weixin_46297800
小刘不上班
采纳率0%
2021-03-02 11:22

android AES 加密安全吗

如果给你一条数据让你三层加密采用SecureRandom安全随机数,当key,使用GCM模式,.对他的安全随机数加

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 复制链接分享
  • 邀请回答

3条回答

  • weixin_46297800 小刘不上班 1月前
    //这是用到的工具
        // 生成安全随机数
        private static String getRandomKey() {
            String val = "";
            SecureRandom random = new SecureRandom();
            for (int i = 0; i < 16; i++) {
                String charOrNum = ((random.nextInt(2) % 2) == 0) ? "char" : "num";
                if ("char".equalsIgnoreCase(charOrNum)) {
                    int choice = ((random.nextInt(2) % 2) == 0) ? 65 : 97;
                    val += (char) (choice + random.nextInt(26));
                } else if ("num".equalsIgnoreCase(charOrNum)) {
                    val += String.valueOf(random.nextInt(10));
                }
            }
            return val;
        }
    
        // byte[]转换成16进制字符串
        public static String parseByte2HexStr(byte buf[]) {
            StringBuffer sb = new StringBuffer();
            for (int i = 0; i < buf.length; i++) {
                // 将每个字节都转成16进制的
                String hex = Integer.toHexString(buf[i] & 0xFF);
                if (hex.length() == 1) {
                    // 为保证格式统一,用两位16进制的表示一个字节
                    hex = '0' + hex;
                }
                sb.append(hex.toUpperCase());
            }
            return sb.toString();
        }
    
        // 16进展字符串转换成byte[]数组
        public static byte[] parseHexStr2Byte(String hexStr) {
            if (hexStr.length() < 1)
                return null;
            // 两个16进制表示一个字节,所以字节数组大小为hexStr.length() / 2
            byte[] result = new byte[hexStr.length() / 2];
            for (int i = 0; i < hexStr.length() / 2; i++) {
                // 每次获取16进制字符串中的两个转成10进制(0-255)
                int num = Integer.parseInt(hexStr.substring(i * 2, i * 2 + 2), 16);
                // 将10进制强转为byte
                result[i] = (byte) num;
            }
            return result;
        }
    点赞 评论 复制链接分享
  • weixin_46297800 小刘不上班 1月前
       private static String TRANSFORMATION = "AES/GCM/NoPadding";
        private static String random;
        private static String alias = "encryptData";
        private static String ANDROID_KEY_STORE = "AndroidKeyStore";
    
    
     // 加密随机数
        @RequiresApi(api = Build.VERSION_CODES.M)
        @SuppressLint("WrongConstant")
        public static SecretBean encryptRandow(Context context) {
            // 判断keystroe密钥库中是否存在该密钥
            if (!isHaveKeyStore(alias)) {
                createKey(alias);
            }
            try {
                KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
                keyStore.load(null);
                KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(alias, null);
                SecretKey secretKey = secretKeyEntry.getSecretKey();
                Cipher cipher = Cipher.getInstance(TRANSFORMATION);
                cipher.init(Cipher.ENCRYPT_MODE, secretKey);
                byte[] randomIV = cipher.getIV();
                byte[] bytes = cipher.doFinal(random.getBytes("UTF-8"));
                // 密文随机key
                String encryRandom = parseByte2HexStr(bytes);
                String iv = parseByte2HexStr(randomIV);
                // 返回密文秘钥
                SecretBean encryptBean = new SecretBean();
                encryptBean.setCiphertextKey(encryRandom);
                encryptBean.setWorkingIV(iv);
                return encryptBean;
            } catch (Exception e) {
                e.printStackTrace();
                Log.i("lwx random ", e.getMessage());
                return null;
            }
        }
        // 加密明文
        @RequiresApi(api = Build.VERSION_CODES.M)
        public static SecretBean encryptData(String needEncrypt, Context context) {
            // 生成安全随机数
            random = getRandomKey();
            try {
                Cipher cipher = Cipher.getInstance(TRANSFORMATION);
                // 明文随机key
                SecretKeySpec secretKeySpec = new SecretKeySpec(random.getBytes("UTF-8"), TRANSFORMATION);
                // 初始化 cipher
                cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
                byte[] cipherIV = cipher.getIV();
                byte[] priencrypted = cipher.doFinal(needEncrypt.getBytes("UTF-8"));
                // 转换成密文字符串
                String encryptedText = parseByte2HexStr(priencrypted);
                String iv = parseByte2HexStr(cipherIV);
                SecretBean encryBean = new SecretBean();
                encryBean.setCipherIV(iv);
                encryBean.setEncryptedText(encryptedText);
                return encryBean;
            } catch (Exception e) {
                String message = e.getMessage();
                Log.i("lwx", "massage" + message);
                return null;
            }
        }
    
    
    点赞 评论 复制链接分享
  • m0_49364644 pqNZ 1月前

    算法本身是安全的。AES暴力破解,算力要求也是很高的。关键是你用于加密的key何如保存或者说保护,一般逆向破解就是去发掘key。使用的是什么算法,一般根据算法特征还是很好猜测与定位的。

    点赞 评论 复制链接分享