘要长32位。使用强行技术，产生任何一个报文使其摘要等于给定报摘要的难度对MD5是2^128数量级的操作，而对SHA-1则是2^160数量级的操作。这样，SHA-1对强行攻击有更大的强度。
（2）对密码分析的安全性：由于MD5的设计，易受密码分析的攻击，SHA-1显得不易受这样的攻击。
（3）速度：在相同的硬件上，SHA-1的运行速度比MD5慢。

 签名

  public static String SHA1(String decrypt) {
        try {
            MessageDigest digest = MessageDigest.getInstance("SHA-1");
            digest.update(decrypt.getBytes());
            byte messageDigest[] = digest.digest();
            // Create Hex String
            StringBuffer hexString = new StringBuffer();
            // 字节数组转换为十六进制数
            for (int i = 0; i < messageDigest.length; i++) {
                String shaHex = Integer.toHexString(messageDigest[i] & 0xFF);
                if (shaHex.length() < 2) {
                    hexString.append(0);
                }
                hexString.append(shaHex);
            }
            return hexString.toString();
        } catch (NoSuchAlgorithmException e) {
            log.error("", e);
        }
        return "";
    }

 

二，对称加密，加密解密秘钥相同

AES：Advanced Encrytion Standard（高级加密标准）
DES：Data Encrytion Standard（数据加密标准），对应算法是DEA

        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.55</version>
        </dependency>


import org.apache.commons.lang3.ArrayUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.ExtendedDigest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.ShortenedDigest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.Strings;
import org.bouncycastle.util.encoders.Base64;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.Key;
import java.security.Security;

public class DesTest {
    public static final ExtendedDigest SHA1_20 = new SHA1Digest();
    public static final ExtendedDigest SHA1_08 = new ShortenedDigest(SHA1_20, 8);

    static {
        setup();
    }
    private static final void setup() {
        if (Security.getProvider("BC") == null) {
            try {
                Security.addProvider(new BouncyCastleProvider());
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    @org.junit.Test
    public void encryt(){
        String content = "123456asdfghjkqwer234er";
        String password = "pajkxOrderService20180403";
        byte[] decrypted = Strings.toUTF8ByteArray(content);
        byte[] mark = {'d', 'c', 'p'};
        byte[] input = new byte[decrypted.length + mark.length];
        System.arraycopy(mark, 0, input, 0, mark.length);
        System.arraycopy(decrypted, 0, input, mark.length, decrypted.length);

        byte[] encrypted = encrytOrDecryt(password, input,Cipher.ENCRYPT_MODE);
        String result = Strings.fromUTF8ByteArray(Base64.encode(encrypted));
        System.out.println("result:" + result);
    }

    @org.junit.Test
    public void decryt(){
        String content = "123456asdfghjkqwer234er";
        String password = "pajkxOrderService20180403";
        byte[] mark = {'d', 'c', 'p'};

        String token = "TqoaUyZ6o+qqQXLmNq0JAPUtbxNud7n+Aqq3LhW4wfA=";
        byte[] encrypted = Base64.decode(Strings.toUTF8ByteArray(token));
        byte[] decrypted = encrytOrDecryt( password, encrypted,Cipher.DECRYPT_MODE);
        byte[] output = ArrayUtils.subarray(decrypted, mark.length, decrypted.length);
        String result = Strings.fromUTF8ByteArray(output);
        System.out.println("result111:" + result);
    }

    public static final byte[] encrytOrDecryt(String password, byte[] decrypted,int mode) {
        Cipher cipher = null; //可以缓存起来
        try {
            cipher = Cipher.getInstance("DES", "BC");
        } catch (Exception e) {
            e.printStackTrace();
        }

        Key key = null;
        Digest digest = SHA1_08;
        key = new SecretKeySpec(hmac1(digest, password), "DES");//可以缓存

        IvParameterSpec iv = new IvParameterSpec(hmac1(digest, password)); //可以缓存

        synchronized (cipher) {
            try {
                cipher.init(mode, key, iv);//Cipher.DECRYPT_MODE 用于解密
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
            try {
                return cipher.doFinal(decrypted);
            } catch (Exception e) {
                throw new RuntimeException(e);
            }

        }
    }

    private static final byte[] hmac1(Digest digest, String string) {
        byte[] hmac = new byte[digest.getDigestSize()];
        byte[] data = Strings.toUTF8ByteArray(string);
        synchronized(digest) {
            HMac h = new HMac(digest);
            h.update(data, 0, data.length);
            h.doFinal(hmac, 0);
            digest.reset();
        }
        return hmac;
    }

}