面试题答案
一键面试设计思路
- 非对称加密传输对称密钥:
- 发送方使用接收方的公钥对对称加密算法(如AES)的密钥进行加密。
- 接收方使用自己的私钥对加密后的对称密钥进行解密,得到对称加密的密钥。
- 对称加密传输大量数据:
- 发送方使用得到的对称加密密钥对大量数据进行加密。
- 接收方使用相同的对称加密密钥对加密后的数据进行解密。
关键代码示例
- 生成非对称密钥对:
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
public class KeyGenerator {
public static KeyPair generateKeyPair() throws NoSuchAlgorithmException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
return keyPairGenerator.generateKeyPair();
}
}
- 使用非对称加密传输对称密钥:
import javax.crypto.Cipher;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
public class AsymmetricEncryption {
public static byte[] encrypt(Key publicKey, byte[] data) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
public static byte[] decrypt(PrivateKey privateKey, byte[] encryptedData) throws Exception {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(encryptedData);
}
}
- 使用对称加密传输大量数据:
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import java.security.SecureRandom;
public class SymmetricEncryption {
public static SecretKey generateSecretKey() throws Exception {
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(256);
return keyGenerator.generateKey();
}
public static byte[] encrypt(SecretKey secretKey, byte[] data) throws Exception {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
SecureRandom random = new SecureRandom();
byte[] iv = new byte[16];
random.nextBytes(iv);
cipher.init(Cipher.ENCRYPT_MODE, secretKey, new javax.crypto.spec.IvParameterSpec(iv));
byte[] encrypted = cipher.doFinal(data);
byte[] encryptedIVAndData = new byte[iv.length + encrypted.length];
System.arraycopy(iv, 0, encryptedIVAndData, 0, iv.length);
System.arraycopy(encrypted, 0, encryptedIVAndData, iv.length, encrypted.length);
return encryptedIVAndData;
}
public static byte[] decrypt(SecretKey secretKey, byte[] encryptedIVAndData) throws Exception {
byte[] iv = new byte[16];
System.arraycopy(encryptedIVAndData, 0, iv, 0, iv.length);
byte[] encrypted = new byte[encryptedIVAndData.length - iv.length];
System.arraycopy(encryptedIVAndData, iv.length, encrypted, 0, encrypted.length);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, secretKey, new javax.crypto.spec.IvParameterSpec(iv));
return cipher.doFinal(encrypted);
}
}
- 完整示例:
public class HybridEncryptionExample {
public static void main(String[] args) throws Exception {
// 生成非对称密钥对
KeyPair keyPair = KeyGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
// 生成对称密钥
SecretKey secretKey = SymmetricEncryption.generateSecretKey();
// 使用非对称加密传输对称密钥
byte[] encryptedSecretKey = AsymmetricEncryption.encrypt(publicKey, secretKey.getEncoded());
// 接收方解密对称密钥
byte[] decryptedSecretKey = AsymmetricEncryption.decrypt(privateKey, encryptedSecretKey);
SecretKey receivedSecretKey = new javax.crypto.spec.SecretKeySpec(decryptedSecretKey, "AES");
// 要传输的数据
String data = "Hello, this is a large amount of data to be encrypted";
byte[] originalData = data.getBytes();
// 使用对称加密传输大量数据
byte[] encryptedData = SymmetricEncryption.encrypt(secretKey, originalData);
// 接收方解密大量数据
byte[] decryptedData = SymmetricEncryption.decrypt(receivedSecretKey, encryptedData);
System.out.println("Original data: " + new String(originalData));
System.out.println("Decrypted data: " + new String(decryptedData));
}
}
上述代码示例展示了如何在Java中设计一个混合加密机制,结合非对称加密传输对称密钥和对称加密传输大量数据的过程。请注意,在实际应用中,还需要考虑异常处理、密钥管理等更多细节。