加密算法 #
AES 加密算法 #
类型:AES
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| aes-key-value | String | AES 使用的 KEY,无长度限制,可以由数字、字母、特殊字符组成 |
| key-manager | String | 密钥管理算法的名称 |
其他可选配置: 以下配置参数为算法内部实现使用,用户默认不需要关心,使用默认配置即可。
| 名称 | 数据类型 | 说明 |
|---|---|---|
| aes-key-bit-length | String | AES KEY 的字节长度,可选配置,默认为 128 bit。可配置为 128,192,256。Engine 内部会根据 digest-algorithm-name 属性指定的摘要算法将 aes-key-value 配置转换成对应长度的 secret key 给当前加密算法使用 |
| digest-algorithm-name | String | AES KEY 的摘要算法,可选配置 默认值:SHA-512 可配置的项:“MD2”, “MD5”, “SHA-1”, “SHA-224”, “SHA-256”, “SHA-384”, “SHA-512”, “SHA-512/224”, “SHA-512/256”, “SHA3-224”, “SHA3-256”, “SHA3-384”, “SHA3-512” |
说明:AES 算法的配置项(aes-key-value、aes-key-bit-length、digest-algorithm-name) 与 key-manager 二选一配置即可。
示例:
aes-key-value: test
当配置如上参数时,初始化加密算法的处理流程如下:
1.将用户配置的 aes-key-value 参数值使用 String.getBytes(StandardCharsets.UTF_8) 方法转换为字节数组。本示例中会将 test 转换成 1110100011001010111001101110100;
2.使用默认的 SHA-512 摘要算法(可以通过 digest-algorithm-name 参数选择配置),对步骤1中的结果进行摘要处理。本示例中处理结果为 1001111110000110110100001000000110001000010011000111110101100101100110100010111111101010101000001100010101011010110100000001010110100011101111110100111100011011001010110000101110000010001011001101000101011101011011000001010110110000111100000000101000001000;
3.由于 AES 算法使用的密钥有长度要求,因此会对步骤2中的结果进行截取操作,以生成符合 AES 算法密钥长度的最终密钥。默认情况下,处理结果的长度为 128 位(bit),可以通过 aes-key-bit-length 参数选择配置。本示例中处理结果为 10011111100001101101000010000001100010000100110001111101011001011001101000101111111010101010000011000101010110101101000000010101。
DES 加密算法 #
类型:SphereEx:DES
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| des-key-value | String | DES 使用的 KEY,无长度限制,可以由数字、字母、特殊字符组成。Engine 内部会通过 digest-algorithm-name 算法将该值转换成 64 位的 secret key 给当前加密算法使用 |
| key-manager | String | 密钥管理算法的名称 |
其他可选配置: 以下配置参数为算法内部实现使用,用户默认不需要关心,使用默认配置即可。
| 名称 | 数据类型 | 说明 |
|---|---|---|
| digest-algorithm-name | String | DES KEY 的摘要算法,可选配置 默认值:SHA-512 可配置的项:“MD2”, “MD5”, “SHA-1”, “SHA-224”, “SHA-256”, “SHA-384”, “SHA-512”, “SHA-512/224”, “SHA-512/256”, “SHA3-224”, “SHA3-256”, “SHA3-384”, “SHA3-512” |
说明:DES 的配置项 (des-key-value、digest-algorithm-name) 与 key-manager 二选一配置即可。
示例:
des-key-value: test
当配置如上参数时,初始化加密算法的处理流程如下:
1.将用户配置的 des-key-value 参数值使用 String.getBytes(StandardCharsets.UTF_8) 方法转换为字节数组。本示例中会将 test 转换成 1110100011001010111001101110100;
2.使用默认的 SHA-512 摘要算法(可以通过 digest-algorithm-name 参数选择配置),对步骤1中的结果进行摘要处理。本示例中处理结果为 1001111110000110110100001000000110001000010011000111110101100101100110100010111111101010101000001100010101011010110100000001010110100011101111110100111100011011001010110000101110000010001011001101000101011101011011000001010110110000111100000000101000001000;
3.由于 DES 算法使用的密钥有长度要求,因此会对步骤2中的结果进行截取操作,以生成符合 DES 算法 64 位(bit)密钥长度要求的最终密钥。默认情况下 。本示例中处理结果为 1001111110000110110100001000000110001000010011000111110101100101。
DESEDE(3DES) 加密算法 #
类型:SphereEx:DESEDE
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| desede-key-value | String | DESEDE 使用的 KEY,无长度限制,可以由数字、字母、特殊字符组成 |
| key-manager | String | 密钥管理算法的名称 |
其他可选配置: 以下配置参数为算法内部实现使用,用户默认不需要关心,使用默认配置即可。
| 名称 | 数据类型 | 说明 |
|---|---|---|
| desede-key-bit-length | String | DESEDE KEY 的字节长度,可选配置,默认为 192 bit。可配置为 168,192。Engine 内部会根据 digest-algorithm-name 属性指定的摘要算法将 desede-key-value 配置转换成对应长度的 secret key 给当前加密算法使用 |
| digest-algorithm-name | String | DESEDE KEY 的摘要算法,可选配置 默认值:SHA-512 可配置的项:“MD2”, “MD5”, “SHA-1”, “SHA-224”, “SHA-256”, “SHA-384”, “SHA-512”, “SHA-512/224”, “SHA-512/256”, “SHA3-224”, “SHA3-256”, “SHA3-384”, “SHA3-512” |
说明:DESEDE 的配置项 (desede-key-value、desede-key-bit-length、digest-algorithm-name) 与 key-manager 二选一配置即可。
示例:
desede-key-value: test
当配置如上参数时,初始化加密算法的处理流程如下:
1.将用户配置的 desede-key-value 参数值使用 String.getBytes(StandardCharsets.UTF_8) 方法转换为字节数组。本示例中会将 test 转换成 1110100011001010111001101110100;
2.使用默认的 SHA-512 摘要算法(可以通过 digest-algorithm-name 参数选择配置),对步骤1中的结果进行摘要处理。本示例中处理结果为 1001111110000110110100001000000110001000010011000111110101100101100110100010111111101010101000001100010101011010110100000001010110100011101111110100111100011011001010110000101110000010001011001101000101011101011011000001010110110000111100000000101000001000;
3.由于 DESEDE 算法使用的密钥有长度要求,因此会对步骤2中的结果进行截取操作,以生成符合 AES 算法密钥长度的最终密钥。默认情况下,处理结果的长度为 192 位(bit),可以通过 desede-key-bit-length 参数选择配置。本示例中处理结果为 100111111000011011010000100000011000100001001100011111010110010110011010001011111110101010100000110001010101101011010000000101011010001110111111010011110001101100101011000010111000001000101100。
RC4 加密算法 #
类型:RC4
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| rc4-key-value | String | RC4 使用的 KEY |
| key-manager | String | 密钥管理算法的名称 |
说明:rc4-key-value 与 key-manager 二选一配置即可。
示例:
rc4-key-value: test
当配置如上参数时,初始化加密算法的处理流程如下:
将用户配置的 rc4-key-value 参数值使用 String.getBytes(StandardCharsets.UTF_8) 方法转换为字节数组,作为 RC4 算法的密钥使用。本示例中会将 test 转换成 1110100011001010111001101110100;
SM2 加密算法 #
类型:SphereEx:SM2
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| sm2-public-key-value | String | SM2 算法使用的公钥,BASE64 格式 |
| sm2-private-key-value | String | SM2 算法使用的私钥,BASE64 格式,私钥会加密存储 |
| key-manager | String | 密钥管理算法的名称 |
说明:SphereEx:SM2 的配置(sm2-public-key-value、sm2-private-key-value) 与 key-manager 二选一配置即可。
示例:
sm2-public-key-value: MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE0oppHTfuiESO0DR+9c5g7iRlrbDHgPVeRQzNsskL4ZSHkYvyms76Zv4He95WySnTuZMo0OaQchhRbmXIkXRuyA==
sm2-private-key-value: MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQg7ltTxwCxo5gUftPXTLCfDCKCvl7284CRkc/bk4YyzJagCgYIKoEcz1UBgi2hRANCAATSimkdN+6IRI7QNH71zmDuJGWtsMeA9V5FDM2yyQvhlIeRi/Kazvpm/gd73lbJKdO5kyjQ5pByGFFuZciRdG7I
当配置如上参数时,初始化加密算法的处理流程如下:
将用户配置的 sm2-public-key-value 和 sm2-private-key-value 参数值分别进行 BASE64 解码操作,得到对应的二进制公钥和私钥如下:
公钥:110000010110010011000000010011000001100000011100101010100001100100100011001110001111010000001000000001000001100000100000101010100000010001110011001111010101010000000110000010001011010000001101000010000000000000010011010010100010100110100100011101001101111110111010001000010001001000111011010000001101000111111011110101110011100110000011101110001001000110010110101101101100001100011110000000111101010101111001000101000011001100110110110010110010010000101111100001100101001000011110010001100010111111001010011010110011101111101001100110111111100000011101111011110111100101011011001001001010011101001110111001100100110010100011010000111001101001000001110010000110000101000101101110011001011100100010010001011101000110111011001000;
私钥:1100001000000110010011000000100000000100000000001100000001001100000110000001110010101010000110010010001100111000111101000000100000000100000110000010000010101010000001000111001100111101010101000000011000001000101101000001000111100100110000011101110000001000000001000000010000010000100000111011100101101101010011110001110000000010110001101000111001100000010100011111101101001111010111010011001011000010011111000011000010001010000010101111100101111011110110111100111000000010010001100100011100111111011011100100111000011000110010110011001001011010100000000010100000011000001000001010101000000100011100110011110101010100000001100000100010110110100001010001000000001101000010000000000000010011010010100010100110100100011101001101111110111010001000010001001000111011010000001101000111111011110101110011100110000011101110001001000110010110101101101100001100011110000000111101010101111001000101000011001100110110110010110010010000101111100001100101001000011110010001100010111111001010011010110011101111101001100110111111100000011101111011110111100101011011001001001010011101001110111001100100110010100011010000111001101001000001110010000110000101000101101110011001011100100010010001011101000110111011001000。
SM4 加密算法 #
类型:SM4
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| sm4-key | String | SM4 使用的 KEY (16 Bytes) |
| sm4-mode | String | SM4 使用的 MODE,可选配置为 “ECB”, “CBC”, “OFB”, “CFB”, “GCM”, “CCM” |
| sm4-iv | String | SM4 使用的 IV (MODE 为 CBC,OFB,CFB,GCM,CCM 时需指定。当 MODE 为 CCM 时长度为 8 Bytes,其他 MODE 长度为 16 Bytes) |
| sm4-padding | String | SM4 使用的 PADDING (PKCS5Padding,PKCS7Padding,NoPadding(ECB MODE 不可使用 NoPadding)) |
| key-manager | String | 密钥管理算法的名称 |
说明:SM4 的配置(sm4-key、sm4-mode、sm4-iv、sm4-padding)与 key-manager 二选一配置即可。
示例:
# 1.ECB 模式配置示例如下:
sm4-key: 4D744E003D713D054E7E407C350E447E
sm4-mode: ECB
sm4-padding: PKCS5Padding
# 2.CBC 模式配置示例如下:
sm4-key: f201326119911788cFd30575b81059ac
sm4-iv: e166c3391294E69cc4c620f594fe00d7
sm4-mode: CBC
sm4-padding: PKCS7Padding
# 3.OFB 模式配置示例如下:
sm4-key: f201326119911788cFd30575b81059ac
sm4-iv: e166c3391294E69cc4c620f594fe00d7
sm4-mode: OFB
sm4-padding: PKCS7Padding
# 4.CFB 模式配置示例如下:
sm4-key: f201326119911788cFd30575b81059ac
sm4-iv: e166c3391294E69cc4c620f594fe00d7
sm4-mode: CFB
sm4-padding: PKCS7Padding
# 5.GCM 模式配置示例如下:
sm4-key: f201326119911788cFd30575b81059ac
sm4-iv: e166c3391294E69cc4c620f594fe00d7
sm4-mode: GCM
sm4-padding: NoPadding
# 6.CCM 模式配置示例如下:
sm4-key: f201326119911788cFd30575b81059ac
sm4-iv: 3132333435363738
sm4-mode: CCM
sm4-padding: NoPadding
假设用户使用上面的 ECB配置示例时,初始化加密算法的处理流程如下:
1.将用户配置的 sm4-key 参数值使用 Hex.decodeHex(key) 方法将用户输入的16进制字符串转换为字节数组。本示例中会将 4D744E003D713D054E7E407C350E447E 转换成 1001101011101000100111000000000001111010111000100111101000001010100111001111110010000000111110000110101000011100100010001111110;当然,sm4-iv参数会做类似处理。
RSA2048 加密算法 #
类型:SphereEx:RSA
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| rsa-public-key-value | String | RSA 算法使用的公钥,BASE64 格式 |
| rsa-private-key-value | String | RSA 算法使用的私钥,BASE64 格式,私钥会加密存储 |
| key-manager | String | 密钥管理算法的名称 |
说明:RSA2048 的配置(rsa-public-key-value、rsa-private-key-value)与 key-manager 二选一配置即可。
示例:
sm2-public-key-value: MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAE0oppHTfuiESO0DR+9c5g7iRlrbDHgPVeRQzNsskL4ZSHkYvyms76Zv4He95WySnTuZMo0OaQchhRbmXIkXRuyA==
sm2-private-key-value: MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQg7ltTxwCxo5gUftPXTLCfDCKCvl7284CRkc/bk4YyzJagCgYIKoEcz1UBgi2hRANCAATSimkdN+6IRI7QNH71zmDuJGWtsMeA9V5FDM2yyQvhlIeRi/Kazvpm/gd73lbJKdO5kyjQ5pByGFFuZciRdG7I
当配置如上参数时,初始化加密算法的处理流程如下:
将用户配置的 rsa-public-key-value 和 rsa-private-key-value 参数值分别进行 BASE64 解码操作,得到对应的二进制公钥和私钥如下:
公钥:1100001000001000000001001000100011000000001101000001100000100100101010100001100100100010000110111101110000110100000001000000010000000100000101000000000000001110000010000000010000111100000000001100001000001000000001000010100000001010000010000000010000000100000000100111100100001110011001010101010011101110010100010001010101101110101011011000010001011011000101001000100011101101010110110000010010000100011100000010110010001001110111101111110000100101101111100101110000010100000100000000000101101100011011101001110100010100011011110100101101101000000101000000100101100100001111011001111110100101010010001000110101110001110010001110110000110100101110110100011011101100111111100100110001001000101101100100111010100100010001100100001110010100001001011100001111011111111101100111010111000010101011001011000111000100101001110001101000011110001101111101010000000001100001010100111100111010100100111001011100111111001100110110100000110110000010111001100010001000110010100010001001010111010011011000110011110100010001110100011101011101011000001001010110001000101110110011111011100011010111100010100110100111010000001111111011101110000111101000001011010001111100001111010100000000010011111101000011001100100001011100000110110111100101001010111001011100010011111000001011000011100010100010101010000000101111101110110001100001010101001001110011100101001101001000000011001111000101001001111001010100110100111111010111011101101001001001111001101000001010110011001001011000010101011010100101111111110101110100101001011000010011110100001101101101111001101001101011110001110111101101000101100101110100101110110000010011100000110000111110001101100001010001010110110001111011001000101100101100001101011111110000100010101010001010011010000011111100000010101010111101111111100101110000011011110100100000101101010111001101110001100110001011111100001010000011000010000110111111111100010011001101100011111110011011011111001001010000000011111110111101110010110100100101010000010111001000011110100111010100110001111110001001011000000010010111011100110111110110001101000000111101001111011011111011001001101100111100010010000111110010000000101111100110101001100100101011011110101110111000010111011000110011001100100100111000101100101000111110001110000010011011110101010010001000110001000001100001011011001000001100110101101101101111101110010000001000000011000000010000000000000001;
私钥:1100001000001000000100101111100000001000000001000000000011000000001101000001100000100100101010100001100100100010000110111101110000110100000001000000010000000100000101000000000000010010000010000001001010100000110000100000100000010010100100000000100000000100000000000000101000001000000001000000010000000010011110010000111001100101010101001110111001010001000101010110111010101101100001000101101100010100100010001110110101011011000001001000010001110000001011001000100111011110111111000010010110111110010111000001010000010000000000010110110001101110100111010001010001101111010010110110100000010100000010010110010000111101100111111010010101001000100011010111000111001000111011000011010010111011010001101110110011111110010011000100100010110110010011101010010001000110010000111001010000100101110000111101111111110110011101011100001010101100101100011100010010100111000110100001111000110111110101000000000110000101010011110011101010010011100101110011111100110011011010000011011000001011100110001000100011001010001000100101011101001101100011001111010001000111010001110101110101100000100101011000100010111011001111101110001101011110001010011010011101000000111111101110111000011110100000101101000111110000111101010000000001001111110100001100110010000101110000011011011110010100101011100101110001001111100000101100001110001010001010101000000010111110111011000110000101010100100111001110010100110100100000001100111100010100100111100101010011010011111101011101110110100100100111100110100000101011001100100101100001010101101010010111111111010111010010100101100001001111010000110110110111100110100110101111000111011110110100010110010111010010111011000001001110000011000011111000110110000101000101011011000111101100100010110010110000110101111111000010001010101000101001101000001111110000001010101011110111111110010111000001101111010010000010110101011100110111000110011000101111110000101000001100001000011011111111110001001100110110001111111001101101111100100101000000001111111011110111001011010010010101000001011100100001111010011101010011000111111000100101100000001001011101110011011111011000110100000011110100111101101111101100100110110011110001001000011111001000000010111110011010100110010010101101111010111011100001011101100011001100110010010011100010110010100011111000111000001001101111010101001000100011000100000110000101101100100000110011010110110110111110111001000000100000001100000001000000000000000100000010100000100000000100000000010000100000100110001110111001111000001110101110110000001010101000011001011111101010111110010011100111100100111100001000010010100001100111011000101010111100010010111100000101101001100010000111010110011000101010011100001110101101000111001001010111100010100001110110000011011010101100101111001111111110010110001101100010100001110001001111010010111011010111111101011011000010101001111010000010001100010110001011001001111000000100000100010001111000001011011010011100111000110100111110001111010100011100011101001010100001111010100011001011100010111000100001111100100101011100001001101000101101101101111111110000010000101010001110101111111101110111001111011010101000010100001100110000111001111000101101010110111101010010111000100110011100011000010111101100110110100110011001101111000010111110010101101111001101001100110010000011001110110101001110000110011110100111010100000100111111100001111011100001101100101101000000000010000011101101110101100011101000011000101100100000111101110111001100010010111000101101000011010110111111100000000111000010111101011110001111111011100001000011000000001101011001101011000111101100111011011101011011110110111010100010100010001111111010000011111100011011111011000110100011000001111110010111001011111010010000000101100000001101110101101010111110101000111010101010010111100110101010110011101111101001011110001111000110010001100011111000000110011000101110101000101000101101101001000011100100101110110001011001101000000011101111110111000110000111110101100000110011000111101000001110010000100111101110001111001100011111001110100110111011011100000100111001101000101111111010000011101011000010111011001110000101001101100000001101001010000011101010100111111001101001101111101000110110110101111001010001001011111100110010000001011111001001111000011010111010000100110111110110000000101110001110110011011011100011101101100000000000010010010111111100110001111011010001010000010000000000001000000111000010101110000100001100010100111011111001001001001110111110000001000011110000110111111101010000101010010010101100110011101100001010010000001010000001100000010000000011010010100111001100111110111111101001000110110011101101001000001000111111001000010100110010000101011101101101010010000110101000001001110001101110110110110000000011101000000001000100001100010100101100100001001001000101001011010010011101011101101101101111100011000001000111111100101101101010100110010011000110010101001000100101110110110100010011011011101001000001111000000010111000101100001000101101100011110110110000101001001100001010000100110011011011100011101100111000111110110000100110110000111110011010111011100001111111101101010001110100001101000111100101000110000100011000111011101001010111100000001101011000111101010000001111001110100011011000111100100100010000001001011110000010101100010101001111001100010100011001101010101010101001101011010011110110110111110110111101110001100110111101001110010100010111011101100000010010100000011010001100100000101111100001011111011010001100101111010001110000010100111110111111101110011111101100111010010100110000101101110010001100001000110000101100001010000101010100110110101011110000001010000001100000010000000011000000010111101100110000100010010110010101101110011111010100010000100111111111010001110010100010011000110110011011011011110110111110100101110000000110111100001100001011100001100000001010101111111110100111101101010101111111000010000101110100111110001110110110011101111010001111100010111110000111101100000101001111110011101011000100100000001101011000101100010110000010101011100111011000000000111101110000101111111101001100011100001001010000100010111011111100100110000001100100010000011000100110001010010000101111010110011111011010010011001100110000001011001110000010001011101100011101001010111111111011100010011100001111000101010010010110100101000000000010010001100101000011001110000001000111011100111100010111010111011101100101100010010000000011110110111101011101001101011010101010000110111010000001000011100100110000000000011001111101000000100000000001100011001010000111000100001100100011010000001100000100110001100110100000011000100111010001111110010101000101100101010110010111110111011011101001111010011001011010000101110000001010000001100000000001101101011001111100000000010011100100010101101001110100001000111100001000001101000100100000000111110111001001111010110010000000001010010011000010100000010100100110001011001111010000101110001011101010001010010100001101000000100101001110111100101111101101101110100001100101101101111010011000010101010101010000001000011000000111110111000100101101111100101111010101100001001001101011110111100110100111001010010010010111001010100011111101010001101101010111110000100110101100101000111101101101111000111011110111101100000101001100101101011100110010001101100011111111111001010000100000110110110110111101000111101101010000101011101001011001110111101010011101100101111101101111110111111111110101000010000010000010111011101101100111100001011101110001011001001110100011110110101001010110001101101100101010000011001010001001011010010110100100100101110110101100100010000010110001110101100000110111111010111101010010110110101000011101111100101000001010101010110111011001000011001000100101001010011101111100000110001100011110001011010011000000101000000110000001000000001001111111111110011110000001001101011101011101001000100110010101110100100001010111000010001011100010111010101010011011001011010100001111010101101111100011100010110001111000001011011100000011001011000010110001100100111110100110011010101000000100101010000001000001111011100000110000111111100100000100000001010100110110000110000111111110010100100101000000110010111111101010111011011101010010001110101010010101010000101101011001100101100011111001111101011011000001011010001001000000011001101111011111011000000011011010001101110000010011100101111110001001001010100000001101101101001110101000110111010011000011111100110011001001100101001010010011000100001001011001000011101110110011001100001101100111011100100111010100000001101101100010101000110100001110011110010101010111110001101010111000100110010110011110110110111001110101100100110010111111100111001110010100000100111111010000100111111011101000110011010000100011101100101001110110100101001001010011010001101000100111010000000011101100010101110010111110000110111110101000110011000000101000000110000001000000001000010010101001110101000111011011111111011100010110011111011001010110101001100010110110001111111010111110010100100101001101111000001111001001100001100010101101101001001101011010100110111010101100011110110110001111000011011011010000100001011110010100100111111011111100110110001110011101010110101101111101101110010101111100000111100110011110010001101100011100010111001111101111101000011011011011110101100111000011110110101001011000111100100110001010101100110111110110000110001101000000110011101010100010100100101000010101110011011111001101011100000111110110100111110001110000101000101001011100110011111110110011111010010110101100101011010100110011011110001011101101011101000100000101100100111101000000000001100100000011000000000000101101010000100111100101001111101001011111100111100011001011011001010101101101111001101011011100110100001000101100111011010101011001111101100100000011100110100010010111100010010100001110010100001101111011011110100010010000011110011010010111100111000110110010100100000111111011000001111001111111。
FPE 加密算法 #
类型:SphereEx:FPE
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| fpe-key-value | String | FPE 算法使用的 KEY (fpe-cipher 配置为 AES 时,KEY 可配置 16、24 或 32 Bytes,fpe-cipher 配置为 SM4 时,KEY 可配置 16 Bytes) |
| fpe-alphabet | String | FPE 算法使用的字典表,规定了输出密文的范围 |
| fpe-cipher | String | FPE 算法内部使用的算法类型,可选类型:AES、SM4,默认值为 AES |
说明:FPE 的配置(fpe-key-value、fpe-alphabet、fpe-cipher)与 key-manager 二选一配置即可。
示例:
fpe-key-value: 1234567890abcdef
fpe-alphabet: 0123456789
fpe-cipher: AES
当配置如上参数时,初始化加密算法的处理流程如下:
将用户配置的 fpe-key-value 参数值使用 String.getBytes(StandardCharsets.UTF_8) 方法转换为字节数组。本示例中会将 1234567890abcdef 转换成 110001001100100011001100110100001101010011011000110111001110000011100100110000011000010110001001100011011001000110010101100110。
模糊加密算法 #
字符摘要算法 #
说明:底层存储节点的字符集需要设置为 utf8 或 utf8mb4
类型:SphereEx:CHAR_TRANSFORM_LIKE
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| key-manager | String | 密钥管理算法的名称 |
脱敏字符摘要算法 #
说明:底层存储节点的字符集需要设置为 utf8 或 utf8mb4
原理:1.先使用配置的脱敏算法对明文数据进行脱敏;2.对步骤1中脱敏后的数据,使用配置的摘要算法进行摘要
类型:SphereEx:COMPLEX_MASK_LIKE
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| like-algorithm-name | String | like 加密算法名称,可选配置,默认为 SphereEx:CHAR_TRANSFORM_LIKE |
| mask-algorithm-name | String | 脱敏算法名称,可选配置,默认为 KEEP_FIRST_N_LAST_M |
说明:其他配置属性,参考具体使用的 like 加密算法和脱敏算法的配置属性。
排序加密算法 #
OPE 加密算法 #
类型:SphereEx:FASTOPE
说明:该算法也可以直接当成标准算法使用,无需配置 orderQuery 列,也可以实现排序、比较、范围查询。
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| alpha-key | String | OPE 算法使用的随机 double,可以使用 java.security.SecureRandom#nextDouble 生成,取值范围 0.8-1 |
| factor-e-key | String | OPE 算法使用的随机 double,可以使用 java.security.SecureRandom#nextDouble 生成,取值范围 0-1 |
| factor-k-key | String | OPE 算法使用的随机 long,可以使用 java.security.SecureRandom#nextLong 生成 |
查询辅助算法 #
MD5 加密算法 #
类型:MD5
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| salt | String | 盐值(可选) |
SHA256 加密算法 #
类型:SphereEx:SHA
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| key-manager | String | 密钥管理算法的名称 |
SM3 加密算法 #
类型:SM3
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| sm3-salt | String | SM3 使用的 SALT(空 或 8 Bytes) |
| key-manager | String | 密钥管理算法的名称 |
说明:sm3-salt 与 key-manager 二选一配置即可。
密钥管理 #
内置加密算法(AES、RC4、SM3、SM4)可以使用密钥管理功能统一管理密钥配置,支持本地密钥管理和云端密钥管理功能。
本地密钥管理 #
类型:LOCAL
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| aes-key-value | String | SphereEx:AES 使用的 KEY |
| rc4-key-value | String | SphereEx:RC4 使用的 KEY |
| sm3-salt | String | SM3 使用的 SALT(空 或 8 Bytes) |
| sm4-key | String | SM4 使用的 KEY (16 Bytes) |
| sm4-mode | String | SM4 使用的 MODE (CBC 或 ECB) |
| sm4-iv | String | SM4 使用的 IV (MODE为CBC时需指定,16 Bytes) |
| sm4-padding | String | SM4 使用的 PADDING (PKCS5Padding 或 PKCS7Padding,暂不支持NoPadding) |
AWS 云端密钥管理 #
类型:SphereEx:AWS_KMS
可配置属性:
| 名称 | 数据类型 | 说明 |
|---|---|---|
| access-key | String | aws access key 配置 |
| secret-key | String | aws secret key 配置 |
| aws-region | String | aws region 配置 |
| secret-name | String | aws secret name 配置 |