DH算法（密钥交换算法）

一 对称加密缺点
密钥传递过程复杂，这是对称加密带来的困扰。

二 DH密钥交换算法特点
构建本地密钥
双方密钥一致

三 DH相关参数



四 DH算法实现过程
1、初始化发送方的密钥（KeyPairGenerator、KeyPair、PublicKey）
2、初始化接受方的密钥（KeyFactory、X509EncodedKeySpec、DHPublicKey、DHParameterSpec、KeyPairGenerator、PrivateKey）
3、密钥构建（KeyAgeement、SecretKey、KeyFactory、X509EncodeKeySpec、PublicKey）
4、加密和解密（Cipher）

五 DH代码实现过程

package com.imooc.security.dh;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.interfaces.DHPublicKey;
import javax.crypto.spec.DHParameterSpec;

import org.apache.commons.codec.binary.Base64;

//import com.sun.org.apache.xalan.internal.utils.Objects;

public class ImoocDH {

private static String src = "cakin24 security dh";

public static void main(String[] args) {
jdkDH();
}

public static void jdkDH() {
try {
//1.初始化发送方密钥
KeyPairGenerator senderKeyPairGenerator = KeyPairGenerator.getInstance("DH");
senderKeyPairGenerator.initialize(512);
KeyPair senderKeyPair = senderKeyPairGenerator.generateKeyPair();
byte[] senderPublicKeyEnc = senderKeyPair.getPublic().getEncoded();//发送方公钥，发送给接收方（网络、文件。。。）

//2.初始化接收方密钥
KeyFactory receiverKeyFactory = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(senderPublicKeyEnc);
PublicKey receiverPublicKey = receiverKeyFactory.generatePublic(x509EncodedKeySpec);
DHParameterSpec dhParameterSpec = ((DHPublicKey)receiverPublicKey).getParams();
KeyPairGenerator receiverKeyPairGenerator = KeyPairGenerator.getInstance("DH");
receiverKeyPairGenerator.initialize(dhParameterSpec);
KeyPair receiverKeypair = receiverKeyPairGenerator.generateKeyPair();
PrivateKey receiverPrivateKey = receiverKeypair.getPrivate();
byte[] receiverPublicKeyEnc = receiverKeypair.getPublic().getEncoded();

//3.密钥构建
KeyAgreement receiverKeyAgreement = KeyAgreement.getInstance("DH");
receiverKeyAgreement.init(receiverPrivateKey);
receiverKeyAgreement.doPhase(receiverPublicKey, true);
SecretKey receiverDesKey = receiverKeyAgreement.generateSecret("DES");

KeyFactory senderKeyFactory = KeyFactory.getInstance("DH");
x509EncodedKeySpec = new X509EncodedKeySpec(receiverPublicKeyEnc);
PublicKey senderPublicKey = senderKeyFactory.generatePublic(x509EncodedKeySpec);
KeyAgreement senderKeyAgreement = KeyAgreement.getInstance("DH");
senderKeyAgreement.init(senderKeyPair.getPrivate());
senderKeyAgreement.doPhase(senderPublicKey, true);
SecretKey senderDesKey = senderKeyAgreement.generateSecret("DES");
//if (Objects.equals(receiverDesKey, senderDesKey)) {
if(receiverDesKey.equals(senderDesKey)){
System.out.println("双方密钥相同");
}

//4.加密
Cipher cipher = Cipher.getInstance("DES");
cipher.init(Cipher.ENCRYPT_MODE, senderDesKey);
byte[] result = cipher.doFinal(src.getBytes());
System.out.println("jdk dh encrypt : " + Base64.encodeBase64String(result));

//5.解密
cipher.init(Cipher.DECRYPT_MODE, receiverDesKey);
result = cipher.doFinal(result);
System.out.println("jdk dh decrypt : " + new String(result));
} catch (Exception e) {
e.printStackTrace();
}
}

}

六 实现效果
双方密钥相同
jdk dh encrypt : wqnKvpQve05UD64OCQGXcQu5rcssEVSu
jdk dh decrypt : cakin24 security dh

七 应用场景