🍯Crypto(Hutool-crypto)
SymmetricCrypto

SymmetricCrypto

Introduction

Symmetric encryption, also known as private key encryption, refers to encryption algorithms that use the same key for both encryption and decryption. Sometimes referred to as traditional cryptography, the encryption key can be derived from the decryption key and vice versa. In most symmetric algorithms, the encryption key and the decryption key are the same, so they are also known as secret key algorithms or single-key algorithms. It requires that the sender and receiver agree on a key before secure communication. The security of symmetric algorithms depends on the key, and if the key is leaked, anyone can decrypt the messages they send or receive. Therefore, the confidentiality of the key is crucial for the security of communication.

For symmetric encryption, JDK is encapsulated. For specific information, please refer to: https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyGenerator

  • AES (default `AES/ECB/PKCS5Padding)
  • ARCFOUR
  • Blowfish
  • DES (default DES/ECB/PKCS5Padding)
  • DESede
  • RC2
  • PBEWithMD5AndDES
  • PBEWithSHA1AndDESede
  • PBEWithSHA1AndRC2_40

Usage

General Usage

Taking AES algorithm as an example:

String content = "test中文";

// Generate a random key
byte[] key = SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded();

// Create a SymmetricCrypto instance
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);

// Encrypt the content
byte[] encrypt = aes.encrypt(content);
// Decrypt the encrypted content
byte[] decrypt = aes.decrypt(encrypt);

// Encrypt the content and represent it in hexadecimal form
String encryptHex = aes.encryptHex(content);
// Decrypt the encrypted content represented in hexadecimal form into a string
String decryptStr = aes.decryptStr(encryptHex, CharsetUtil.CHARSET_UTF_8);

DESede Implementation 

String content = "test中文";

byte[] key = SecureUtil.generateKey(SymmetricAlgorithm.DESede.getValue()).getEncoded();

SymmetricCrypto des = new SymmetricCrypto(SymmetricAlgorithm.DESede, key);

// Encrypt the content
byte[] encrypt = des.encrypt(content);
// Decrypt the encrypted content
byte[] decrypt = des.decrypt(encrypt);

// Encrypt the content and represent it in hexadecimal string form (Hex representation)
String encryptHex = des.encryptHex(content);
// Decrypt the encrypted content represented in hexadecimal form into a string
String decryptStr = des.decryptStr(encryptHex);

AES Encapsulation

AES, full name Advanced Encryption Standard, is also known as Rijndael encryption in cryptography.

For Java, the default mode for AES is: AES/ECB/PKCS5Padding. If using CryptoJS, please adjust to: padding: CryptoJS.pad.Pkcs7.

  1. Quick Construction
String content = "test中文";

// Generate a random key
byte[] key = SecureUtil.generateKey(SymmetricAlgorithm.AES.getValue()).getEncoded();

// Construct AES instance
AES aes = SecureUtil.aes(key);

// Encrypt the content
byte[] encrypt = aes.encrypt(content);
// Decrypt the encrypted content
byte[] decrypt = aes.decrypt(encrypt);

// Encrypt the content and represent it in hexadecimal form
String encryptHex = aes.encryptHex(content);
// Decrypt the encrypted content represented in hexadecimal form into a string
String decryptStr = aes.decryptStr(encryptHex, CharsetUtil.CHARSET_UTF_8);
  1. Custom Built-in Mode and Offset
AES aes = new AES(Mode.CTS, Padding.PKCS5Padding, "0CoJUm6Qyw8W8jud".getBytes(), "0102030405060708".getBytes());
  1. PKCS7Padding Mode

Due to requirements for AES encryption on mobile devices such as IOS, the mode must be PKCS7Padding. However, JDK itself does not provide this mode, so additional steps are necessary to support it.

First, introduce the bc library:

<dependency>
 <groupId>org.bouncycastle</groupId>
 <artifactId>bcprov-jdk15to18</artifactId>
 <version>1.68</version>
</dependency>
AES aes = new AES("CBC", "PKCS7Padding", 
 // Key, can be customized
 "0123456789ABHAEQ".getBytes(), 
 // IV salt, add as per actual requirements
 "DYgjCEIMVrj2W9xN".getBytes());

// Encrypt the content and represent it in hexadecimal form
String encryptHex = aes.encryptHex(content);
// Decrypt the encrypted content represented in hexadecimal form into a string
String decryptStr = aes.decryptStr(encryptHex);

DES Encapsulation

DES stands for Data Encryption Standard and is a block algorithm that uses key encryption. The default implementation in Java is: DES/CBC/PKCS5Padding.

The usage of DES is consistent with AES. The construction method is as follows:

  1. Quick Construction
byte[] key = SecureUtil.generateKey(SymmetricAlgorithm.DES.getValue()).getEncoded();
DES des = SecureUtil.des(key);
  1. Custom Mode and Offset
DES des = new DES(Mode.CTS, Padding.PKCS5Padding, "0CoJUm6Qyw8W8jud".getBytes(), "01020304".getBytes());

SM4

Starting from 4.2.1, Hutool can support the national cryptography algorithm with the help of the Bouncy Castle library, taking SM4 as an example:

We first need to introduce the Bouncy Castle library:

<dependency>
  <groupId>org.bouncycastle</groupId>
  <artifactId>bcpkix-jdk15on</artifactId>
  <version>1.60</version>
</dependency>

Then we can call the SM4 algorithm, and the calling method is consistent with other algorithms:

String content = "test中文";
SymmetricCrypto sm4 = new SymmetricCrypto("SM4");

String encryptHex = sm4.encryptHex(content);
String decryptStr = sm4.decryptStr(encryptHex, CharsetUtil.CHARSET_UTF_8); //test中文

Similarly, we can specify the encryption mode and offset:

String content = "test中文";
SymmetricCrypto sm4 = new SymmetricCrypto("SM4/ECB/PKCS5Padding");

String encryptHex = sm4.encryptHex(content);
String decryptStr = sm4.decryptStr(encryptHex, CharsetUtil.CHARSET_UTF_8); //test中文
SecureUtilAsymmetricCrypto