怎样用Java的加密机制来保护你的数据

1/5/2008来源:Java教程人气:5618


  java开发工具包(JDK)对加密和安全性有很好的支持。其中一个优势就是其内置的对Socket通信的支持。因此,很轻易做到在服务器和客户之间建立安全的数据流。
  
  Java streams 是一个强大的编程工具。java.io包提供了很多标准的流类型,并能很轻易的建立自己的流类型。流的一个有用的特点是和链表一样的简单处理过程。表A是一个用链表读取文本的例子:
  
  ufferedReader br =
  new BufferedReader(
  new FileReader(“c:\foo.txt”));
  String line = null;
  while((line =
  br.readLine()) != null)
  {
  System.out.PRintln(line);
  }
  
  这段代码将 FileReader和 BufferedReader链接起来。我们在用客户机/服务器应用程序的时候也会用到类似的概念。
  
  要害字
  
  对于验证来说,要害字很重要,表B(KeyGen.java)提供了一个称为getSecretKey的标准方法。通过运行KeyGen来产生一个要害字。因为我们采用同步方法,所以客户机和服务器必须用相同的要害字。
  
  isting B?KeyGen.java
  
  /*
  * Created by IntelliJ IDEA.
  * User: jbirchfield
  * Date: Mar 19, 2002
  * Time: 9:33:22 AM
  */
  
  import com.sun.crypto.provider.SunJCE;
  
  import javax.crypto.KeyGenerator;
  import java.io.FileInputStream;
  import java.io.FileNotFoundException;
  import java.io.FileOutputStream;
  import java.io.IOException;
  import java.io.ObjectInputStream;
  import java.io.ObjectOutputStream;
  import java.security.Key;
  import java.security.NoSUChAlgorithmException;
  import java.security.Security;
  
  public class KeyGen
  {
  
  public static final String
  KEY_FILE = "secret.key";
  public static final String
  ALGORITHM = "DES";
  
  public static void main(String[] args)
  {
  Security.addProvider(new SunJCE());
  new KeyGen();
  }
  
  public KeyGen()
  {
  KeyGenerator kg = null;
  try {
  kg = KeyGenerator.
  getInstance(ALGORITHM);
  Key key = kg.generateKey();
  writeKey(KEY_FILE, key);
  }
  catch (NoSuchAlgorithmException e)
  {
  e.printStackTrace();
  }
  }
  
  private void writeKey(String
  filename, Object o)
  {
  try {
  FileOutputStream fos =
  new FileOutputStream(filename);
  ObjectOutputStream oos =
  new ObjectOutputStream(fos);
  oos.writeObject(o);
  oos.flush();
  fos.close();
  }
  catch (IOException e) {
  e.printStackTrace();
  }
  }
  
  public static Key getSecretKey()
  {
  Security.addProvider(new SunJCE());
  FileInputStream fis = null;
  try
  {
  fis = new FileInputStream(KEY_FILE);
  }
  catch (FileNotFoundException e)
  {
  e.printStackTrace();
  }
  Key key = null;
  
  try {
  ObjectInputStream ois = null;
  ois = new ObjectInputStream(fis);
  key = null;
  key = (Key) ois.readObject();
  }
  catch (IOException e)
  {
  e.printStackTrace();
  }
  catch (ClassNotFoundException e)
  {
  e.printStackTrace();
  }
  System.out.println("key = " + key);
  return key;
  }
  }
  
  安全socket
  
  我们从一个简单的类开始,它提供我们在普通socket对象之上的加密。表C(SecretSocket.java)包含了两段代码-Socket和Key对象。我们的构造器创建了变量并初始化了密码:
  
  outCipher = Cipher.getInstance(algorithm);
  outCipher.init(Cipher.ENCRYPT_MODE, key);
  inCipher = Cipher.getInstance(algorithm);
  inCipher.init(Cipher.DECRYPT_MODE, key);
  
  isting C?SecretSocket.java
  
  /*
  * Created by IntelliJ IDEA.
  * User: jbirchfield
  * Date: Mar 20, 2002
  * Time: 9:07:51 AM
  */
  
  import org.bouncycastle.
  jce.provider.BouncyCastleProvider;
  
  import javax.crypto.Cipher;
  import javax.crypto.CipherInputStream;
  import javax.crypto.CipherOutputStream;
  import javax.crypto.KeyGenerator;
  import javax.crypto.NoSuchPaddingException;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.OutputStream;
  import java.net.Socket;
  import java.net.UnknownHostException;
  import java.security.InvalidKeyException;
  import java.security.Key;
  import java.security.NoSuchAlgorithmException;
  import java.security.NoSuchProviderException;
  import java.security.Security;
  
  public class SecretSocket
  {
  
  private Key key = null;
  private Cipher outCipher = null;
  private Cipher inCipher = null;
  private CipherInputStream cis = null;
  private CipherOutputStream cos = null;
  
  private Socket socket = null;
  
  private String algorithm = "DES";
  
  public SecretSocket
  (Socket socket, Key key)
  {
  this.socket = socket;
  this.key = key;
  algorithm = key.getAlgorithm();
  initializeCipher();
  
  }
  
  private void initializeCipher()
  {
  try
  {
  outCipher = Cipher.getInstance
  (algorithm);
  outCipher.init(Cipher.ENCRYPT_MODE, key);
  inCipher = Cipher.getInstance
  (algorithm);
  inCipher.init(Cipher.DECRYPT_MODE, key);
  }
  catch (NoSuchAlgorithmException e)
  {
  e.printStackTrace();
  }
  catch (NoSuchPaddingException e)
  {
  e.printStackTrace();
  }
  catch (InvalidKeyException e)
  {
  e.printStackTrace();
  }
  
  }
  
  public InputStream getInputStream()
  throws IOException {
  InputStream is =
  socket.getInputStream();
  cis = new CipherInputStream
  (is, inCipher);
  return cis;
  }
  
  public OutputStream getOutputStream()
  throws IOException {
  OutputStream os
  = socket.getOutputStream();
  cos = new CipherOutputStream
  (os, outCipher);
  return cos;
  }
  }
  
  因为socket是双向的通信,所以我们采用两个密码。加密输出的数据并解密输入的数据。我们使用getInputStream()和getOutputStream(),这两种方法来加密合解密通用的输入和输出的经过包装的数据流。见表D。
  
  isting D
  
  public InputStream getInputStream()
  throws IOException
  {
  InputStream is = socket.getInputStream();
  cis = new CipherInputStream(is, inCipher);
  return cis;
  }
  public OutputStream getOutputStream()
  throws IOException {
  OutputStream os = socket.getOutputStream();
  cos = new CipherOutputStream(os, outCipher);
  return cos;
  }
  
  在JCE的javax.crypto包中包含CipherInputStream和CipherOutputStream这两种流类型。他们接收输入输出的流对象和密码对象。
  
  Socket 服务器
  
  开始写我们的socket服务器类吧。表E(SecretSocketServer.java)是一个完整的列表。SecretSocketServer在一个端口打开ServerSocket,当接收到连接时,使用SocketHandler产生一个线程来操作连接。
  
  isting E?SecretSocketServer.java
  
  /*
  * Created by IntelliJ IDEA.
  * User: jbirchfield
  * Date: Mar 20, 2002
  * Time: 9:32:17 AM
  */
  
  import java.net.ServerSocket;
  import java.net.Socket;
  import java.io.IOException;
  
  public class SecretSocketServer
  {
  
  public static void
  main(String[] args)
  {
  new SecretSocketServer();
  }
  
  public SecretSocketServer()
  {
  ServerSocket ss = null;
  try {
  ss = new ServerSocket(4444);
  }
  catch (IOException e)
  {
  e.printStackTrace();
  }
  while(true) {
  try {
  System.out.println
  ("Waiting...");
  Socket s = ss.accept