Class OpenCrypto

java.lang.Object
cloud.opencode.base.crypto.OpenCrypto
public final class OpenCrypto extends Object
Main facade class for cryptographic operations - Provides simplified access to all crypto features 加密操作的主门面类 - 提供对所有加密功能的简化访问

Features | 主要功能:

  • Unified access to all cryptographic operations - 统一访问所有加密操作
  • Digest/hash computation (SHA-2, SHA-3, SM3, BLAKE) - 摘要/哈希计算(SHA-2、SHA-3、SM3、BLAKE)
  • Symmetric encryption (AES-GCM, ChaCha20, SM4) - 对称加密(AES-GCM、ChaCha20、SM4)
  • Asymmetric encryption (RSA-OAEP, SM2) - 非对称加密(RSA-OAEP、SM2)
  • Digital signatures (Ed25519, ECDSA, RSA-PSS) - 数字签名(Ed25519、ECDSA、RSA-PSS)
  • Password hashing (Argon2, BCrypt, SCrypt) - 密码哈希(Argon2、BCrypt、SCrypt)

Usage Examples | 使用示例:

// SHA-256 digest
String hash = OpenCrypto.sha256().digestHex("data");

// AES-GCM encryption
AeadCipher aes = OpenCrypto.aesGcm();
byte[] encrypted = aes.encrypt(data, key);

// Digital signature
OpenSign signer = OpenCrypto.ed25519().withGeneratedKeyPair();
byte[] sig = signer.sign("message");

Security | 安全性:

  • Thread-safe: Yes - 线程安全: 是
  • Null-safe: Partial - 空值安全: 部分
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Details

    • sha256

      public static OpenDigest sha256()
      SHA-256 digester SHA-256 摘要器
      Returns:
      OpenDigest instance for SHA-256

    • sha384

      public static OpenDigest sha384()
      SHA-384 digester SHA-384 摘要器
      Returns:
      OpenDigest instance for SHA-384

    • sha512

      public static OpenDigest sha512()
      SHA-512 digester SHA-512 摘要器
      Returns:
      OpenDigest instance for SHA-512

    • sha3_256

      public static OpenDigest sha3_256()
      SHA3-256 digester SHA3-256 摘要器
      Returns:
      OpenDigest instance for SHA3-256

    • sha3_512

      public static OpenDigest sha3_512()
      SHA3-512 digester SHA3-512 摘要器
      Returns:
      OpenDigest instance for SHA3-512

    • sm3

      public static OpenDigest sm3()
      SM3 digester (requires Bouncy Castle) SM3 摘要器(需要 Bouncy Castle)
      Returns:
      OpenDigest instance for SM3

    • blake2b

      public static OpenDigest blake2b()
      BLAKE2b digester (requires Bouncy Castle) BLAKE2b 摘要器(需要 Bouncy Castle)
      Returns:
      OpenDigest instance for BLAKE2b-256

    • blake3

      public static OpenDigest blake3()
      BLAKE3 digester (requires Bouncy Castle) BLAKE3 摘要器(需要 Bouncy Castle)
      Returns:
      OpenDigest instance for BLAKE3

    • digester

      public static OpenDigest digester(DigestAlgorithm algorithm)
      Custom digester by algorithm 自定义摘要器
      Parameters:
      algorithm - digest algorithm
      Returns:
      OpenDigest instance

    • aesGcm

      public static AeadCipher aesGcm()
      AES-GCM cipher (recommended) AES-GCM 加密(推荐)
      Returns:
      AES-GCM cipher instance

    • aesGcm256

      public static AeadCipher aesGcm256()
      AES-256-GCM cipher AES-256-GCM 加密
      Returns:
      AES-256-GCM cipher instance

    • aesCbc

      public static OpenSymmetric aesCbc()
      AES-CBC cipher AES-CBC 加密
      Returns:
      OpenSymmetric instance for AES-CBC

    • chacha20Poly1305

      public static AeadCipher chacha20Poly1305()
      ChaCha20-Poly1305 cipher ChaCha20-Poly1305 加密
      Returns:
      ChaCha20-Poly1305 cipher instance

    • sm4Gcm

      public static AeadCipher sm4Gcm()
      SM4-GCM cipher (requires Bouncy Castle) SM4-GCM 加密(需要 Bouncy Castle)

      SM4 is the Chinese national cryptographic standard (GB/T 32907-2016). SM4 是中国国家密码标准(GB/T 32907-2016)。

      Returns:
      SM4-GCM cipher instance / SM4-GCM 加密实例

    • sm4Cbc

      public static Sm4Cipher sm4Cbc()
      SM4-CBC cipher (requires Bouncy Castle) SM4-CBC 加密(需要 Bouncy Castle)
      Returns:
      SM4-CBC cipher instance / SM4-CBC 加密实例

    • symmetric

      public static OpenSymmetric symmetric(SymmetricAlgorithm algorithm)
      Custom symmetric cipher 自定义对称加密
      Parameters:
      algorithm - symmetric algorithm
      Returns:
      OpenSymmetric instance

    • rsaOaep

      public static OpenAsymmetric rsaOaep()
      RSA-OAEP-SHA256 cipher (recommended) RSA-OAEP-SHA256 加密(推荐)
      Returns:
      OpenAsymmetric instance for RSA-OAEP

    • rsa

      public static OpenAsymmetric rsa()
      RSA-PKCS1 cipher RSA-PKCS1 加密
      Returns:
      OpenAsymmetric instance for RSA

    • sm2

      public static OpenAsymmetric sm2()
      SM2 cipher (requires Bouncy Castle) SM2 加密(需要 Bouncy Castle)
      Returns:
      OpenAsymmetric instance for SM2

    • asymmetric

      public static OpenAsymmetric asymmetric(AsymmetricAlgorithm algorithm)
      Custom asymmetric cipher 自定义非对称加密
      Parameters:
      algorithm - asymmetric algorithm
      Returns:
      OpenAsymmetric instance

    • ed25519

      public static OpenSign ed25519()
      Ed25519 signer (recommended) Ed25519 签名(推荐)
      Returns:
      OpenSign instance for Ed25519

    • ed448

      public static OpenSign ed448()
      Ed448 signer Ed448 签名
      Returns:
      OpenSign instance for Ed448

    • ecdsaP256

      public static OpenSign ecdsaP256()
      ECDSA P-256 signer ECDSA P-256 签名
      Returns:
      OpenSign instance for ECDSA P-256

    • ecdsaP384

      public static OpenSign ecdsaP384()
      ECDSA P-384 signer ECDSA P-384 签名
      Returns:
      OpenSign instance for ECDSA P-384

    • sha1WithRsa

      public static OpenSign sha1WithRsa()
      RSA-SHA1 signer — legacy opt-in, deprecated. Only for interop with payment channels / APIs that still mandate SHA1withRSA (e.g. Braintree legacy signing). Prefer sha256WithRsa() for new work. RSA-SHA1 签名——遗留 opt-in,已不安全。 仅用于仍强制 SHA1withRSA 的支付渠道/外部 API 互通(如 Braintree 旧版)。
      Returns:
      OpenSign instance for RSA-SHA1 | RSA-SHA1 的 OpenSign 实例

    • sha256WithRsa

      public static OpenSign sha256WithRsa()
      RSA-SHA256 signer RSA-SHA256 签名
      Returns:
      OpenSign instance for RSA-SHA256

    • rsaPss

      public static OpenSign rsaPss()
      RSA-PSS-SHA256 signer RSA-PSS-SHA256 签名
      Returns:
      OpenSign instance for RSA-PSS

    • sm2Sign

      public static OpenSign sm2Sign()
      SM2 signer (requires Bouncy Castle) SM2 签名(需要 Bouncy Castle)
      Returns:
      OpenSign instance for SM2

    • signer

      public static OpenSign signer(SignatureAlgorithm algorithm)
      Custom signer 自定义签名器
      Parameters:
      algorithm - signature algorithm
      Returns:
      OpenSign instance

    • argon2

      public static PasswordHash argon2()
      Argon2id password hash (recommended) Argon2id 密码哈希(推荐)
      Returns:
      PasswordHash instance for Argon2id

    • bcrypt

      public static PasswordHash bcrypt()
      BCrypt password hash BCrypt 密码哈希
      Returns:
      PasswordHash instance for BCrypt

    • scrypt

      public static PasswordHash scrypt()
      SCrypt password hash SCrypt 密码哈希
      Returns:
      PasswordHash instance for SCrypt

    • pbkdf2

      public static PasswordHash pbkdf2()
      PBKDF2 password hash PBKDF2 密码哈希
      Returns:
      PasswordHash instance for PBKDF2

    • hmacSha256

      public static Mac hmacSha256(byte[] key)
      HMAC-SHA256 HMAC-SHA256
      Parameters:
      key - secret key
      Returns:
      Mac instance for HMAC-SHA256

    • hmacSha512

      public static Mac hmacSha512(byte[] key)
      HMAC-SHA512 HMAC-SHA512
      Parameters:
      key - secret key
      Returns:
      Mac instance for HMAC-SHA512

    • hmacSha384

      public static Mac hmacSha384(byte[] key)
      HMAC-SHA384 HMAC-SHA384
      Parameters:
      key - secret key | 密钥
      Returns:
      Mac instance for HMAC-SHA384 | HMAC-SHA384 实例

    • hmacSha1

      public static Mac hmacSha1(byte[] key)
      HMAC-SHA1 — legacy opt-in, deprecated. Provided for interop with payment gateways / legacy APIs that still mandate HMAC-SHA1. Prefer hmacSha256(byte[]) for new work. HMAC-SHA1——遗留 opt-in,已不安全。 仅用于仍强制 HMAC-SHA1 的支付渠道/遗留 API 互通,新业务请使用 hmacSha256(byte[])
      Parameters:
      key - secret key | 密钥
      Returns:
      Mac instance for HMAC-SHA1 | HMAC-SHA1 实例

    • hmacMd5

      public static Mac hmacMd5(byte[] key)
      HMAC-MD5 — legacy opt-in, deprecated. HMAC-MD5 is provided for interop with ancient APIs; never pick it for new designs. Prefer hmacSha256(byte[]) for anything new. HMAC-MD5——遗留 opt-in,已不安全。 仅用于古老 API 互通,新业务请使用 hmacSha256(byte[])
      Parameters:
      key - secret key | 密钥
      Returns:
      Mac instance for HMAC-MD5 | HMAC-MD5 实例

    • hmac

      public static Mac hmac(String algorithm, byte[] key)
      Generic HMAC factory for any JCA algorithm name. Use only when no dedicated factory covers the required algorithm. 任意 JCA 算法名的通用 HMAC 工厂。仅在无专门工厂覆盖时使用。
      Parameters:
      algorithm - JCA HMAC algorithm name (e.g. "HmacSHA512/256") | JCA HMAC 算法名
      key - secret key | 密钥
      Returns:
      Mac instance for the given algorithm | 给定算法的 Mac 实例

    • hkdf

      public static Hkdf hkdf()
      HKDF-SHA256 HKDF-SHA256
      Returns:
      Hkdf instance

    • pbkdf2Kdf

      public static Pbkdf2 pbkdf2Kdf()
      PBKDF2-SHA256 KDF PBKDF2-SHA256 密钥派生
      Returns:
      Pbkdf2 instance

    • argon2Kdf

      public static Argon2Kdf argon2Kdf()
      Argon2 KDF (requires Bouncy Castle) Argon2 密钥派生(需要 Bouncy Castle)
      Returns:
      Argon2Kdf instance

    • x25519

      public static KeyExchangeEngine x25519()
      X25519 key exchange (recommended) X25519 密钥协商(推荐)
      Returns:
      KeyExchangeEngine instance for X25519

    • ecdhP256

      public static KeyExchangeEngine ecdhP256()
      ECDH P-256 key exchange ECDH P-256 密钥协商
      Returns:
      KeyExchangeEngine instance for ECDH P-256

    • envelope

      public static EnvelopeCrypto envelope()
      Envelope encryption (RSA + AES-GCM) 信封加密(RSA + AES-GCM)
      Returns:
      EnvelopeCrypto instance

    • hybrid

      public static HybridCrypto hybrid()
      Hybrid encryption (public key encrypts symmetric key) 混合加密(公钥加密对称密钥)
      Returns:
      HybridCrypto instance