ืืืืืช ืืืืืคื ื ืชืื ืื ืืื ืืื ืืืืคืืื ืื ืืืฉืืืื ืืืืชืจ ืฉื ืืืฉืืืื ืืืืจื ืืื. ืืื ืืื ืงืื, ืื ืฉืื ืืืืขื ืขื ืฉืืืืช ืขืจืืืืืืช, ืฉืขื ืืชืคืชืืืช ืืื ืืฉืืช ืืคืื ืืื ืืืข ืืงืจืืคืืืืจืคืื. ืืืืคื ืืืขื, ื'ืืืื ืื ืขืืื ืืฆื ืืืฆืืขื ืืืคืชืืื ืืช ืืจืืืืงืืืจืช ื-Java Cryptography Architecture (JCA). ืกืงืืจื ืื ืืืืจื ืืชืช ืืืฉื ืจืืฉืื ืืืฆื ืื ืขืืื.
ืื ืื ืืืื ืืืืืช ืืืืจ:
ืืคื ืฉืืืืจ ืืชืืขืื, " ืคืืืคืืจืืช Java ืืืืืช ืืกืคืจ ืกืคืงืื ืืืื ืื ". ืืืืืจ, ืคืืืคืืจืืช Java ืืกืคืงืช ืงืืืฆื ืฉื ืกืคืงืื ืืืื ืื ืืืชื ื ืืชื ืืืจืืื ืืืืืช ืืฆืืจื. ืืชื ืืืื ืืจืืืช ืืช ืื ืืขืฆืื:
ืื ืขืฉืื ืืืืจืืืช ืื ืืงืื:
ืืื ืืืืื ืข ืืืฉืืขื ืืืืจืช ืืืงืจื ืื, ืขืืื ืืืฉืชืืฉ ืืืฆื ืืืจ - Cipher Block Chaining (CBC). ืืฆื ืื ืืฆืื ืืช ืืจืขืืื ืฉื ืืชืืื ืืงืืืจ (ืืืืฆื ืขื ืืื ืืืืืงื IvParameterSpec). ืืื ืืืืืช ืืืฆื ืืื, ืืชืืฆืื ืฉื ืืฆืืจืช ืืืืืง ืืืืจืื ืชืฉืืฉ ืืืฆืืจืช ืืื:
ืืื ื ืืชืื ืืช ืื ืืงืื:
ืืขืื ืจืืื ื ืืืฆื ืืฆืืืื ืืืืืคืื ื ืชืื ืื. ืืื ืืื ืืืฉืง ืกืื ืืจืื ืืืื ืืจืืงืฆืื ืืื ืืกืืคืง ื-JCA? ืืกืชืืจ ืฉืืฉ. ืืืื ื ืกืชืื ืขื ืื.
ืึทืงืึธืึธื
ืื ื ืืฆืืข ืื ืกืืข ืืืืจื ืืืื. ืืคื ืื ื ืจืืื ืืขืชืืงื. ืืืคื ืื ื ืืืืืก ืืืืืืก ืงืืกืจ, ืฉืฉืืื ืืกืจ ืืืคืงืืื. ืืื ื ืจืื ืื ืืฉ ืืืืืขื ืืื:"ะะกะะะฃะะฌะะะฅะะคะฏ ะ ะฃะะ"
? ืืืื ื ืคืชื ืืช Java Online Compiler, ืืืฉื: repl.it
class Main {
public static void main(String[] args) {
String code = "ะะกะะะฃะะฌะะะฅะะคะฏ ะ ะฃะะ";
for (char symbol : code.toCharArray()) {
if (symbol != ' ') {
symbol = (char) (symbol - 3);
}
System.out.print(symbol);
}
}
}
ืืคื ืื ื ืืืืฉืื ืืคืฉืื ืืืืชืจ ืฉื ืฆืืคื ืงืืกืจ. ืขื ืคื ืขืืืืชื ืฉื ืืืืกืืืจืืื ืืจืืื ืืงืืื ืกืืืืื ืืืก ืืฉื "ืืื ืฉื ืื ืขืฉืจ ืืงืืกืจืื", ืื ืืืืืง ืืฆืคืื ืงืืกืจ ืืืืขืืช ืืื ืจืืื ืฉืื. ืืื ืืืช ืืืชืืืืกืืืืช ืืขืชืืงืืช ืืืืชืจ ืืฉืืืืฉ ืืืืจ ืืื ืืื ืงืจืืคืืืืจืคืื . ืืืืื "ืงืจืืคืืืืจืคืื" ืืื ืืืืืืื ืืืืื ืืืช ืืขืชืืงืืช "ื ืกืชืจ" ื"ืืชืื", ืืืืืจ. ืื ืืืืข ืฉื ืืื ืืงืืช ืคืจืืืืช. ื-Java ืืฉ ืชืืืื ืืฉืื ืืงืจืืคืืืืจืคืื ืืืื ื ืงืจืืช Java Cryptography Architecture (JCA). ืืช ืืชืืืืจ ื ืืชื ืืืฆืื ืืชืืขืื ืืจืฉืื ืฉื ืืืจืงื - " Java Cryptography Architecture (JCA) ". ืื ื ืืฆืืข ืื ืืืืืง ืืืื ืืืืื ืืืืช ืื ื ืืงืืืื ืืืืืช ื-JCA.
J.C.A.
ืืคื ืฉืืืื ื ืืขืืจ, Java ืืฆืืขื ืืช ืืจืืืืงืืืจืช ืืงืจืืคืืืืจืคืื ืฉื Java (JCA) ืืขืืืื ืขื ืงืจืืคืืืืจืคืื. ืืจืืืืงืืืจื ืื ืืืืื API (ืืืืืจ ืงืืืฆื ืืกืืืืช ืฉื ืืืฉืงืื) ืืกืคืงืื (ืฉืืืืฉืืื ืืืชื):import java.security.Provider;
import java.security.Security;
class Main {
public static void main(String[] args) {
Provider[] providers = Security.getProviders();
for (Provider p : providers) {
System.out.println(p.getName());
}
}
}
ืจืืฉืื ืกืคืง ืฆื ืฉืืืฉื ืืื ืงื ืืืื. ืืืืืื: Security.addProvider(new BouncyCastleProvider());
ืืืืื ืื ืืืืจืช ืืช ืืื ืืกืคืงืื ืืืคืืจืกืืื ืืืืชืจ - BouncyCastle . ืืื ืืกืงืืจื ืื ื ืฉืชืืฉ ืจืง ืืืืื ืืกืืกืืื, ืืื ืกืคืจืืืช ืฉื ืฆื ืฉืืืฉื. ืืืกืื ืืจืืฉื ืฉืื ื: " ืืจืืืืงืืืจืช ื'ืืืื ืงืจืืคืืืืจืคืื (JCA) ". ืืื ื ืืืฆื ืคืืขืืช JCA ืชืขืืืจ ืื ืืืืื ืืืชืจ ืงืืืช ืืช ืืืื ืืืืืืืช ืฉืืื ื ืขืฉื ืฉืืืืฉ ืคืขืื ืืืืชื JCA. ืืืืืื: HTTPS (ืจืื " ื-HTTP ื-HTTPS ").
MessageDigest
ืืืืจ ืืจืืฉืื ืฉืืืืืจ ืืชืืขืื JCA ืืื MessageDigest. ืืืืคื ืืืื, Digest ืืจืืกืืช ืืืื ืืื - ืชืงืฆืืจ ืชืืื ืืืฉืืขืืชื ื"ืกืืืื". ืืื ืืืฆืคื ื, ืชืงืฆืืจ ืืื ืกืืื ืืฉืืฉ. ืืคืฉืจ ืื ืืืืืจ ืืงืืืช ืฉืืื ืืืืช Digest ืืืื ืืืืืช ืืชืืจืื ืื ื-digest. ืคืจืืื ื ืืกืคืื ื ืืชื ืืืฆืื ืืชืืขืื JCA ืืกืขืืฃ " MessageDigest ". ืืคื ืฉืืืืจ ืืชืืขืื, MessageDigest ืืืืฆืจ ืชืืฆืื ืืืืื ืงืืืข ืฉื ืงืจืืช digest ืื hash. Hashing ืืื ืคืื ืงืฆืื ืื-ืืืืื ืืช, ืืืืืจ. ืื ืืืืฉื ื ืืฉืื, ืื ืืืชืืฆืื (ืืืืืจ ืื-hash) ืื ื ืืื ืืงืื ืืช ืืืงืืจ ืืืงืืจื. ืืื ืื ืืืืืืงืืื ืืืื ืขืืืจืื ืืืืื (ืืืืืื, ืืืจืืืืช ืฉื ืชืืืื ืืืื), ืื ืืืืืื ืฉืืื ืืืื ืืืชืืื. ืืคื ืฉืฆืืื ืืชืืขืื, ืืฉืืฉ ืืื ื ืงืจื ืืคืขืืื ืื "ืฆ'ืง-ืกืื" ืื "ืืืืขืช ืืฆืืข ืืืืืืืืช" ืฉื ื ืชืื ืื. ื ืืชื ืืืฆืข ืืืืื ืืืืฆืขืืช ืืืืืจืืชืืื ืฉืื ืื. ื ืืชื ืืจืืืช ืืืืืจืืชืืื ืืืื ืื ืืืกืื " ืชืืขืื ืฉื ืืืืืืจืืชื ืืกืื ืืจืื ืฉื Java Cryptography Architecture ืขืืืจ JDK 8 ". ืืื ื ืขืฉื ืืช ืืืืืื ืื ืืคืืก ืืช ืืืืืื ืืงืื ืกืืื:import javax.xml.bind.DatatypeConverter;
import java.security.*;
public class Main {
public static void main(String[] args) {
try {
MessageDigest digester = MessageDigest.getInstance("SHA-512");
byte[] input = "Secret string".getBytes();
byte[] digest = digester.digest(input);
System.out.println(DatatypeConverter.printHexBinary(digest));
} catch (NoSuchAlgorithmException e) {
throw new IllegalStateException(e);
}
}
}
Hashing ืืืื ืืืืืช ืฉืืืืฉื, ืืืฉื, ืืขืช ืืืกืื ืกืืกืืืืช. ืืืืืื ืฉื ืืชื ืืืืืง ืืช ื-hash ืฉื ืืกืืกืื ืฉืืืื ื ืืื hash ืฉื ืฉืืจ ืืขืืจ. ืื ื-hashs ืชืืืืื, ืื ืื ืืกืืกืื ืชืืืืช. ืืืืืื ืืืืืื ืขืื ืืืชืจ, ื ืขืฉื ืฉืืืืฉ ืืืืฉื ืฉื ืงืจื "ืืื". ื ืืชื ืืืืฉื ืืช ืืืื ืืืืฆืขืืช ืืืืืงื SecureRandom . ืืคื ื ืืืฆืืข ืฉืืืช ืืขืืืื, ืืืื ื ืชืืจ ืืืกืคืช "ืืื":
byte[] salt = new byte[16];
SecureRandom.getInstanceStrong().nextBytes(salt);
digester.update(salt);
ืืื ืืฉืืฉ ืืื ืคืื ืงืฆืื ืื-ืืืืื ืืช. ืืื ืื ืื ืืชื ืจืืฆื ืืืืืช ืืกืืื ืืืฆืคืื ืืืคืขื ื?
ืงืจืืคืืืืจืคืื ืฉื ืืคืชื ืกืืืืจื
ืืฆืคื ื ืกืืืืจืืช ืืื ืืฆืคื ื ืืืฉืชืืฉืช ืืืืชื ืืคืชื ืืืฆืคื ื ืืืคืขื ืื. ืขื ืื ืช ืืืฉืชืืฉ ืืืฆืคื ื ืกืืืืจืืช ืื ื ืืงืืงืื ืืืคืชื. ืืื ืืืฉืื ืืืช ืื ื ืืฉืชืืฉืื ื- KeyGenerator . ืื ืืกืฃ, ื ืฆืืจื ืืืืงื ืฉืืืืฆืืช ืฆืืคื ( Cipher ). ืืคื ืฉืฆืืื ืืชืืขืื JCA ืืกืขืืฃ " ืืฆืืจืช ืืืืืืงื ืฆืืคื ", ืืื ืืืฆืืจ ืฆืืคื ืืชื ืฆืจืื ืืฆืืื ืื ืจืง ืืืืืจืืชื, ืืื "ืืจื ืกืคืืจืืฆืื" ืืฉืืจื. ืชืืืืจ ืืืจื ืกืคืืจืืฆืื ื ืจืื ืื: "ืืืืืจืืชื/ืืฆื/ืจืืคืื":- ืืืืืจืืชื : ืืื ืื ื ืืกืชืืืื ืขื ืืฉืืืช ืืกืื ืืจืืืื ืขืืืจ " ืืืืืจืืชืืื ืฉื ืฆืืคื (ืืฆืคื ื) . ืืืืืฅ ืืืฉืชืืฉ ื-AES.
- ืืฆื : ืืฆื ืืฆืคื ื. ืืืืืื: ECB ืื CBC (ื ืืืจ ืขื ืื ืงืฆืช ืืืืืจ ืืืชืจ)
- ืืืื/ืคืืฆืื : ืื ืืืืง ื ืชืื ืื ืืืฆืคื ืื ืคืจื. ืคืจืืืจ ืื ืงืืืข ืืื ื ืชืื ืื ืืืกืคืจื ืืืืฉ ืืื.
"AES/ECB/PKCS5Padding"
. ืืืืืจ, ืืืืืจืืชื ืืืฆืคื ื ืืื AES, ืืฆื ืืืฆืคื ื ืืื ECB (ืงืืฆืืจ ืฉื Electronic Codebook), ืืืื ืืืืืง ืืื PKCS5Padding. PKCS5Padding ืืืืจ ืฉืืืืื ืฉื ืืืืง ืืื ืืื 2 ืืชืื (16 ืกืืืืืช). ืืฆื ืืืฆืคื ื ืฉื ืกืคืจ ืงืืืื ืืืงืืจืื ื ืืืื ืืฆืคื ื ืจืฆืืคื ืฉื ืื ืืืืง:
import javax.xml.bind.DatatypeConverter;
import javax.crypto.*;
import java.security.Key;
public class Main {
public static void main(String[] args) throws Exception {
String text = "secret!!secret!!secret!!secret!!";
// Generate new key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
Key key = keygen.generateKey();
// Encrypt with key
String transformation = "AES/ECB/PKCS5Padding";
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encrypted = cipher.doFinal(text.getBytes());
System.out.println(DatatypeConverter.printHexBinary(encrypted));
// Decrypt with key
cipher.init(Cipher.DECRYPT_MODE, key);
String result = new String(cipher.doFinal(encrypted));
System.out.println(result);
}
}
ืื ื ืืฆืข, ื ืฆืคื ืืจืืืช ืืืจื, ืื ืฆืืื ื 32 ืชืืืื. ืืชืืืื ืืืื ืืจืืืืื 2 ืืืืงืื ืฉื 16 ืกืืืืืช:
import javax.xml.bind.DatatypeConverter;
import javax.crypto.*;
import java.security.*;
import javax.crypto.spec.IvParameterSpec;
public class Main {
public static void main(String[] args) throws Exception {
// Initialization Vector
SecureRandom random = SecureRandom.getInstanceStrong();
byte[] rnd = new byte[16];
random.nextBytes(rnd);
IvParameterSpec ivSpec = new IvParameterSpec(rnd);
// Prepare key
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
Key key = keygen.generateKey();
// CBC
String text = "secret!!secret!!secret!!secret!!";
String transformation = "AES/CBC/PKCS5Padding";
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec);
byte[] enc = cipher.doFinal(text.getBytes());
System.out.println(DatatypeConverter.printHexBinary(enc));
// Decrypt
cipher.init(Cipher.DECRYPT_MODE, key, ivSpec);
String result = new String(cipher.doFinal(enc));
System.out.println(result);
}
}
ืืคื ืฉืื ื ืจืืืื, ืืชืืฆืื ืืื ืืื ื ื ืจืืืื ืืืืงื ืฆืืคื ืืืืจืื. ืืกืืื ืื, ืืฆื ECB ืืื ื ืืืืืฅ, ืื ืืืคืฉืจ ืืจืืืช ืืืจืืช ืืืืฉืชืืฉ ืืืืข ืืื ืืคืขื ืื. ืืืืืข ื ืืกืฃ ืขื ECB ื-CBC, ืื ื ืืืืืฅ ืื ืืงืจืื ืืช ืืืืืจ: " ืืฆื ืกืคืจ ืงืืืื ืืืงืืจืื ื ". ืืื ืืืฆืคื ื ืกืืืืจืืช ืืฉ ืืขืื ืืจืืจื - ืืชื ืฆืจืื ืืืืฉืื ืืืขืืืจ ืืช ืืืคืชื ืืื ืฉืืฆืคืื ืืื ืฉืืฆืคืื. ืืืืืจื ืื ืชืื ืืื ืืคืฉืจ ืืืืจื ืืช ืืืคืชื ืืื ืืื ืืืื ืืคืฉืจ ืืืืจื ื ืชืื ืื. ืืืฆืคื ื ืืกืืืืจืืช ื ืืขืื ืืคืชืืจ ืืขืื ืื.
ืืฆืคื ื ืืกืืืืจืืช
ืืฆืคื ื ืืกืืืืจืืช ืื ืงืจืืคืืืืจืคืื ืฉื ืืคืชื ืฆืืืืจื ืืื ืฉืืืช ืืฆืคื ื ืืืฉืชืืฉืช ืืืื ืืคืชืืืช: ืืคืชื ืคืจืื (ืฉื ืฉืืจ ืืกืื ืืืืื) ืืืคืชื ืฆืืืืจื (ืืืื ืืฆืืืืจ). ืืคืจืื ืื ื ืืืฆื ืขื ืื ืช ืืืืืืฃ ืืฆืืจื ืืืืืืืช ืืช ืืืคืชื ืืฆืืืืจื ืืื ืืฆืืืื ืืืืืืคื ืืืืืข, ืชืื ืฉืืืจื ืขื ืืืคืชื ืืกืืื. ืืฉืืืฆืจืื ืืื ืืคืชืืืช, KeyGenerator ืืืจ ืื ืืกืคืืง ืื ื; ืื ืื ื ืฆืจืืืื KeyPairGenerator . ืืืื ื ืกืชืื ืขื ืืืืื:import javax.crypto.*;
import java.security.*;
public class Main {
public static void main(String[] args) throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
KeyPair keyPair = generator.generateKeyPair();
// Encrypt with PRIVATE KEY
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
byte[] data = cipher.doFinal("Hello!".getBytes());
// Decrypt with PUBLIC KEY
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] result = cipher.doFinal(data);
System.out.println(new String(result));
}
}
ืืฉืื ืืืืื ืืื ืฉืืืฉืจ ืืฉืชืืฉืื ืืืฆืคื ื ืืกืืืืจืืช, ืื ื ืชืืื ืืฉืชืืฉืื ื-KeyPair ืืื ืืืฉืชืืฉ ืืืคืชื ืืื ืืืฆืคื ื ืืืืืจ ืืคืขื ืื. ืืื ืืืื ื ืงืืืช ืืืฆืคื ื ืืื ืฉืจืง ืื ืืขื ืืืื ืืคืขื ื ืืืชื; ืืื ืืืฆืคื ืช ืขื ืืคืชื ืฆืืืืจื, ืืืคืขื ืืช ืจืง ืขื ืืคืชื ืคืจืื.
ืืชืืื ืืืืืืืืช
ืืคื ืฉืจืืื ื ืืืขืื, ืืืืจืช ืืืคืชื ืืฆืืืืจื, ื ืืชื ืืฉืืื ื ืชืื ืื ืื ืฉืจืง ืืืขืืื ืฉื ืืืคืชื ืืคืจืื ืืืื ืืคืขื ื ืืืชื. ืืืืืจ, ืืืืืช ืฉื ืืฆืคื ื ืืกืืืืจืืช ืืื ืฉืื ืืื ืืฆืคืื, ืืื ืจืง ืื ืื ื ืงืืจืืื. ืืฉื ื ืื ืืืื ืืคืื - ืืชืืื ืืืืืืืืช, ืืืืืฆืืช ืขื ืืื ืืืืืงื Signature . ืืชืืื ืืืืืืืืช ืืืืื ืืืฉืชืืฉ ืืืืืืจืืชืืื ืืืืื: " ืืืืืจืืชืื ืืชืืื ". ืชืืขืื JCA ืืฆืืข ืืืกืชืื ืืงืจืื ืขื ืฉื ื ืืื: DSAwithMD5 ื-RSAwithMD5 ืื ืืื ืืืชืจ ื-DSA ืื RSA ืืื ืืืืื ืืื ืืื ืชืืืื ืืงืจืื ืืื: " ืืืื ืขืืื ืืื ืืื ืขืืืจ ืืขืืจืืช ืงืืฆืื ืืืฆืคื ืืช - RSA ืื DSA? ". ืื ืงืจื ืืช ืืืืื ืื ืืื: " RSA ืืขืืืช DSA ืขืืืจ ืืคืชืืืช ืืืืืช SSH ". ืื, ืืชืืื ืืืืืืืืช. ื ืฆืืจื, ืืื ืงืืื, KeyPair ืืืืืงืช Signature ืืืฉื. ืื ืืืงืชื ืขื ืื ืืืืืจืื ืืงืืื ืื, ืืืืืื ืืืื ืขืฉืืื ืืืืืช ืืขื ืงืฉื ืขืืืจื. ืืืืืื ืฉืื ืจืฆื ืจืง ืืื: rextester.com . ืื ื ืืืืืืื ืืช ืืฉืืขืืจืื ืฉืื ื ืฆืจืืืื:import javax.crypto.*;
import java.security.*;
ืื ื ืื ื ืฉืืชื ืืช ืืฉืืื ืืขืืงืจืืช:
public static void main(String[] args) throws Exception {
// Generate keys
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
SecureRandom random = SecureRandom.getInstanceStrong();
generator.initialize(2048, random);
KeyPair keyPair = generator.generateKeyPair();
// Digital Signature
Signature dsa = Signature.getInstance("SHA256withRSA");
dsa.initSign(keyPair.getPrivate());
// Update and sign the data
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
byte[] data = cipher.doFinal("Hello!".getBytes());
dsa.update(data);
byte[] signature = dsa.sign();
// Verify signature
dsa.initVerify(keyPair.getPublic());
dsa.update(data);
boolean verifies = dsa.verify(signature);
System.out.println("Signature is ok: " + verifies);
// Decrypt if signature is correct
if (verifies) {
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] result = cipher.doFinal(data);
System.out.println(new String(result));
}
}
ืื ืขืืืืช ืืชืืื ืืืืืืืืช. ืืชืืื ืืืืืืืืช ืืื ื ืืฉื ืืขื ืืื. ืื ื ืืืืืฅ ืื ืืขืืื ืืืื ืื ืืฉื ืื:
ืืกืื ืืคืชื
ื-Java Cryptography Architecture ืืฆืืื ืืื ืืฉืื - ืืกืื ืืคืชื ืืื ืคืจืืืืงืื. ืืื ืืืืฆื ืขื ืืื ืืืืงืช KeyAgreement . ืืคื ืฉืฆืืื ืืชืืขืื JCA, ืคืจืืืืงืื ืื ืืืคืฉืจ ืืืกืคืจ ืฆืืืื ืืืืืืจ ืืช ืืืชื ืืคืชื ืงืจืืคืืืืจืคื ืืืื ืืฉืชืฃ ืืืืข ืกืืื ืืืฉืื ืืื ืืฆืืืื. ื ืฉืืข ืืืืจ? ืื ืืืื ื ืกืชืื ืขื ืืืืื:// 1. ะะดะฝะฐ ะธะท ััะพัะพะฝ (ะะปะธัะฐ) ะณะตะฝะตัะธััะตั ะฟะฐัั ะบะปััะตะน. Encoded ะฟัะฑะปะธัะฝัะน ะบะปัั ะพัะดะฐัั.
KeyPairGenerator generator = KeyPairGenerator.getInstance("DH");
KeyPair aliceKeyPair = generator.generateKeyPair();
byte[] alicePubKeyEncoded = aliceKeyPair.getPublic().getEncoded();
// 2. ะััะณะฐั ััะพัะพะฝะฐ (ะฝะฐะฟัะธะผะตั, ะะพะฑ) ะฟะพะปััะฐะตั ะพัะบััััะน ะบะปัั ะะปะธัั
KeyFactory bobKeyFactory = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(alicePubKeyEncoded);
PublicKey alicePubKey = bobKeyFactory.generatePublic(x509KeySpec);
// ะะฐัะฐะผะตััั, ะบะพัะพััะต ะธัะฟะพะปัะทะพะฒะฐะปะฐ ะะปะธัะฐ ะฟัะธ ะณะตะฝะตัะฐัะธะธ ะบะปััะตะน
DHParameterSpec dhParamFromAlicePubKey = ((DHPublicKey)alicePubKey).getParams();
// ะกะพะทะดะฐัั ัะฒะพั ะฟะฐัั ะบะปััะตะน. ะัะดะฐัั ัะฒะพะน Encoded ะพัะบััััะน ะบะปัั
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamFromAlicePubKey);
KeyPair bobKeyPair = bobKpairGen.generateKeyPair();
byte[] bobPubKeyEncoded = bobKeyPair.getPublic().getEncoded();
ะขะตะฟะตัั, ั ะะปะธัั ะตััั ะพัะบััััะน ะบะปัั ะะพะฑะฐ, ะฐ ั ะะพะฑะฐ ะตััั ะพัะบััััะน ะบะปัั ะะปะธัั. What ะดะฐะปััะต?
ะะฐะบ ัะบะฐะทะฐะฝะพ ะฒ documentะฐัะธะธ JCA, ั ะฝะฐั ะตััั ะธะฝััััะผะตะฝั KeyAgreement, https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html#KeyAgreement ะบะพัะพััะน ะฟะพะทะฒะพะปัะตั ัััะฐะฝะพะฒะธัั ะพะดะธะฝะฐะบะพะฒัะต ะบะปััะธ ัะธััะพะฒะฐะฝะธั ะฑะตะท ะฝะตะพะฑั
ะพะดะธะผะพััะธ ะพะฑะผะตะฝะธะฒะฐัััั ัะตะบัะตัะฝะพะน ะธะฝัะพัะผะฐัะธะตะน (ั.ะต. ะฑะตะท ะพะฑะผะตะฝะฐ private key). ะกะพะณะปะฐัะตะฝะธะต ะฒัะณะปัะดะธั ัะปะตะดัััะธะผ ะพะฑัะฐะทะพะผ:
// 3. ะกะพะณะปะฐัะตะฝะธะต ะฟะพ ะฟัะพัะพะบะพะปั ะะธััะธ-ะฅะตะปะปะผะฐะฝะฐ (DiffieโHellman, DH)
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKeyPair.getPrivate());
// ะะปะธัะฐ ะฝะฐ ะพัะฝะพะฒะต ะบะปััะฐ ะฑะพะฑะฐ ะธ ัะฒะพะตะณะพ private key ัะพะทะดะฐัั ะพะฑัะธะน shared ะบะปัั
KeyFactory aliceKeyFactory = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEncoded);
PublicKey bobPubKey = aliceKeyFactory.generatePublic(x509KeySpec);
aliceKeyAgree.doPhase(bobPubKey, true);
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
SecretKeySpec aliceAesKey = new SecretKeySpec(aliceSharedSecret, 0, 16, "AES");
// ะะพะฑ ะฝะฐ ะพัะฝะพะฒะต ะบะปััะฐ ะะปะธัั ะธ ัะฒะพะตะณะพ private key ัะพะทะดะฐัั ะพะฑัะธะน shared ะบะปัั
KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
bobKeyAgree.init(bobKeyPair.getPrivate());
bobKeyAgree.doPhase(alicePubKey, true);
byte[] bobSharedSecret = bobKeyAgree.generateSecret();
SecretKeySpec bobAesKey = new SecretKeySpec(bobSharedSecret, 0, 16, "AES");
// ะะฑัะธะน ะบะปัั ั ะะปะธัั ะธ ะะพะฑะฐ ะพะดะธะฝะฐะบะพะฒ
System.out.println("Shared keys are equals: " + Arrays.equals(aliceSharedSecret, bobSharedSecret));
ะะฐะปะตะต ะะพะฑ ะธ ะะปะธัะฐ, ะธัะฟะพะปัะทัั ะพะฑัะธะน ะบะปัั, ะฟัะพ ะบะพัะพััะน ะฑะพะปััะต ะฝะธะบัะพ ะฝะต ะทะฝะฐะตั, ะพะฑะผะตะฝะธะฒะฐัััั ะทะฐัะธััะพะฒะฐะฝะฝัะผะธ ะดะฐะฝะฝัะผะธ:
// 4. ะะพะฑ ัะธัััะตั ัะพะพะฑัะตะฝะธะต ะดะปั ะะปะธัั
Cipher bobCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
bobCipher.init(Cipher.ENCRYPT_MODE, bobAesKey);
byte[] ciphertext = bobCipher.doFinal("Hello, Alice!".getBytes());
// ะะตัะตะดะฐัั ะะปะธัะต ะฟะฐัะฐะผะตััั, ั ะบะพัะพััะผะธ ะฒัะฟะพะปะฝัะปะฐัั ัะธััะพะฒะบะฐ
byte[] encodedParamsFromBob = bobCipher.getParameters().getEncoded();
// 5. ะะปะธัะฐ ะฟัะธะฝะธะผะฐะตั ัะพะพะฑัะตะฝะธะต ะธ ัะฐััะธััะพะฒัะฒะฐะตั ะตะณะพ
AlgorithmParameters aesParams = AlgorithmParameters.getInstance("AES");
aesParams.init(encodedParamsFromBob);
Cipher aliceCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
aliceCipher.init(Cipher.DECRYPT_MODE, aliceAesKey, aesParams);
byte[] recovered = aliceCipher.doFinal(ciphertext);
System.out.println(new String(recovered));
ืืืืื ืื ื ืืงืื ืืืืืื ืืชืืขืื ืฉื JCA: " ืืืืืคื ืืคืชืืืช ืืืคื-ืืืื ืืื 2 ืฆืืืื ". ืื ื ืจืืืช ืืขืจื ืืฆืคื ื ื-ืกืืืืจืืช ืืืจืืืืงืืืจืช ื-Java Cryptography ืืืืฆืขืืช ืคืจืืืืงืื Key Agreement. ืืืืืข ื ืืกืฃ ืขื ืืฆืคื ื ืืกืืืืจืืช, ืกืจืืื ืื ืืืืืฆืื:
ืชืขืืืืช
ืืืื, ืืงืื ืื ืืฉ ืื ื ืขืืืื ืืฉืื ืื ืคืืืช ืืฉืื - ืชืขืืืืช. ืืืจื ืืื, ืืืฉืืจืื ื ืืฆืจืื ืืืืฆืขืืช ืืื ืืฉืืจืืช keytool ืืืืื ื-jdk. ืืชื ืืืื ืืงืจืื ืคืจืืื ื ืืกืคืื, ืืืฉื, ืืื: " ืืฆืืจืช ืชืขืืืช SSL ืืืชืืื ืขืฆืืืช ืืืืฆืขืืช ืคืงืืืช Java keytool ". ืืชื ืืืื ืื ืืงืจืื ืืช ืืืืจืืืื ืฉื ืืืจืงื. ืืืืืื, ืืื: " ืืื ืืืฉืชืืฉ ืืืื ืืคืชื ืืืฆืืจืช ืืืฉืืจ ืฉืจืช ". ืืืืืื, ืืืื ื ืฉืชืืฉ ื- Tutorialspoint Java Online Compiler :import sun.security.tools.keytool.CertAndKeyGen;
import sun.security.x509.*;
import java.security.cert.*;
import java.security.*;
// Compiler args: -XDignore.symbol.file
public class Main {
public static void main(String[] args) throws Exception {
CertAndKeyGen certGen = new CertAndKeyGen("RSA", "SHA256WithRSA", null);
// generate it with 2048 bits
certGen.generate(2048);
PrivateKey privateKey = certGen.getPrivateKey();
X509Key publicKey = certGen.getPublicKey();
// prepare the validity of the certificate
long validSecs = (long) 365 * 24 * 60 * 60; // valid for one year
// enter your details according to your application
X500Name principal = new X500Name("CN=My Application,O=My Organisation,L=My City,C=DE");
// add the certificate information, currently only valid for one year.
X509Certificate cert = certGen.getSelfCertificate(principal, validSecs);
// Public Key from Cert equals Public Key from generator
PublicKey publicKeyFromCert = cert.getPublicKey();
System.out.println(publicKeyFromCert.equals(publicKey));
}
}
ืืคื ืฉืื ื ืืืืืื ืืจืืืช, ืชืขืืื ืืกืคืงืช ืืช ืืืืืืช ืืกืคืง ืืคืชื ืฆืืืืจื. ืืฉืืื ืื ืืฉ ืืืกืจืื - ืื ื ืืฉืชืืฉืื sun.security
ื- ืฉื ืืฉื ืืกืืื, ืื... ืืืืื ืื ืืื ื ืืืง ืืืืฉืง ื-API ืืฆืืืืจื ืฉื Java. ืืื ืืืืื ืืืืืืจ ืืฉ ืฆืืจื ืืฆืืื ืืช ืืคืจืืืจ - XDignore.symbol.file
. ืืฉ ืืจื ื ืืกืคืช - ืืืฆืืจ ืชืขืืื ืืืืคื ืืื ื. ืืืืกืจืื ืืื ืฉืืื ืืฉืชืืฉ ื-API ืคื ืืื ืฉืืื ื ืืชืืขื. ืขื ืืืช, ืืืื ืืืขืช ืขื ืื. ืืื ืืคืืืช, ืื ืื ื ืจืื ืืืืจืืจ ืืืฆื ื ืขืฉื ืฉืืืืฉ ืืืคืจื RFC-2459: " Internet X.509 Public Key Infrastructure ". ืื ื ืืืืื:
// 1. ะะตะฝะตัะธััะตะผ ะฟะฐัั ะบะปััะตะน
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 2. ะะฟัะตะดะตะปัะตะผ ะดะฐะฝะฝัะต ัะตััะธัะธะบะฐัะฐ
// ะะฟัะตะดะตะปัะตะผ ััะพะบ ะดะตะนััะฒะธั ัะตััะธัะธะบะฐัะฐ
Date from = new Date();
Date to = new Date(from.getTime() + 365 * 1000L * 24L * 60L * 60L);
CertificateValidity interval = new CertificateValidity(from, to);
// ะะฟัะตะดะตะปัะตะผ subject name, ั.ะต. Name ัะพะณะพ, ั ัะตะผ ะฐััะพัะธะธัะพะฒะฐะฝ ะฟัะฑะปะธัะฝัะน ะบะปัั
// CN = Common Name. ะงะตัะตะท ัะพัะบั ั ะทะฐะฟััะพะน ะผะพะณัั ะฑััั ัะบะฐะทะฐะฝั ัะฐะบะถะต ะดััะณะธะต ะฐััะธะฑััั
// ะกะผ. https://docs.oracle.com/cd/E24191_01/common/tutorials/authz_cert_attributes.html
X500Name owner = new X500Name("cn=Unknown");
// ะฃะฝะธะบะฐะปัะฝัะน ะฒ ะฟัะตะดะตะปะฐั
CA, ั.ะต. Certificate Authority (ัะพั, ะบัะพ ะฒัะดะฐัั ัะตััะธัะธะบะฐั) ะฝะพะผะตั
BigInteger number = new BigInteger(64, new SecureRandom());
CertificateSerialNumber serialNumber = new CertificateSerialNumber(number);
// ะะฟัะตะดะตะปัะตะผ ะฐะปะณะพัะธัะผ ะฟะพะดะฟะธัะธ ัะตััะธัะธะบะฐัะฐ
AlgorithmId algorithmId = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
CertificateAlgorithmId certificateAlgorithmId = new CertificateAlgorithmId(algorithmId);
// 3. ะะพ ะฟะพะดะณะพัะพะฒะปะตะฝะฝะพะน ะธะฝัะพัะผะฐัะธะธ ัะพะทะดะฐัะผ ัะตััะธัะธะบะฐั
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, serialNumber);
info.set(X509CertInfo.SUBJECT, owner);
info.set(X509CertInfo.ISSUER, owner);
info.set(X509CertInfo.KEY, new CertificateX509Key(keyPair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.ALGORITHM_ID, certificateAlgorithmId);
// 4. ะะพะดะฟะธััะฒะฐะตะผ ัะตััะธัะธะบะฐั
X509CertImpl certificate = new X509CertImpl(info);
certificate.sign(keyPair.getPrivate(), "SHA256withRSA");
// 5. ะัะพะฒะตัะบะฐ ัะตััะธัะธะบะฐัะฐ
try {
// ะ ัะปััะฐะต ะพัะธะฑะบะธ ะทะดะตัั ะฑัะดะตั ะฑัะพัะตะฝะพ ะธัะบะปััะตะฝะธะต. ะะฐะฟัะธะผะตั: java.security.SignatureException
certificate.verify(keyPair.getPublic());
} catch (Exception e) {
throw new IllegalStateException(e);
}
Keystore (KeyStore)
ืืืืจ ืืืืจืื ืฉืืืืชื ืจืืฆื ืืืืจ ืขืืื ืืื ืื ืืช ืืืคืชืืืช ืืืชืขืืืืช, ืฉื ืงืจืืช KeyStore. ืืจืืจ ืฉืืคืงื ืืชืืืช ืฉื ืชืขืืืืช ืืืคืชืืืช ืืื ืืงืจื ืืืกืจืช ืืขื. ืืื, ืื ืฆืจืืืื ืืืืืช ืืืืืกื ืื ืืืืฉืื ืืืืื. ืืฉ ืืื ืืื - KeyStore. ืืืืจ ืืืคืชืืืช ืืชืืืจ ืืชืืขืื JCA ืืคืจืง " ื ืืืื ืืคืชืืืช ". ื-API ืืขืืืื ืืืชื ืืืื ืืจืืจ. ืื ื ืืืืื ืงืื ื:KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
String alias = "EntityAlias";
java.security.cert.Certificate[] chain = {certificate};
keyStore.setKeyEntry(alias, keyPair.getPrivate(), "keyPassword".toCharArray(), chain);
// ะะฐะณััะทะบะฐ ัะพะดะตัะถะธะผะพะณะพ (Private Key + Certificate)
Key key = keyStore.getKey(alias, "keyPassword".toCharArray());
Certificate[] certificateChain = keyStore.getCertificateChain(alias);
// ะกะพั
ัะฐะฝะตะฝะธะต KeyStore ะฝะฐ ะดะธัะบ
File file = File.createTempFile("security_", ".ks");
System.out.println(file.getAbsolutePath());
try (FileOutputStream fos = new FileOutputStream(file)) {
keyStore.store(fos, "keyStorePassword".toCharArray());
}
ืืคื ืฉื ืืชื ืืจืืืช ืืืืืืื, ืืื ืืืืฆืข ืชืืืื load
ืขืืืจ ื-KeyStore. ืืื ืืืงืจื ืฉืื ื, ืฆืืื ื ืืช ืืชืืื ื ืืจืืฉืื ื ื-null, ืืืืืจ. ืืื ืืงืืจ ื-KeyStore. ืืืฉืืขืืช ืืื ืฉื-KeyStore ื ืืฆืจ ืจืืง ืืื ืืฉืืืจ ืืืชื ืขืื ืืืชืจ. ืื ืืคืจืืืจ ืืฉื ื ืืื null, ืื ืื ื ืืืฆืจืื ืื ืืช KeyStore ืืืฉื. ืื ืืืื ื ืืืืืื ืืช KeyStore ืืงืืืฅ, ืื ืืืื ื ืฆืจืืืื ืืฆืืื ืืื ืกืืกืื (ืืืืื ืืฉืืืช KeyStore ืฉื ืงืจืืช store).
GO TO FULL VERSION