com.feilong.security.symmetric.SymmetricType Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of feilong Show documentation

feilong is a suite of core and expanded libraries that include utility classes, http, excel,cvs, io classes, and much much more.

There is a newer version: 4.0.8

Show newest version

/*
 * Copyright (C) 2008 feilong
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *         http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.feilong.security.symmetric;

/**
 * 对称加密的类型.
 * 
 * 对比
 * 
 * 
 * 
 * Use AES.
 * 
 * In more details:
 * Comparison of
 * DES, Triple DES, AES, blowfish encryption for data
 * 
 * 

 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 字段 说明
{@link #DES} is the old "data encryption standard" from the seventies. 

 * Its key size is too short for proper security (56 effective bits; this can be brute-forced, as has been demonstrated more than ten years
 * ago). 

 * Also, DES uses 64-bit blocks, which raises some potential issues when encrypting several gigabytes of data with the same key (a gigabyte
 * is not that big nowadays).
{@link #DESede} or {@link #TripleDES} is a trick to reuse DES implementations, by cascading three instances of DES (with distinct keys). 

 * 3DES is believed to be secure up to at least "2112" security (which is quite a lot, and quite far in the realm of
 * "not breakable with today's technology"). 

 * But it is slow, especially in software (DES was designed for efficient hardware implementation, but it
 * sucks in software; and 3DES sucks three times as much).
{@link #Blowfish} is a block cipher proposed by Bruce Schneier, and deployed in some softwares. 

 * Blowfish can use huge keys and is believed secure, except with regards to its block size, which is 64 bits, just like DES and 3DES.
 * Blowfish is efficient in software, at least on some software platforms (it uses key-dependent lookup tables, hence performance depends on
 * how the platform handles memory and caches).
{@link #AES}(推荐使用) is the successor of DES as standard symmetric encryption algorithm for US federal organizations (and as standard for pretty much
 * everybody else, too). 

 * AES accepts keys of 128, 192 or 256 bits (128 bits is already very unbreakable), uses 128-bit blocks (so no issue there), and is
 * efficient in both software and hardware. 

 * It was selected through an open competition involving hundreds of cryptographers during several years. 

 * Basically, you cannot have better than that.
 * 
 * 
 * So, when in doubt, use AES.

 * 
 * Note that a block cipher is a box which encrypts "blocks" (128-bit chunks of data with AES). When encrypting a "message" which may be
 * longer than 128 bits, the message must be split into blocks, and the actual way you do the split is called the mode of operation or
 * "chaining". The naive mode (simple split) is called ECB and has issues. Using a block cipher properly is not easy, and it is more
 * important than selecting between, e.g., AES or 3DES.
 * 
 * 
 * 
 * @author feilong
 * @version 1.0 2012-3-24 下午11:36:22
 * @see 加解密在线测试网站
 * @see JCA Reference Guide
 * @see JCA Standard Algorithm Name
 *      Documentation
 */
public enum SymmetricType{

    /**
     * Data Encryption Standard,即数据加密算法.
     * 
     * 
     * 数据示例: LdCGo0dplVASWwJrvlHqpw==
     * 
     * 
     * key size must be equal to 56
     * 
     * 
     * 它是IBM公司于1975年研究成功并公开发表的
     * 
     * 
     * DES算法把64位的明文输入块变为64位的密文输出块,它所使用的密钥也是64位

     * DES共有四种工作模式{@code -->>}ECB:电子密码本模式、CBC:加密分组链接模式、CFB:加密反馈模式、OFB:输出反馈模式
     * 
     * 最常用的对称加密算法,安全性较差,

     * The Digital Encryption Standard as described in FIPS PUB 46-2.
     */
    DES("DES"),

    /**
     * Triple DES Encryption (DES-EDE),针对DES安全性的改进产生了能满足当前安全需要的TripleDES算法,等于 {@link #TripleDES}
     * 
     * 数据示例: sIVcl7DB9hzAsiGKGFVJ2g==
     * 
     * 
     * key size must be equal to 112 or 168.
     * 
     * 

     * 3DES(或称为Triple DES)是三重数据加密算法(TDEA,Triple Data Encryption Algorithm)块密码的通称.

     * 它相当于是对每个数据块应用三次DES加密算法.由于计算机运算能力的增强,原版DES密码的密钥长度变得容易被暴力破解;

     * 3DES即是设计用来提供一种相对简单的方法,即通过增加DES的密钥长度来避免类似的攻击,而不是设计一种全新的块密码算法.
     * 
     * @see 加解密在线测试网站
     */
    DESede("DESede"),

    /**
     * The Triple des.
     * 
     * @deprecated please use {@link #DESede}
     */
    @SuppressWarnings("dep-ann")
    TripleDES("TripleDES"),

    /**
     * (对称加密首选) Advanced Encryption
     * Standard as specified by NIST in a draft FIPS.
     * 
     * 
     * 是替代DES算法的新算法,可提供很好的安全性.
     * 
     * 
     * 
     * 数据示例: MKNbK/ieTaepCk8SefgPMw==
     * 
     * 
     * Based on the Rijndael algorithm by Joan Daemen and Vincent Rijmen

     * AES is a 128-bit block cipher supporting keys of 128, 192, and 256 bits

     */
    AES("AES"),

    /**
     * Blowfish.
     * 
     * 数据示例: BVl2k0U5+qrX8Otcg/4NXQ==
     * 
     * The block cipher designed by Bruce Schneier,key size must be multiple of 8, and can only range from 32 to 448 (inclusive)

     * 密钥长度可达448位.
     */
    Blowfish("Blowfish"),

    /**
     * RC2.
     * 
     * 数据示例: CyJ22S/ct5YAhv5wMCTFZQ==
     * 
     * key size must be between 40 and 1024 bits.
     */
    RC2("RC2"),

    /**
     * RC4.
     * 
     * 数据示例: Jo5UARgjNRbDaL0VW77a
     * 
     * 

     * s key size must be between 40 and 1024 bits.
     */
    RC4("RC4"),

    /**
     * ARCFOUR.
     * 
     * 数据示例: R1qRmIN8s4VY7OTRspIA
     * 
     */
    ARCFOUR("ARCFOUR");

    // java.security.NoSuchAlgorithmException: RSA KeyGenerator not available
    // java.security.InvalidKeyException: No installed provider supports this key: (null)
    // RSA,

    // java.security.NoSuchAlgorithmException: Cannot find any provider supporting RC5
    // RC5,

    // java.security.NoSuchAlgorithmException: Cannot find any provider supporting Serpent
    // Serpent,

    // Cannot find any provider supporting Twofish
    // Twofish,

    // PBEWithMD5AndDES KeyGenerator not available
    // PBEWithMD5AndDES,

    //---------------------------------------------------------------

    // Cannot find any provider supporting PBE
    // PBE,

    // Cannot find any provider supporting HMAC
    // HMAC,

    // Cannot find any provider supporting HmacMD5
    // HmacMD5,

    //Cannot find any provider supporting HmacSHA1
    //HMAC(Hash Message Authentication Code,散列消息鉴别码,基于密钥的Hash算法的认证协议。
    //    HmacSHA1("HMAC-SHA1")

    //---------------------------------------------------------------

    /** 算法. */
    private String algorithm;

    //---------------------------------------------------------------

    /**
     * Instantiates a new symmetric type.
     *
     * @param algorithm
     *            the algorithm
     */
    private SymmetricType(String algorithm){
        this.algorithm = algorithm;
    }

    //---------------------------------------------------------------

    /**
     * Gets the 算法.
     * 
     * @return the algorithm
     */
    public String getAlgorithm(){
        return algorithm;
    }

}

字段	说明
{@link #DES}	is the old "data encryption standard" from the seventies. * Its key size is too short for proper security (56 effective bits; this can be brute-forced, as has been demonstrated more than ten years * ago). * Also, DES uses 64-bit blocks, which raises some potential issues when encrypting several gigabytes of data with the same key (a gigabyte * is not that big nowadays).
{@link #DESede} or {@link #TripleDES}	is a trick to reuse DES implementations, by cascading three instances of DES (with distinct keys). * 3DES is believed to be secure up to at least "2112" security (which is quite a lot, and quite far in the realm of * "not breakable with today's technology"). * But it is slow, especially in software (DES was designed for efficient hardware implementation, but it * sucks in software; and 3DES sucks three times as much).
{@link #Blowfish}	is a block cipher proposed by Bruce Schneier, and deployed in some softwares. * Blowfish can use huge keys and is believed secure, except with regards to its block size, which is 64 bits, just like DES and 3DES. * Blowfish is efficient in software, at least on some software platforms (it uses key-dependent lookup tables, hence performance depends on * how the platform handles memory and caches).
{@link #AES}(推荐使用)	is the successor of DES as standard symmetric encryption algorithm for US federal organizations (and as standard for pretty much * everybody else, too). * AES accepts keys of 128, 192 or 256 bits (128 bits is already very unbreakable), uses 128-bit blocks (so no issue there), and is * efficient in both software and hardware. * It was selected through an open competition involving hundreds of cryptographers during several years. * Basically, you cannot have better than that.