import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
public class Encryptor {
/** エリアス名 */
private static final String ALIAS_NAME = "aesKey";
/** 暗号化キーを保存するファイル */
private File keyFile;
/** 認証用パスワード */
private static final char[] KEY_PASSWORD = {'p', 'a', 's', 's', 'w', 'o',
'r', 'd'};
/** IV */
private static final IvParameterSpec IV = new IvParameterSpec("1234567812345678".getBytes());
/** keyStore */
private KeyStore jceks;
public static void main(
String[] args) throws IOException {
Encryptor encryptor = new Encryptor(new File(".keyFile"));
/* 初期化(keyStoreをロード */
encryptor.initialize();
/* 鍵を保存 */
encryptor.saveKey();
/* 暗号化 */
byte[] encrypt = encryptor.encrypt("これを暗号化するよ");
/* 復号化 */
byte[] decrypt = encryptor.decrypt(encrypt);
System.out.println("new String(decrypt) = " + new String(decrypt));
}
public Encryptor(File keyFile) {
this.keyFile = keyFile;
}
private void initialize() throws IOException {
FileInputStream inputStream = null;
if (keyFile.exists()) {
inputStream = new FileInputStream(keyFile);
}
KeyStore jceks;
try {
jceks = KeyStore.getInstance("JCEKS");
jceks.load(inputStream, KEY_PASSWORD);
} catch (CertificateException | NoSuchAlgorithmException | KeyStoreException | IOException e) {
throw new IllegalStateException("failed to load key store.", e);
} finally {
if (inputStream != null) {
inputStream.close();
}
}
this.jceks = jceks;
}
private byte[] encrypt(String text) {
try {
Key key = loadKey(ALIAS_NAME);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key, IV);
return cipher.doFinal(text.getBytes());
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
throw new IllegalStateException("failed to encrypt.", e);
}
}
private byte[] decrypt(byte[] encryptData) {
try {
Key key = loadKey(ALIAS_NAME);
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, key, IV);
return cipher.doFinal(encryptData);
} catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException | NoSuchPaddingException | InvalidKeyException | InvalidAlgorithmParameterException | IllegalBlockSizeException | BadPaddingException e) {
throw new IllegalStateException("failed to encrypt.", e);
}
}
private Key loadKey(String key) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
return jceks.getKey(ALIAS_NAME, KEY_PASSWORD);
}
private void saveKey() throws IOException {
try {
if (!jceks.isKeyEntry(ALIAS_NAME)) {
// 任意のキーを生成してkeyStoreにセット
KeyGenerator aes = KeyGenerator.getInstance("AES");
jceks.setKeyEntry(ALIAS_NAME, aes.generateKey(), KEY_PASSWORD, null);
}
// keyStoreファイルを保存
try (FileOutputStream outputStream = new FileOutputStream(keyFile)) {
jceks.store(outputStream, KEY_PASSWORD);
}
} catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
throw new IllegalStateException("failed to store key.", e);
}
}
}
2012年3月24日土曜日
JavaでAES暗号
KeyStoreで鍵を管理して、その鍵をつかって暗号化と復号化をするコード。
