有没有一种简单的方法来加密 java 对象?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16950833/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Is there an easy way to encrypt a java object?
提问by user2041469
I'd like to store a serialized object to a file however I'd like to make it encrypted. It doesn't need to be really strong encryption. I just want something easy (preferably a couple lines of code max)that will make it a bit more difficult for someone else to load. I've looked into SealedObject but the key's are holding me up. Ideally I'd like to just pass a String as the key to encrypt / decrypt the object.
我想将一个序列化的对象存储到一个文件中,但是我想对其进行加密。它不需要是真正强大的加密。我只是想要一些简单的东西(最好是最多几行代码),这会让其他人加载起来更加困难。我已经研究过 SealedObject 但关键是阻止了我。理想情况下,我只想传递一个字符串作为加密/解密对象的密钥。
Any suggestions?
有什么建议?
回答by Michael Cheremuhin
Try this code:
试试这个代码:
String fileName = "result.dat"; //some result file
//You may use any combination, but you should use the same for writing and reading
SecretKey key64 = new SecretKeySpec( new byte[] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }, "Blowfish" );
Cipher cipher = Cipher.getInstance( "Blowfish" );
//Code to write your object to file
cipher.init( Cipher.ENCRYPT_MODE, key64 );
Person person = new Person(); //some object to serialise
SealedObject sealedObject = new SealedObject( person, cipher);
CipherOutputStream cipherOutputStream = new CipherOutputStream( new BufferedOutputStream( new FileOutputStream( fileName ) ), cipher );
ObjectOutputStream outputStream = new ObjectOutputStream( cipherOutputStream );
outputStream.writeObject( sealedObject );
outputStream.close();
//Code to read your object from file
cipher.init( Cipher.DECRYPT_MODE, key64 );
CipherInputStream cipherInputStream = new CipherInputStream( new BufferedInputStream( new FileInputStream( fileName ) ), cipher );
ObjectInputStream inputStream = new ObjectInputStream( cipherInputStream );
SealedObject sealedObject = (SealedObject) inputStream.readObject();
Person person1 = (Person) sealedObject.getObject( cipher );
回答by Leo Rohr
Using CipherOutPutStream(http://docs.oracle.com/javase/6/docs/api/javax/crypto/CipherOutputStream.html) to write the objects into the ObjectOutputStream might be an easy and good approach here.
使用CipherOutPutStream( http://docs.oracle.com/javase/6/docs/api/javax/crypto/CipherOutputStream.html) 将对象写入 ObjectOutputStream 可能是一种简单而好的方法。
回答by Daniel Kaplan
You should look into Jasypt. It has a bunch of utility functions to make this easy.
你应该看看Jasypt。它有一堆实用函数来简化这个过程。
...
BasicTextEncryptor textEncryptor = new BasicTextEncryptor();
textEncryptor.setPassword(myEncryptionPassword);
...
String myEncryptedText = textEncryptor.encrypt(myText);
...
String plainText = textEncryptor.decrypt(myEncryptedText);
...
回答by Nirmal Dhara
Use SealedObject and Cipher class to Encrypt and decrypt the object.
使用 SealedObject 和 Cipher 类对对象进行加密和解密。
What is SealedObject?
什么是密封对象?
SealedObject encapsulate the original java object(it should implements Serializable). It use the cryptographic algorithm to seals the serialized content of the object.
SealedObject 封装了原始的java 对象(它应该实现Serializable)。它使用密码算法来密封对象的序列化内容。
What is Cipher?
什么是密码?
This is a java class, use cryptographic algorithm for encryption and decryption.
这是一个java类,使用密码算法进行加解密。
Sample code
示例代码
below is the sample code.
下面是示例代码。
EncriptThisClass so = new EncriptThisClass();
SealedObject encryptedObject =encryptObject(so);
EncriptThisClass etcObject=decryptObject(encryptedObject);
For complete code please visit the below link. http://javaant.com/object-encryption-decryption-in-java/#.VvkA6RJ96Hs
如需完整代码,请访问以下链接。 http://javaant.com/object-encryption-decryption-in-java/#.VvkA6RJ96Hs
回答by David says Reinstate Monica
Cant you just use any encryption library at all? Your basic code would be
你不能只使用任何加密库吗?你的基本代码是
Object o=...;
String s= new String();
ObjectOutputStream out = new ObjectOutputStream(StringStream(s));
out.writeObject(o);
And then you just pass sinto any encryption system you want.
然后你就可以s进入任何你想要的加密系统。
Edit: I forgot that StringStreamis a C++ thing, not a Java one. But you can basically do the same thing, take a look here.
编辑:我忘了那StringStream是 C++ 的东西,而不是 Java 的东西。但是你基本上可以做同样的事情,看看这里。
回答by Signus
As a general answer (since I don't use Java much these days):
作为一般答案(因为这些天我很少使用 Java):
I suggest searching multiple forms of encryption and find which suits what you'd like to do, and then to find and modify a module already written for your data or to write your own based off of the algorithm that you would like use.
我建议搜索多种形式的加密并找到适合您想要做什么的加密形式,然后找到并修改已经为您的数据编写的模块,或者根据您想要使用的算法编写自己的模块。
For example if you wanted to use SHA256 and found a module already written for you, just modify it to use the data stream you want.
例如,如果您想使用 SHA256 并发现已经为您编写的模块,只需修改它以使用您想要的数据流。
private ObjectName modifiedSHA256(input stream, ..., ...)
{
// Modified algorithm
}
And then you can make a call to it whenever you want to write the data stream somewhere. The module will then save its own data stream which is then written to a file.
然后,只要您想在某处写入数据流,就可以调用它。然后模块将保存自己的数据流,然后将其写入文件。
回答by user207421
javax.crypto.SealedObjectis definitely the answer. What's the problem with the keys?
javax.crypto.SealedObject绝对是答案。钥匙有什么问题?
