RSA加密解密
一、简介
RSA加密算法是一种非对称加密算法,基于公钥加密私钥解密和私钥加密公钥解密两种使用方式。
RSA算法基于一个十分简单的数论事实:将两个大质数相乘十分容易,但是想要对其乘积进行因式分解却极其困难,因此可以将乘积公开作为加***。
其中:E(Encryption), D(Decryption), N(Number)都是整数
二、安全性
RSA是目前最有影响力和最常用的公钥加密算法,它能够抵抗到目前为止已知的绝大多数密码攻击,已被ISO推荐为公钥数据加密标准。
对极大整数做因数分解的难度决定了RSA算法的可靠性。换言之,对一极大整数做因数分解愈困难,RSA算法愈可靠。
三、缺点:运算速度慢
四、常用解决方案
1、结合Base64来解决密文太长的问题
2、结合数字签名sign,来解决中间人窃取信息的攻击行为
五、Demo
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
/**
* RSA 工具类
**/
public class RsaUtil {
private static Logger logger = LoggerFactory.getLogger(RsaUtil.class);
/**
* 加密
*/
public static byte[] encrypt(byte[] data, Key key) {
if (data == null || data.length == 0 || key == null) {
return null;
}
// 1024 位**最多支持 117 字节明文加密,超过则分段加密
if (data.length > 117) {
return segmentEncrypt(data, key);
}
try {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher.doFinal(data);
} catch (Exception e) {
logger.error("encrypt error", e);
return null;
}
}
/**
* 分段加密
*/
private static byte[] segmentEncrypt(byte[] data, Key key) {
if (data == null || data.length == 0 || key == null) {
return null;
}
try {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, key);
ByteArrayOutputStream output = new ByteArrayOutputStream();
int length = data.length;
int offset = 0;
byte[] cache;
while (length > offset) {
if (length - offset > 117) {
cache = cipher.doFinal(data, offset, 117);
} else {
cache = cipher.doFinal(data, offset, length - offset);
}
output.write(cache, 0, cache.length);
offset += 117;
}
return output.toByteArray();
} catch (Exception e) {
logger.error("encrypt error", e);
return null;
}
}
/**
* 解密
*/
public static byte[] decrypt(byte[] data, Key key) {
if (data == null || data.length == 0 || key == null) {
return null;
}
// 1024 位**最多支持 128 字节密文解密,超过则分段解密
if (data.length > 128) {
return segmentDecrypt(data, key);
}
try {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, key);
return cipher.doFinal(data);
} catch (Exception e) {
logger.error("decrypt error", e);
return null;
}
}
/**
* 分段解密
*/
private static byte[] segmentDecrypt(byte[] data, Key key) {
if (data == null || data.length == 0 || key == null) {
return null;
}
try {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, key);
ByteArrayOutputStream output = new ByteArrayOutputStream();
int length = data.length;
int offset = 0;
byte[] cache;
while (length > offset) {
if (length - offset > 128) {
cache = cipher.doFinal(data, offset, 128);
} else {
cache = cipher.doFinal(data, offset, length - offset);
}
output.write(cache, 0, cache.length);
offset += 128;
}
return output.toByteArray();
} catch (Exception e) {
logger.error("decrypt error", e);
return null;
}
}
/**
* 使用私钥签名
*/
public static byte[] signWithSha1(byte[] data, PrivateKey privateKey) {
try {
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
} catch (Exception e) {
logger.error("sign error", e);
return null;
}
}
/**
* 使用公钥验签
*/
public static boolean verifyWithSha1(byte[] data, byte[] sign, PublicKey publicKey) {
try {
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
} catch (Exception e) {
logger.error("verify error", e);
return false;
}
}
/**
* 使用私钥签名
*/
public static byte[] signWithSha256(byte[] data, PrivateKey privateKey) {
try {
Signature signature = Signature.getInstance("SHA256WithRSA");
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
} catch (Exception e) {
logger.error("sign error", e);
return null;
}
}
/**
* 使用公钥验签
*/
public static boolean verifyWithSha256(byte[] data, byte[] sign, PublicKey publicKey) {
try {
Signature signature = Signature.getInstance("SHA256WithRSA");
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
} catch (Exception e) {
logger.error("verify error", e);
return false;
}
}
/**
* 使用私钥签名
*/
public static byte[] signWithMd5(byte[] data, PrivateKey privateKey) {
try {
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
} catch (Exception e) {
logger.error("sign error", e);
return null;
}
}
/**
* 使用公钥验签
*/
public static boolean verifyWithMd5(byte[] data, byte[] sign, PublicKey publicKey) {
try {
Signature signature = Signature.getInstance("MD5withRSA");
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
} catch (Exception e) {
logger.error("verify error", e);
return false;
}
}
/**
* 获取公钥
*/
public static PublicKey getPublicKey(String base64PublicKey) {
try {
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64Util.decode(base64PublicKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePublic(keySpec);
} catch (Exception e) {
logger.error("getPublicKey error", e);
return null;
}
}
/**
* 获取私钥
*/
public static PrivateKey getPrivateKey(String base64PrivateKey) {
try {
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64Util.decode(base64PrivateKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return keyFactory.generatePrivate(keySpec);
} catch (Exception e) {
logger.error("getPrivateKey error", e);
return null;
}
}
/**
* 生成并打印公私**对
*/
private static void generateAndPrintKeyPair() {
KeyPair keyPair = generateKeyPair();
if (keyPair == null) {
return;
}
PublicKey publicKey = keyPair.getPublic();
System.out.println("========== public key start ==========");
System.out.println(Base64Util.encode(publicKey.getEncoded()));
System.out.println("========== public key end ==========");
PrivateKey privateKey = keyPair.getPrivate();
System.out.println("========== private key start ==========");
System.out.println(Base64Util.encode(privateKey.getEncoded()));
System.out.println("========== private key end ==========");
}
/**
* 生成公私**对
*/
private static KeyPair generateKeyPair() {
// 加密算法:RSA
KeyPairGenerator keyPairGenerator;
try {
keyPairGenerator = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
logger.error("generateKeyPair error", e);
return null;
}
// **长度:1024 位
keyPairGenerator.initialize(1024, new SecureRandom());
// 生成公私**对(公钥:x.509 格式,私钥:pkcs8 格式)
return keyPairGenerator.generateKeyPair();
}
/**
* 使用 openssl 生成公私**对
* 1 生成私钥
* openssl genrsa -out rsa_private_key_pkcs1.pem 1024
* 2 根据私钥生成公钥
* openssl rsa -in rsa_private_key_pkcs1.pem -pubout -out rsa_public_key.pub
* 3 将私钥转换成 pkcs8 格式
* openssl pkcs8 -topk8 -inform PEM -in rsa_private_key_pkcs1.pem -outform PEM -nocrypt > rsa_private_key.pem
*/
/**
* 测试
*/
public static void main(String[] args) {
// 生成并打印公私**对
// RsaUtil.generateAndPrintKeyPair();
String base64PublicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD1w+Nmz1R6xOYeXlPk5GoIomhhaqoTs0DZkAxM\n" +
"CWUazLOI/gX4vydfqtJjapXy4xATAheHQB5DmGpqrjCCy78BC572dZP7qNhWtE5RPswKLWj37CSm\n" +
"25KMCeC6+0pQq9SWvICJJw0trxbcvsJ6O9Xn16HimENZY8HnMl/n0+j3PwIDAQAB";
String base64PrivateKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAPXD42bPVHrE5h5eU+TkagiiaGFq\n" +
"qhOzQNmQDEwJZRrMs4j+Bfi/J1+q0mNqlfLjEBMCF4dAHkOYamquMILLvwELnvZ1k/uo2Fa0TlE+\n" +
"zAotaPfsJKbbkowJ4Lr7SlCr1Ja8gIknDS2vFty+wno71efXoeKYQ1ljwecyX+fT6Pc/AgMBAAEC\n" +
"gYEAq6k3nQgUKex+D5gzYR1qMr29ys2GHlyGX3COJk4poJ56iKVl5mkeR2Q5r9czBYQ0JhK//Gh8\n" +
"uxoqunkQyUsnDWV2wcUjks1NTpLuMH2NHauExdPfaUOs2mCBrSA8pYD7vYVwNklgW9s1lfLNURXf\n" +
"ciIG6vey83a5+vT5diKRboECQQD8vwazx3mwflNLzWXblXfZS25Uj/fYYTBoLv8XBAILDq2ssTm4\n" +
"HuzbZc6khlYmcolkm7us+rgeEXYqZhXOzNETAkEA+O3a14MuCKLfWMX6caH5Lm5UZKNI5kG+V4m/\n" +
"/z4h5tQOdRzppFAGVRILSB6XUJ7T7WGG8CCSAbMG6ieSVT2ypQJBANcXRn/myXPe/corwXxOxlDh\n" +
"NcK3RqgZhdWT8TjIC2kXk8u8gy9i+hV4nZQ8UsKjhLNfKSd7swa7u4E3oWV9vosCQQCHCYEOKDtw\n" +
"s+o1XjDeM9/ZMEDX1zxUrJV1J2TgMfRyI9cz8NtOJ5tHyuIT3YR4V7DftWheG00ZXuUBYTYgx7eB\n" +
"AkBVRpMZEZblnGjER1ReUIe1UgjyLCHxeXlJzTtH6CAsS/AotlHYPwx6JDu6z7q9KJ/gDjan9d3P\n" +
"9Qs5ONf/qK1x";
// 获取公私**
PublicKey publicKey = RsaUtil.getPublicKey(base64PublicKey);
PrivateKey privateKey = RsaUtil.getPrivateKey(base64PrivateKey);
byte[] data = "明文数据:hello word".getBytes(Charset.forName("UTF-8"));
System.out.println("========== 使用公钥加密私钥解密 ==========");
// 使用公钥加密
byte[] encryptBytes = RsaUtil.encrypt(data, publicKey);
System.out.println(Base64Util.encode(encryptBytes));
// 使用私钥解密
byte[] decryptBytes = RsaUtil.decrypt(encryptBytes, privateKey);
System.out.println(new String(decryptBytes, Charset.forName("UTF-8")));
System.out.println("========== 使用私钥加密公钥解密 ==========");
// 使用私钥加密
encryptBytes = RsaUtil.encrypt(data, privateKey);
System.out.println(Base64Util.encode(encryptBytes));
// 使用公钥解密
decryptBytes = RsaUtil.decrypt(encryptBytes, publicKey);
System.out.println(new String(decryptBytes, Charset.forName("UTF-8")));
}
}
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
/**
* BASE64 工具类
**/
public class Base64Util {
private static Logger logger = LoggerFactory.getLogger(Base64Util.class);
/**
* BASE64 编码
*/
public static String encode(byte[] data) {
if (data == null || data.length == 0) {
return null;
}
BASE64Encoder base64Encoder = new BASE64Encoder();
return base64Encoder.encodeBuffer(data);
}
/**
* BASE64 解码
*/
public static byte[] decode(String data) {
if (data == null || data.length() == 0) {
return null;
}
BASE64Decoder base64Decoder = new BASE64Decoder();
try {
return base64Decoder.decodeBuffer(data);
} catch (IOException e) {
logger.error("decode error", e);
return null;
}
}
/**
* 测试
*/
public static void main(String[] args) {
byte[] data = "hello world".getBytes(StandardCharsets.UTF_8);
// 编码
String encodeString = Base64Util.encode(data);
System.out.println(encodeString);
// 解码
byte[] decodeBytes = Base64Util.decode(encodeString);
System.out.println(new String(decodeBytes, StandardCharsets.UTF_8));
}
}
参考:
https://blog.csdn.net/zcjcsl/article/details/79028265
https://github.com/fengquanwei/muse/tree/master/muse-util/src/main/java/com/fengquanwei/muse/util