- 目录
- 概 述
目录 概 述LD is tigger forever,CG are not brothers forever, throw the pot and shine forever.
Modesty is not false, solid is not naive, treacherous but not deceitful, stay with good people, and stay away from poor people.
talk is cheap, show others the code and KPI, Keep progress,make a better result.
Survive during the day and develop at night。
概述
消息摘要算法又称为散列算法,其核心在于散列函数的单向性。即通过散列函数可获得对应的散列值,但不可通过该散列值反推其原始信息。这是消息摘要算法的安全性的根本所在。消息摘要算法主要分为三大类:MD(MessageDigest,消息摘要算法)、SHA(Secure HashAlgorithm,安全散列算法)和MAC(MessageAuthentication Code,消息认证码算法)。MD5、SHA和HMAC分别是三大类消息摘要算法中的代表。
MD5和SHA
1.MD5算法是典型的消息摘要算法,其前身有MD2、MD3和MD4算法,它由MD4、MD3、MD2算法改进而来,1996年后该算法被证实存在弱点,可以被加以破解,对于需要高度安全性的数据,专家一般建议改用其他算法,如SHA。
2.SHA家族的五个算法,分别是SHA-1、SHA-224、SHA-256、SHA-384,和SHA-512。SHA与MD算法不同之处主要在于摘要长度,SHA算法的摘要长度更长,安全性更高。
MD5和SHA在实现代码上大部分是一致的,只是指定的算法不一样。
x消息摘要算法-SHA:
安全散列算法
固定长度摘要信息
SHA-1、SHA-2(SHA-224、SHA-256、SHA-384、SHA-512)
算法 摘要长度 实现方
SHA-1 160 JDK
SHA-2 224 Bouncy Castle
SHA-256 256 JDK
SHA-384 384 JDK
SHA-512 512 JDK
import java.security.MessageDigest;
import java.security.Security;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.digests.SHA224Digest;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.math.BigInteger;
public class SHATest {
public static final String src = "sha test";
public static void main(String[] args){
jdkSHA1();
bcSHA1();
bcSHA224();
bcSHA224b();
generateSha256();
ccSHA1();
}
// 用jdk实现:SHA1
public static void jdkSHA1() {
try{
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(src.getBytes());
System.out.println("jdk sha-1:" + Hex.encodeHexString(md.digest()));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:SHA1
public static void bcSHA1(){
Digest digest = new SHA1Digest();
digest.update(src.getBytes(), 0, src.getBytes().length );
byte[] sha1Bytes = new byte[digest.getDigestSize()];
digest.doFinal(sha1Bytes, 0);
System.out.println("bc sha-1:" + org.bouncycastle.util.encoders.Hex.toHexString(sha1Bytes));
}
// 用bouncy castle实现:SHA224
public static void bcSHA224(){
Digest digest = new SHA224Digest();
digest.update(src.getBytes(), 0, src.getBytes().length );
byte[] sha224Bytes = new byte[digest.getDigestSize()];
digest.doFinal(sha224Bytes, 0);
System.out.println("bc sha-224:" + org.bouncycastle.util.encoders.Hex.toHexString(sha224Bytes));
}
// 用bouncy castle与jdk结合实现:SHA224
public static void bcSHA224b(){
try{
Security.addProvider(new BouncyCastleProvider());
MessageDigest md = MessageDigest.getInstance("SHA224");
md.update(src.getBytes());
System.out.println("bc and JDK sha-224:" + Hex.encodeHexString(md.digest()));
} catch (Exception e) {
e.printStackTrace();
}
}
public static void generateSha256() {
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(src.getBytes("UTF-8")); // Change this to "UTF-16" if needed
byte[] digest = md.digest();
BigInteger bigInt = new BigInteger(1, digest);
System.out.println("Sha256 hash: " + bigInt.toString(16));
}
// 用common codes实现实现:SHA1
public static void ccSHA1(){
System.out.println("common codes SHA1 - 1 :" + DigestUtils.sha1Hex(src.getBytes()));
System.out.println("common codes SHA1 - 2 :" + DigestUtils.sha1Hex(src));
}
}```
应用
1.加入决定key
2.2、增加时间戳
3、排序
http://**?msg=12Hsad74mj×tamp=1309488734
msg:原始消息 + key + 时间戳
消息摘要算法 - MAC
MAC(Message Authentication Code)
HMAC(keyed-Hash Message Authentication Code),含有密钥的散列函数算法。
融合MD、SHA
MD系列:HmacMD2、HmacMD4、HmacMD5
SHA系列:HmacSHA1、HmacSHA224、HmacSHA256、HmacSHA384、HmacSHA512
应用如SecureCRT
算法 摘要长度 实现方
HmacMD2 128 Bouncy Castle
HmacMD4 128 Bouncy Castle
HmacMD5 128 JDK
```java
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.crypto.digests.MD5Digest;
import org.bouncycastle.crypto.macs.HMac;
import org.bouncycastle.crypto.params.KeyParameter;
public class HMACTest{
public static final String src = "hmac test";
public static void main(String[] args) {
jdkHmacMD5();
bcHmacMD5();
}
// 用jdk实现:
public static void jdkHmacMD5(){
try {
// 初始化KeyGenerator
KeyGenerator keyGenerator = KeyGenerator.getInstance("HmacMD5");
// 产生密钥
SecretKey secretKey = keyGenerator.generateKey();
// 获取密钥
// byte[] key = secretKey.getEncoded();
byte[] key = Hex.decodeHex(new char[]{'1','2','3','4','5','6','7','8','9','a','b','c','d','e' });
// 还原密钥
SecretKey restoreSecretKey = new SecretKeySpec(key, "HmacMD5");
// 实例化MAC
Mac mac = Mac.getInstance(restoreSecretKey.getAlgorithm());
// 初始化MAC
mac.init(restoreSecretKey);
// 执行摘要
byte[] hmacMD5Bytes = mac.doFinal(src.getBytes());
System.out.println("jdk hmacMD5:" + Hex.encodeHexString(hmacMD5Bytes));
} catch (Exception e) {
e.printStackTrace();
}
}
// 用bouncy castle实现:
public static void bcHmacMD5() {
HMac hmac = new HMac(new MD5Digest());
// 必须是16进制的字符,长度必须是2的倍数
hmac.init(new KeyParameter(org.bouncycastle.util.encoders.Hex.decode("123456789abcde")));
hmac.update(src.getBytes(), 0, src.getBytes().length);
// 执行摘要
byte[] hmacMD5Bytes = new byte[hmac.getMacSize()];
hmac.doFinal(hmacMD5Bytes, 0);
System.out.println("bc hmacMD5:" + org.bouncycastle.util.encoders.Hex.toHexString(hmacMD5Bytes));
}
}
消息摘要算法-其他:
RipeMD(128、156、320)
Tiger
Whirlpool
GOST3411
Bouncy Castle 实现
`
# 小结 讲述了对应的安全算法问题: # 参考资料和推荐阅读 1.链接: [参考资料](https://www.cnblogs.com/happyfans/p/4374919.html).
