SM4加解密(JAVA)

Edited on In

SM4 是国家密码管理局于2012年3月21日发布的分组密码算法。

加解密JAVA 实现

引入依赖

1
2
3
4
5
6
7
8
9
10
11
12
13

<dependencies>
    <dependency>
        <groupId>org.bouncycastle</groupId>
        <artifactId>bcprov-jdk15to18</artifactId>
        <version>1.71</version>
    </dependency>
    <dependency>
        <groupId>commons-codec</groupId>
        <artifactId>commons-codec</artifactId>
        <version>1.15</version>
    </dependency>
</dependencies>

代码

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.util.Base64;

public class SecretUtil {
    private static final Logger log = LoggerFactory.getLogger(SecretUtil.class);
    private static final Provider BOUNCY_CASTLE_PROVIDER = new BouncyCastleProvider();
    private static final String SM4 = "SM4";

    private SecretUtil() {
    }

    /**
     * 生成 sm4 密钥
     *
     * @return 密钥(Base16)
     */
    public static String generateSm4Key() {
        try {
            KeyGenerator kg = KeyGenerator.getInstance(SM4, BOUNCY_CASTLE_PROVIDER);
            kg.init(128, new SecureRandom());
            byte[] encoded = kg.generateKey().getEncoded();
            return new String(Hex.encodeHex(encoded));
        } catch (NoSuchAlgorithmException e) {
            log.error("生成 SM4 key 失败:{}", e.getMessage(), e);
            return null;
        }
    }

    /**
     * SM4 加密
     *
     * @param content 待加密内容
     * @param key     密钥
     * @return 加密后结果(Base64编码)
     */
    public static String sm4Encrypt(String content, String key) {
        try {
            return encrypt(content, Hex.decodeHex(key), SM4, BOUNCY_CASTLE_PROVIDER);
        } catch (DecoderException e) {
            log.error("SM4 数据加密失败,key 无法解析:{}", e.getMessage(), e);
            return null;
        }
    }


    /**
     * SM4 解密
     *
     * @param content 内容(Base64编码)
     * @param key     私钥
     * @return 解密后数据
     */
    public static String sm4Decrypt(String content, String key) {
        try {
            return decrypt(content, Hex.decodeHex(key), SM4, BOUNCY_CASTLE_PROVIDER);
        } catch (DecoderException e) {
            log.error("SM4 数据解密失败,key 无法解析:{}", e.getMessage(), e);
            return null;
        }
    }

    public static String encrypt(String content, byte[] key, String algorithm, Provider provider) {
        try {
            Cipher cipher = provider == null
                    ? Cipher.getInstance(algorithm)
                    : Cipher.getInstance(algorithm, provider);
            cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, algorithm));
            byte[] encryptStr = cipher.doFinal(content.getBytes(StandardCharsets.UTF_8));
            return Base64.getEncoder().encodeToString(encryptStr);
        } catch (Exception e) {
            log.error("{} 数据加密失败:{}", algorithm, e.getMessage(), e);
            return null;
        }
    }

    public static String decrypt(String content, byte[] key, String algorithm, Provider provider) {
        try {
            byte[] encryptByte = Base64.getDecoder().decode(content);
            Cipher cipher = provider == null
                    ? Cipher.getInstance(algorithm)
                    : Cipher.getInstance(algorithm, provider);
            cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, algorithm));
            byte[] decryptBytes = cipher.doFinal(encryptByte);
            return new String(decryptBytes);
        } catch (Exception e) {
            log.error("{} 数据解密失败:{}", algorithm, e.getMessage(), e);
            return null;
        }
    }
}

本文地址: https://github.com/maxzhao-it/blog/post/848ae74e/