直接上代碼
import java.security.Security;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class Encrypt {
public static boolean initialized = false;
public static final String ALGORITHM = "AES/ECB/PKCS7Padding";
/**
* @param String str 要被加密的字符串
* @param byte[] key 加/解密要用的長度為32的字節(jié)數(shù)組(256位)密鑰
* @return byte[] 加密后的字節(jié)數(shù)組
*/
public static byte[] Aes256Encode(String str, byte[] key){
initialize();
byte[] result = null;
try{
Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //生成加密解密需要的Key
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
result = cipher.doFinal(str.getBytes("UTF-8"));
}catch(Exception e){
e.printStackTrace();
}
return result;
}
/**
* @param byte[] bytes 要被解密的字節(jié)數(shù)組
* @param byte[] key 加/解密要用的長度為32的字節(jié)數(shù)組(256位)密鑰
* @return String 解密后的字符串
*/
public static String Aes256Decode(byte[] bytes, byte[] key){
initialize();
String result = null;
try{
Cipher cipher = Cipher.getInstance(ALGORITHM, "BC");
SecretKeySpec keySpec = new SecretKeySpec(key, "AES"); //生成加密解密需要的Key
cipher.init(Cipher.DECRYPT_MODE, keySpec);
byte[] decoded = cipher.doFinal(bytes);
result = new String(decoded, "UTF-8");
}catch(Exception e){
e.printStackTrace();
}
return result;
}
public static void initialize(){
if (initialized) return;
Security.addProvider(new BouncyCastleProvider());
initialized = true;
}
}
測試調(diào)用的代碼
public static void main(String[] args) throws Exception {
String md5Key = MD5Util.MD5Encode("你的apikey", "UTF-8").toLowerCase();
byte[] key = md5Key.getBytes();
String a = "微信回調(diào)返回來的加密串,根據(jù)req_info取出的";
byte[] b = Base64Util.decode(a);
System.out.println(Encrypt.Aes256Decode(b, key));
}
問題1:
- 代碼開頭要先import Java Cryptography Extension (JCE)中的兩個(gè)類——加/解密類Cipher和密鑰類SecretKeySpec华烟,以及BouncyCastle的一個(gè)開源加/解密類庫中的加/解密算法提供者類BouncyCastleProvider季希。
PC上的Java里面只有"AES/ECB/PKCS5Padding"算法,沒有"AES/ECB/PKCS7Padding"算法吨述。故需要引入BouncyCastle的庫,并給Cipher.getInstance方法傳入?yún)?shù)"BC"來指定Java使用這個(gè)庫里的加/解密算法衡怀。BouncyCastle的加/解密類庫的下載地址:http://www.bouncycastle.org/latest_releases.html
也可以是使用maven
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk16</artifactId>
<version>1.45</version>
</dependency>
問題2:
用AES解密時(shí)出現(xiàn)"java.security.InvalidKeyException: Illegal key size"異常装畅。
如果密鑰大于128, 會(huì)拋出上述異常。因?yàn)槊荑€長度是受限制的, java運(yùn)行時(shí)環(huán)境讀到的是受限的policy文件蓝纲,文件位于/jre/lib/security下, 這種限制是因?yàn)槊绹鴮浖隹诘目刂啤?/p>解決辦法也很簡單:
jdk對應(yīng)jar包的路徑:D:\Java\jdk1.7.0_25\jre\lib\security
jre對應(yīng)jar包的路徑:D:\Java\jre7\lib\security
jdk6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
JDK7的下載地址: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
JDK8的下載地址: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
下載后解壓,可以看到local_policy.jar和US_export_policy.jar以及readme.txt
如果安裝了JRE晌纫,將兩個(gè)jar文件放到%JRE_HOME%\lib\security目錄下覆蓋原來的文件
如果安裝了JDK税迷,還要將兩個(gè)jar文件也放到%JDK_HOME%\jre\lib\security目錄下覆蓋原來文件
