前言
最近项目中需要利用RSA进行加解密,RSA是目前最流行的,也是最为安全的一种加密方式,RSA利用公钥和私钥来作为密钥,可以私钥加密公钥解密,也可以私钥解密公钥加密。
坑点:
当服务器端给到我私钥的时候(利用openssL生成),我无论怎么去解析私钥,都会抛出私钥非法,后来发现在生成私钥的时候并没有转换成PCK8标准的,由于后台是php,php中是不需要转换的,所以在这点上花了些时间踩坑。
RSATools.java工具类:
public class RSATools {
//密钥对
static String privateKeyWubo ="MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJh2onB7uwPvO/Ir80erf8m5zotww/NvOH7TYEYkhrmSK18XHeHoxUlBiXd+NoSPYR+E8dQHmNNfiVVRFDxf5nOJ6hwCXFMwJIr0o9DNLAj79+zboW9AGEi6rhB7qeGp1hWH6WTDVInw/rjXCdUxkXuaFkzzesZz471UrHOy5MPNAgMBAAECgYA9x3SzF7AEPCCSVPTTic7SMxRatGrybZL68TQFuC9PasdgVMGrFOM8d+34GZCFzoOQfhJv1FQ88m13wM7uV/3NG2CVVG2LAu3tqJ3WbguH78VRL43wuxX5xdkotnTeLudFmk9Fwaj1WcbfYxMXaNByeW2ETdGcDMRdXr1dmqR9gQJBAMqUrdH4RfFhzl/C5ggdb8Vvmb2jZABDm+MVZYbf0mib6V6arS9oFtb+6ue8b/dXIyancqvrS5OxFvH7L5WHHIUCQQDAqsHHBGPE8MWKoGB0wZM0UpASeKl9YpFZvyohgPGQ1vPjFMyfY2q1KaF+ruPISM/4CoC2BDjCz6VQgRnuEjCpAkAMuRHBoioiYtYnRYJU+CRQ7hVlx6E8MwLTXECoG96HG2OowWYnGA53KkNuknMlwZ8/ijy1d22jtPeP8wqmBXpRAkEAnCMF7PoivHx/Kmv0H0qsuA9c0ItWl9Vkg73HL+WmXsHEXjgB5/2SgYReayLiV/KiD5q7WkarlTzf9RDa6bN2GQJAOB8h9ICVJfn3C/LkXCgTwVgxTmPVFdx1dpZHZL/zdl/0LCYkBxY2GPdXEfgo/t7139rw+T9vomxT5erxeFZ/5g==";
/**
* 私钥
*/
private RSAPrivateKey privateKey;
/**
* 公钥
*/
private RSAPublicKey publicKey;
/**
* 字节数据转字符串专用集合
*/
private static final char[] HEX_CHAR= {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
/**
* 获取私钥
* @return 当前的私钥对象
*/
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
/**
* 获取公钥
* @return 当前的公钥对象
*/
public RSAPublicKey getPublicKey() {
return publicKey;
}
/**
* 随机生成密钥对
*/
public void genKeyPair(){
KeyPairGenerator keyPairGen= null;
try {
keyPairGen= KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
keyPairGen.initialize(, new SecureRandom());
KeyPair keyPair= keyPairGen.generateKeyPair();
this.privateKey= (RSAPrivateKey) keyPair.getPrivate();
this.publicKey= (RSAPublicKey) keyPair.getPublic();
}
/**
* 从文件中输入流中加载公钥
* @param in 公钥输入流
* @throws Exception 加载公钥时产生的异常
*/
public void loadPublicKey(InputStream in) throws Exception{
try {
BufferedReader br= new BufferedReader(new InputStreamReader(in));
String readLine= null;
StringBuilder sb= new StringBuilder();
while((readLine= br.readLine())!=null){
if(readLine.charAt()=='-'){
continue;
}else{
sb.append(readLine);
sb.append('\r');
}
}
loadPublicKey(sb.toString());
} catch (IOException e) {
throw new Exception("公钥数据流读取错误");
} catch (NullPointerException e) {
throw new Exception("公钥输入流为空");
}
}
/**
* 从字符串中加载公钥
* @param publicKeyStr 公钥数据字符串
* @throws Exception 加载公钥时产生的异常
*/
public void loadPublicKey(String publicKeyStr) throws Exception{
try {
BASE64Decoder base64Decoder= new BASE64Decoder();
byte[] buffer= base64Decoder.decodeBuffer(publicKeyStr);
KeyFactory keyFactory= KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec= new X509EncodedKeySpec(buffer);
this.publicKey= (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此算法");
} catch (InvalidKeySpecException e) {
throw new Exception("公钥非法");
} catch (IOException e) {
throw new Exception("公钥数据内容读取错误");
} catch (NullPointerException e) {
throw new Exception("公钥数据为空");
}
}
/**
* 从文件中加载私钥
* @param keyFileName 私钥文件名
* @return 是否成功
* @throws Exception
*/
public void loadPrivateKey(InputStream in) throws Exception{
try {
BufferedReader br= new BufferedReader(new InputStreamReader(in));
String readLine= null;
StringBuilder sb= new StringBuilder();
while((readLine= br.readLine())!=null){
if(readLine.charAt()=='-'){
continue;
}else{
sb.append(readLine);
sb.append('\r');
}
}
loadPrivateKey(sb.toString());
} catch (IOException e) {
throw new Exception("私钥数据读取错误");
} catch (NullPointerException e) {
throw new Exception("私钥输入流为空");
}
}
public void loadPrivateKey(String privateKeyStr) throws Exception{
try {
BASE64Decoder base64Decoder= new BASE64Decoder();
byte[] buffer= base64Decoder.decodeBuffer(privateKeyStr);
PKCS8EncodedKeySpec keySpec= new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory= KeyFactory.getInstance("RSA");
this.privateKey= (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此算法");
} catch (InvalidKeySpecException e) {
throw new Exception("私钥非法");
} catch (IOException e) {
throw new Exception("私钥数据内容读取错误");
} catch (NullPointerException e) {
throw new Exception("私钥数据为空");
}
}
/**
* 私钥加密过程
* @param rsaPrivateKey 私钥
* @param plainTextData 明文数据
* @return
* @throws Exception 加密过程中的异常信息
*/
public byte[] encrypt(RSAPrivateKey rsaPrivateKey,byte[] plainTextData)throws Exception{
if (privateKey== null){
try {
throw new Exception("解密私钥为空, 请设置");
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
try {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(rsaPrivateKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
byte[] result = cipher.doFinal(plainTextData);
return result;
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此加密算法");
} catch (InvalidKeySpecException e) {
throw new Exception("加密公钥非法,请检查");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (IllegalBlockSizeException e) {
throw new Exception("明文长度非法");
} catch (BadPaddingException e) {
throw new Exception("明文数据已损坏");
}
return null;
}
/**
* 解密过程
* @param rsaPublicKey 公钥
* @param cipherData 密文数据
* @return 明文
* @throws Exception 解密过程中的异常信息
*/
//公钥解密
public String decrypt(RSAPublicKey rsaPublicKey,byte[] cipherData) throws Exception{
try {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(rsaPublicKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, publicKey);
byte[] result = cipher.doFinal(cipherData);
return new String(result);
} catch (InvalidKeyException e) {
throw new Exception("解密私钥非法,请检查");
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此解密算法");
} catch (InvalidKeySpecException e) {
throw new Exception("解密私钥非法,请检查");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (IllegalBlockSizeException e) {
throw new Exception("密文长度非法");
} catch (BadPaddingException e) {
throw new Exception("密文数据已损坏");
}
}
/**
* 加密过程
* @param publicKey 公钥
* @param plainTextData 明文数据
* @return
* @throws Exception 加密过程中的异常信息
*/
public byte[] gonyaoEncrypt(RSAPublicKey publicKey, byte[] plainTextData) throws Exception{
if(publicKey== null){
throw new Exception("加密公钥为空, 请设置");
}
Cipher cipher= null;
try {
cipher= Cipher.getInstance("RSA/ECB/PKCS1Padding", new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] output= cipher.doFinal(plainTextData);
return output;
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此加密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
}catch (InvalidKeyException e) {
throw new Exception("加密公钥非法,请检查");
} catch (IllegalBlockSizeException e) {
throw new Exception("明文长度非法");
} catch (BadPaddingException e) {
throw new Exception("明文数据已损坏");
}
}
/**
* 解密过程
* @param privateKey 私钥
* @param cipherData 密文数据
* @return 明文
* @throws Exception 解密过程中的异常信息
*/
public byte[] siyaoDecrypt(RSAPrivateKey privateKey, byte[] cipherData) throws Exception{
if (privateKey== null){
throw new Exception("解密私钥为空, 请设置");
}
Cipher cipher= null;
try {
cipher= Cipher.getInstance("RSA/ECB/PKCS1Padding", new BouncyCastleProvider());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] output= cipher.doFinal(cipherData);
return output;
} catch (NoSuchAlgorithmException e) {
throw new Exception("无此解密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
}catch (InvalidKeyException e) {
throw new Exception("解密私钥非法,请检查");
} catch (IllegalBlockSizeException e) {
throw new Exception("密文长度非法");
} catch (BadPaddingException e) {
throw new Exception("密文数据已损坏");
}
}
/**
* 字节数据转十六进制字符串
* @param data 输入数据
* @return 十六进制内容
*/
public static String byteArrayToString(byte[] data){
StringBuilder stringBuilder= new StringBuilder();
for (int i=; i<data.length; i++){
//取出字节的高四位 作为索引得到相应的十六进制标识符 注意无符号右移
stringBuilder.append(HEX_CHAR[(data[i] & )>>> ]);
//取出字节的低四位 作为索引得到相应的十六进制标识符
stringBuilder.append(HEX_CHAR[(data[i] & )]);
if (i<data.length-){
stringBuilder.append(' ');
}
}
return stringBuilder.toString();
}
}
测试函数:
public static void main(String[] args){
RSATools rsaEncrypt= new RSATools();
//加载公钥
try {
// rsaEncrypt.loadPublicKey(new FileInputStream("rsa_public_key.pem"));
rsaEncrypt.loadPublicKey(publicKeyWubo);
System.out.println("加载公钥成功");
} catch (Exception e) {
System.err.println(e.getMessage());
System.err.println("加载公钥失败");
}
//加载私钥
try {
// rsaEncrypt.loadPrivateKey(new FileInputStream("rsa_private_key.pem"));
rsaEncrypt.loadPrivateKey(privateKeyWubo);
System.out.println("加载私钥成功");
} catch (Exception e) {
System.err.println(e.getMessage());
System.err.println("加载私钥失败");
}
//测试字符串
String encryptStr= "test";
System.out.println("加密前:");
System.out.println(encryptStr);
try {
//加密
byte[] enResult = rsaEncrypt.siyaoEncrypt(rsaEncrypt.getPrivateKey(), encryptStr.getBytes());
//解密
String result = rsaEncrypt.gongyaoDecrypt(rsaEncrypt.getPublicKey(), enResult);
System.out.println("加密后:"+com.yctc.test.Base64.encode(enResult));
System.out.println("解密后:"+result);
} catch (Exception e) {
System.err.println(e.getMessage());
}
}
无论是公钥加密私钥解密,还是公钥解密私钥加密,都是一样的,关键在于私钥加密就必须要公钥解密,公钥加密就必须要私钥解密。
![一张图了解RSA加解密与加验签[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)