为Java中的文件加密性能提供建议 [英] Advise on file encryption performance in Java

问题描述

我正在做一些文件加密相关的工作.我能够加密/解密文件，但是面临主要的性能问题.当我简单地读写700 MB大小的视频文件时，我的代码的执行速度约为27-28 MB/s.但是，当我执行加密时(我目前正在使用PBEWithMD5AndDES，稍后将对其进行更改)，代码显示的速度为9 MB/s.请告知我在哪些方面可以改进.

I am doing some file encryption related work. I am able to encrypt/decrypt the files but facing a major performance issue. When I simply read/write a video file of 700 MB size, my code performs at around 27-28 MB/s. But when I perform encryption(I am currently using PBEWithMD5AndDES, which I would be changing later) code shows speeds at 9 MB/s. Please advise as to where can I improve.

代码段:

    int c = 0, BUF_SIZE = 8192;
    byte[] b = new byte[BUF_SIZE];
    FileInputStream fis;
    DataInputStream dis;
    FileOutputStream fos;
    DataOutputStream dos;
    CipherOutputStream cos;


    try {
        // Create PBE parameter set
        pbeParamSpec = new PBEParameterSpec(salt, iterationCount);

        // Create PBE Cipher
        Cipher pbeCipher = Cipher.getInstance(algorithm);

        // get key
        key = generateKeyFromPassword(password);

        // Initialize PBE Cipher with key and parameters
        pbeCipher.init(Cipher.ENCRYPT_MODE, key, pbeParamSpec);

        fis = new FileInputStream(inFile);
        dis = new DataInputStream(fis);
        fos = new FileOutputStream(outFile);
        dos = new DataOutputStream(fos);
        cos = new CipherOutputStream(fos, pbeCipher);


        while ((c = dis.read(b)) > 0) {
            cos.write(b);
            //dos.write(b);
        }

        fis.close();
        dis.close();
        //dos.close();
        cos.close();


    } catch (Exception e) {
        e.printStackTrace();
    }

未加密的统计信息:
速度约为27.97 MB/s
确切时间= 25.02秒
文件大小= 700 MB

Stats without encryption:
Speed is around 27.97 MB/s
Exact Time = 25.02 sec
File Size = 700 MB

加密状态:
速度约为9.69 MB/s
确切时间= 72.171秒
文件大小= 700 MB

Stats with encryption:
Speed is around 9.69 MB/s
Exact Time = 72.171 sec
File Size = 700 MB

推荐答案

首先:如果有可能，请不要自己做.加密非常(非常！)很容易以导致结果不安全的方式弄乱.尽可能使用外部组件或库来进行尽可能多的加密工作.

Firstly: if at all possible, don't do this yourself. Encryption is very (very!) easy to mess up in ways that lead to the results being insecure. If at all possible, use an external component or library to do as much of the encryption work as is practical.

第二，如果您现在要自己进行操作，请不要使用DES.DES不再是足够强大的密码.Triple-DES可以，但是您真正想要使用的是AES.它被认为是安全的，在设计时会考虑使用现代CPU，您可以选择密钥长度来平衡安全性和性能，而现代CPU具有针对AES(AES-NI)的硬件加速.(我不知道Java是否使用此功能，但如果不使用，肯定会在将来开始，而Triple-DES的使用机会为零.)

Secondly, if you're going to do this yourself as now, don't use DES. DES is no longer a strong-enough cipher. Triple-DES is OK, but what you really want to be using is AES. It's regarded as secure, modern CPUs were kept in mind during its design, you get a choice of key lengths to balance security against performance and modern CPUs have hardware acceleration for AES (AES-NI). (I don't know whether Java uses this, but if it doesn't, it certainly might start to in future, whereas the chances of that for Triple-DES are zero.)

第三，您一次要读写一个字节.尽管无论如何加密都会占用大量CPU，但按目前的方式进行加密会比所需的速度慢.通过大约4kB的 byte [] 进行读写应该会看到更好的性能.

Thirdly, you're reading and writing a byte at a time. Whilst encryption is going to be CPU-intensive in any event, doing it as you are at the moment is going to be slower than necessary. Reading and writing via a byte[] of 4kB or so should see much better performance.

这篇关于为Java中的文件加密性能提供建议的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！