//package
/*
运行本程序你需要下载jce，bouncy castle的jce with provider and lightweight api
网止是 http://www.bouncycastle.org
配置如下：
在windows中，你需要把下载的bcprov-jdk14-119.jar文件拷贝到两个地方：
一个在你安装的jdk目录中，比如说我的是c:/j2sdk1.4.0-rc/jre/lib/ext
另一个在你的jdk运行环境中，我的是在
c:/program files/java/j2re1.4.0-rc/lib/ext；
另外还要在对两个java.security进行修改：
我的在 c:/j2sdk1.4.0-rc/jre/lib/security/java.security；
c:/program files/java/j2re1.4.0-rc/lib/security/java.security;
在java.security中加入 security.provider.6=org.bouncycastle.jce.provider.bouncycastleprovider
如果一切顺利，你就可以运行本程序了。

该程序具有对你的文件加解密功能。需要你指定的数据，程序中已给了接口。
比如说你指定了要加密的文件名"4.txt",加密后的文件存放位置"6.txt",
还有口令password如"liufeng"后，运行该程序，那么"6.txt" 中将是"4.txt"的密文。
注意口令是解密的钥匙，不要忘记。
其他解密过程自己参考。

本程序利用会话密钥加密，提供很多接口。如果你项目中需要加密过程，可以稍加改进为你所用
*/
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
import javax.crypto.spec.*;
import java.io.*;
import java.util.*;


public class fileencryptorrsa {


private static final int iterations=1000;//计算次数，在加盐中用到
private static byte[] publickeybytes;//公钥
private static byte[] privatekeybytes;//私钥
private static string sessionkey;//会话密钥
public static string encrypt_privatekey_file="1.txt";//该文件放置加密的私钥
private static string text_file="4.txt";//要加密的文件
private static string encrptor_text_file="5.txt";//被加密后的文件
private static string dencryptor_text_file="6.txt";//解密后的文件
private static string password="liufeng";//口令用于加密私钥


public void settext_file(string filename){
text_file=filename;
}
public void setencrypt_privatekey_file(string filename){
encrypt_privatekey_file=filename;
}
public string getencrypt_privatekey_file(){
return encrypt_privatekey_file;
}

public void setencrptor_text_file(string filename){
encrptor_text_file=filename;
}
public string getencrptor_text_file(){
return encrptor_text_file;
}
public void setdencryptor_text_file(string filename){
dencryptor_text_file=filename;
}
public string getdencryptor_text_file(){
return dencryptor_text_file;
}
public void setpassword(string password){
this.password=password;
}


//create a rsa secretkey
public static void createkey()throws exception{
keypairgenerator keypairgenerator=keypairgenerator.getinstance("rsa");
keypairgenerator.initialize(1024);
keypair keypair=keypairgenerator.genkeypair();
//得到公钥的字节数组
publickeybytes=keypair.getpublic().getencoded();
//得到私钥
byte[] privatekeybytes=keypair.getprivate().getencoded();
byte[] encrytedprivatekey=passwordencrypt(password.tochararray(),privatekeybytes);
fileoutputstream fos=new fileoutputstream(encrypt_privatekey_file);
fos.write(encrytedprivatekey);
fos.close();
}



//通过给的口令加密私钥
private static byte[] passwordencrypt(char[] password,byte[] privatekeybytes)
throws exception{
//create 8 byte salt
byte[] salt=new byte[8];
random random=new random();
random.nextbytes(salt);
//create a pbe key and cipher
pbekeyspec keyspec=new pbekeyspec(password);
secretkeyfactory keyfactory=secretkeyfactory.getinstance("pbewithshaandtwofish-cbc");
secretkey key=keyfactory.generatesecret(keyspec);
pbeparameterspec paramspec=new pbeparameterspec(salt,iterations);
cipher cipher=cipher.getinstance("pbewithshaandtwofish-cbc");
cipher.init(cipher.encrypt_mode,key,paramspec);
//encrypt the byte[]
byte[] cipherprikey=cipher.dofinal(privatekeybytes);
//write out salt ,and then the cipherprikey
bytearrayoutputstream baos=new bytearrayoutputstream();
baos.write(salt);
baos.write(cipherprikey);
return baos.tobytearray();
}



//用会话密钥加密给定的文件，然后用公钥加密会话密钥，并存入文件中
//最后加密后的文件由密钥长度+已加密的密钥（会话密钥）+密文
public static void encrypt()throws exception{

//转换成rsa密钥
x509encodedkeyspec keyspec=new x509encodedkeyspec(publickeybytes);
keyfactory keyfactory=keyfactory.getinstance("rsa");
publickey publickey=keyfactory.generatepublic(keyspec);
//打开存贮密文的文件
dataoutputstream output=new dataoutputstream(new fileoutputstream(encrptor_text_file));
//创建rsa的cipher
cipher rsacipher=cipher.getinstance("rsa/ecb/pkcs1padding");
rsacipher.init(cipher.encrypt_mode,publickey);
//创建会话密钥(rijndael)
keygenerator rijndaelkeygenerator=keygenerator.getinstance("rijndael");
rijndaelkeygenerator.init(256);
key rijndaelkey=rijndaelkeygenerator.generatekey();
//公钥加密会话密钥
byte[] encodedkeybytes=rsacipher.dofinal(rijndaelkey.getencoded());
output.writeint(encodedkeybytes.length);
output.write(encodedkeybytes);
//产生iv向量
securerandom random=new securerandom();
byte[] iv=new byte[16];
random.nextbytes(iv);
output.write(iv);

//加密正文
ivparameterspec spec=new ivparameterspec(iv);
cipher symmetriccipher=cipher.getinstance("rijndael/cbc/pkcs5padding");
symmetriccipher.init(cipher.encrypt_mode,rijndaelkey,spec);
cipheroutputstream cos=new cipheroutputstream(output,symmetriccipher);
fileinputstream input=new fileinputstream(text_file);

int thebyte=0;
while((thebyte=input.read())!=-1){
cos.write(thebyte);
}
input.close();
cos.close();
return;
}



//得到私钥
private static byte[] passworddecrypt(char[] password,byte[] ciphertext)
throws exception{
byte[] salt=new byte[8];
bytearrayinputstream bais=new bytearrayinputstream(ciphertext);
bais.read(salt,0,8);
byte[] remainingciphertext=new byte[ciphertext.length-8];
bais.read(remainingciphertext,0,ciphertext.length-8);
pbekeyspec keyspec=new pbekeyspec(password);
secretkeyfactory keyfactory=secretkeyfactory.getinstance("pbewithshaandtwofish-cbc");
secretkey key=keyfactory.generatesecret(keyspec);
pbeparameterspec paramspec=new pbeparameterspec(salt,iterations);
cipher cipher=cipher.getinstance("pbewithshaandtwofish-cbc");
cipher.init(cipher.decrypt_mode,key,paramspec);
return cipher.dofinal(remainingciphertext);
}


//解密加密的文件
public static void decrypt()
throws exception{
fileinputstream fis=new fileinputstream(encrypt_privatekey_file);
bytearrayoutputstream baos=new bytearrayoutputstream();
int thebyte=0;
while((thebyte=fis.read())!=-1){
baos.write(thebyte);
}
fis.close();
//得到被加密的私钥
byte[] keybytes=baos.tobytearray();
baos.close();
//得到私钥
byte[] skey=passworddecrypt(password.tochararray(),keybytes);
//产生rsa私钥
pkcs8encodedkeyspec keyspec=new pkcs8encodedkeyspec(skey);
keyfactory keyfactory=keyfactory.getinstance("rsa");
privatekey privatekey=keyfactory.generateprivate(keyspec);
cipher rsacipher=cipher.getinstance("rsa/ecb/pkcs1padding");

datainputstream dis=new datainputstream(new fileinputstream(encrptor_text_file));
//读密文中密码长度和密码
byte[] encryptedkeybytes=new byte[dis.readint()];
dis.readfully(encryptedkeybytes);
rsacipher.init(cipher.decrypt_mode,privatekey);
byte[] rijdaelkeybytes=rsacipher.dofinal(encryptedkeybytes);
//得到会话密钥
secretkey rijndaelkey=new secretkeyspec(rijdaelkeybytes,"rijndael");
byte[] iv=new byte[16];
dis.read(iv);
ivparameterspec spec=new ivparameterspec(iv);
//用会话密钥解密正文
cipher cipher=cipher.getinstance("rijndael/cbc/pkcs5padding");
cipher.init(cipher.decrypt_mode,rijndaelkey,spec);

cipherinputstream cis=new cipherinputstream(dis,cipher);
fileoutputstream fos=new fileoutputstream(dencryptor_text_file);

thebyte=0;
while((thebyte=cis.read())!=-1){
fos.write(thebyte);
}
cis.close();
fos.close();
return;
}
public static void main(string[] args)throws exception{
createkey();
encrypt();
decrypt();
}
}