tiny-engine-backend-java/base/src/main/java/com/tinyengine/it/common/utils/SM4Utils.java at eae40931af0863a18c373b92081cdac19a839b3a · lu-yg/tiny-engine-backend-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package com.tinyengine.it.common.utils;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Base64;

public class SM4Utils {

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private static final String ALGORITHM = "SM4";
    private static final String TRANSFORMATION_ECB = "SM4/ECB/PKCS5Padding";
    private static final int KEY_SIZE = 128;

    /**
     * 生成 SM4 密钥
     */
    public static String generateKeyBase64() throws Exception {
        byte[] key = generateKey();
        return Base64.getEncoder().encodeToString(key);
    }

    public static byte[] generateKey() throws Exception {
        KeyGenerator kg = KeyGenerator.getInstance(ALGORITHM, "BC");
        kg.init(KEY_SIZE, new SecureRandom());
        SecretKey secretKey = kg.generateKey();
        return secretKey.getEncoded();
    }

    /**
     * ECB 模式加密 - 只加密API密钥值 (Base64 结果)
     */
    public static String encryptECB(String apiKey, String base64Key) throws Exception {
        byte[] key = Base64.getDecoder().decode(base64Key);
        byte[] encrypted = encryptECB(apiKey.getBytes("UTF-8"), key);
        return Base64.getEncoder().encodeToString(encrypted);
    }

    /**
     * ECB 模式解密 - 直接返回API密钥
     */
    public static String decryptECB(String encryptedBase64, String base64Key) throws Exception {
        byte[] key = Base64.getDecoder().decode(base64Key);
        byte[] encrypted = Base64.getDecoder().decode(encryptedBase64);
        byte[] decrypted = decryptECB(encrypted, key);
        return new String(decrypted, "UTF-8");
    }

    // ECB 模式的底层方法保持不变
    private static byte[] encryptECB(byte[] data, byte[] key) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, ALGORITHM);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION_ECB, "BC");
        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
        return cipher.doFinal(data);
    }

    private static byte[] decryptECB(byte[] encryptedData, byte[] key) throws Exception {
        SecretKeySpec secretKeySpec = new SecretKeySpec(key, ALGORITHM);
        Cipher cipher = Cipher.getInstance(TRANSFORMATION_ECB, "BC");
        cipher.init(Cipher.DECRYPT_MODE, secretKeySpec);
        return cipher.doFinal(encryptedData);
    }

}