Java实现SHA-256加密

package com.utils;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Base64;


/**
 * Author reisen7
 * Date 2025/4/17 22:53
 * Description
 */

public class SaltedHash {

    // 使用盐值和密码生成哈希，并在内部生成盐值
    public static String hashPassword(String password) {
        // 生成随机盐值
        byte[] salt = generateSalt(16); // 生成16字节的盐值

        MessageDigest md = null;
        try {
            md = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
        md.update(salt); // 添加盐值
        md.update(password.getBytes()); // 添加密码
        byte[] hashedPassword = md.digest();

        // 将盐值与哈希密码一起返回
        return Base64.getEncoder().encodeToString(salt) + ":" + Base64.getEncoder().encodeToString(hashedPassword);
    }

    // 生成随机盐值
    private static byte[] generateSalt(int length) {
        SecureRandom sr = new SecureRandom();
        byte[] salt = new byte[length];
        sr.nextBytes(salt);
        return salt;
    }

    // 验证输入的密码
    public static boolean verifyPassword(String inputPassword, String storedSaltedHashedPassword) {
        // 从存储的盐值哈希密码中提取盐值和哈希密码
        String[] parts = storedSaltedHashedPassword.split(":");
        byte[] salt = Base64.getDecoder().decode(parts[0]);
        String storedHashedPassword = parts[1];

        // 使用相同的盐值和输入密码生成哈希
        String hashedInputPassword = null;
        hashedInputPassword = hashPasswordWithSalt(inputPassword, salt);

        // 比较生成的哈希和存储的哈希
        return storedHashedPassword.equals(hashedInputPassword);
    }

    // 使用给定的盐值和密码生成哈希
    private static String hashPasswordWithSalt(String password, byte[] salt) {
        MessageDigest md = null;
        try {
            md = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
        md.update(salt); // 添加盐值
        md.update(password.getBytes()); // 添加密码
        byte[] hashedPassword = md.digest();
        return Base64.getEncoder().encodeToString(hashedPassword); // 返回 Base64 编码的哈希值
    }

    public static void main(String[] args) {
        String password = "123456";

        // 生成盐值哈希密码
        String saltedHashedPassword = hashPassword(password);
        System.out.println("Salted Hashed Password: " + saltedHashedPassword);

        // 验证密码示例
        String passwordToVerify = "123456"; // 用户输入的密码
        boolean isPasswordValid = verifyPassword(passwordToVerify, saltedHashedPassword);
        System.out.println("Password verification: " + isPasswordValid);

        // 测试一个无效的密码
        String wrongPassword = "wrongPassword";
        boolean isWrongPasswordValid = verifyPassword(wrongPassword, saltedHashedPassword);
        System.out.println("Wrong password verification: " + isWrongPasswordValid);

    }
}