Java中使用OpenSSL生成的RSA公私鑰進行資料加解密
阿新 • • 發佈:2020-10-18
參考自:https://www.cnblogs.com/yaowen/p/9226566.html
:https://www.cnblogs.com/wjqhuaxia/p/13829680.html
1.使用openssl生成RSA私鑰及證書
生成 RSA 私鑰和自簽名證書,命令如下:
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.pem -x509 -days 365 -out cert.crt
req是證書請求的子命令,-newkey rsa:2048 -keyout rsa_private.pem 表示生成私鑰(PKCS8格式),-nodes 表示私鑰不加密,若不帶引數將提示輸入密碼;
-x509表示輸出證書,-days365 為有效期,此後根據提示輸入證書擁有者資訊;
至此,可用的金鑰對已經生成好了,私鑰使用rsa_private.pem,公鑰證書採用cert.crt。
說明:
如果生成的私鑰檔案是PKCS#1格式的,則在使用時需在java中進行相應處理。不能直接使用。
RSAPrivateKeyStructure asn1PrivKey = new RSAPrivateKeyStructure((ASN1Sequence) ASN1Sequence.fromByteArray(priKeyData)); RSAPrivateKeySpec rsaPrivKeySpec = new RSAPrivateKeySpec(asn1PrivKey.getModulus(), asn1PrivKey.getPrivateExponent()); KeyFactory keyFactory= KeyFactory.getInstance("RSA"); PrivateKey priKey= keyFactory.generatePrivate(rsaPrivKeySpec);
首先將PKCS#1的私鑰檔案讀取出來(注意去掉減號開頭的註釋內容),然後使用Base64解碼讀出的字串,便得到priKeyData,也就是第一行程式碼中的引數。最後一行得到了私鑰。接下來的用法就沒什麼區別了。
2.使用java程式碼進行加密解
2.1RSA加密解密類
import java.io.BufferedReader; import java.io.BufferedWriter; import java.io.FileInputStream; import java.io.FileReader; import java.io.FileWriter; import java.io.IOException; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; import java.security.SecureRandom; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; public class RSAEncrypt { /** * 位元組資料轉字串專用集合 */ private static final char[] HEX_CHAR = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; /** * 隨機生成金鑰對 */ public static void genKeyPair(String filePath) { // KeyPairGenerator類用於生成公鑰和私鑰對,基於RSA演算法生成物件 KeyPairGenerator keyPairGen = null; try { keyPairGen = KeyPairGenerator.getInstance("RSA"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } // 初始化金鑰對生成器,金鑰大小為96-1024位 keyPairGen.initialize(1024,new SecureRandom()); // 生成一個金鑰對,儲存在keyPair中 KeyPair keyPair = keyPairGen.generateKeyPair(); // 得到私鑰 RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到公鑰 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); try { // 得到公鑰字串 String publicKeyString = new String(Base64.getEncoder().encodeToString(publicKey.getEncoded())); // 得到私鑰字串 String privateKeyString = new String(Base64.getEncoder().encodeToString(privateKey.getEncoded())); // 將金鑰對寫入到檔案 FileWriter pubfw = new FileWriter(filePath + "/publicKey.keystore"); FileWriter prifw = new FileWriter(filePath + "/privateKey.keystore"); BufferedWriter pubbw = new BufferedWriter(pubfw); BufferedWriter pribw = new BufferedWriter(prifw); pubbw.write(publicKeyString); pribw.write(privateKeyString); pubbw.flush(); pubbw.close(); pubfw.close(); pribw.flush(); pribw.close(); prifw.close(); } catch (Exception e) { e.printStackTrace(); } } /** * 從檔案中輸入流中載入公鑰 * * @param in * 公鑰輸入流 * @throws Exception * 載入公鑰時產生的異常 */ public static String loadPublicKeyByFile(String path) throws Exception { try { BufferedReader br = new BufferedReader(new FileReader(path + "/rsa_public.crt")); String readLine = null; StringBuilder sb = new StringBuilder(); while ((readLine = br.readLine()) != null) { sb.append(readLine); } br.close(); return sb.toString(); } catch (IOException e) { throw new Exception("公鑰資料流讀取錯誤"); } catch (NullPointerException e) { throw new Exception("公鑰輸入流為空"); } } /** * 從字串中載入公鑰 * * @param publicKeyStr * 公鑰資料字串 * @throws Exception * 載入公鑰時產生的異常 */ public static RSAPublicKey loadPublicKeyByStr(String publicKeyStr) throws Exception { try { byte[] buffer = Base64.getDecoder().decode(publicKeyStr); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer); return (RSAPublicKey) keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { throw new Exception("無此演算法"); } catch (InvalidKeySpecException e) { throw new Exception("公鑰非法"); } catch (NullPointerException e) { throw new Exception("公鑰資料為空"); } } /** * 獲取證書公鑰 * @param cerPath * @return * @throws Exception */ public static String getPublicKey(String cerPath) throws Exception { CertificateFactory certificatefactory = CertificateFactory.getInstance("X.509"); FileInputStream fis = new FileInputStream(cerPath); X509Certificate Cert = (X509Certificate) certificatefactory.generateCertificate(fis); PublicKey pk = Cert.getPublicKey(); String publicKey = Base64.getEncoder().encodeToString(pk.getEncoded()); return publicKey; } /** * 從檔案中載入私鑰 * * @param keyFileName * 私鑰檔名 * @return 是否成功 * @throws Exception */ public static String loadPrivateKeyByFile(String path) throws Exception { try { BufferedReader br = new BufferedReader(new FileReader(path + "/rsa_private.pem")); String readLine = null; StringBuilder sb = new StringBuilder(); while ((readLine = br.readLine()) != null) { sb.append(readLine); } br.close(); return sb.toString(); } catch (IOException e) { throw new Exception("私鑰資料讀取錯誤"); } catch (NullPointerException e) { throw new Exception("私鑰輸入流為空"); } } public static RSAPrivateKey loadPrivateKeyByStr(String privateKeyStr) throws Exception { try { byte[] buffer = Base64.getDecoder().decode(privateKeyStr); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return (RSAPrivateKey) keyFactory.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { throw new Exception("無此演算法"); } catch (InvalidKeySpecException e) { throw new Exception("私鑰非法"); } catch (NullPointerException e) { throw new Exception("私鑰資料為空"); } } /** * 公鑰加密過程 * * @param publicKey * 公鑰 * @param plainTextData * 明文資料 * @return * @throws Exception * 加密過程中的異常資訊 */ public static byte[] encrypt(RSAPublicKey publicKey, byte[] plainTextData) throws Exception { if (publicKey == null) { throw new Exception("加密公鑰為空, 請設定"); } Cipher cipher = null; try { // 使用預設RSA cipher = Cipher.getInstance("RSA"); // cipher= Cipher.getInstance("RSA", new BouncyCastleProvider()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] output = cipher.doFinal(plainTextData); return output; } catch (NoSuchAlgorithmException e) { throw new Exception("無此加密演算法"); } catch (NoSuchPaddingException e) { e.printStackTrace(); return null; } catch (InvalidKeyException e) { throw new Exception("加密公鑰非法,請檢查"); } catch (IllegalBlockSizeException e) { throw new Exception("明文長度非法"); } catch (BadPaddingException e) { throw new Exception("明文資料已損壞"); } } /** * 私鑰加密過程 * * @param privateKey * 私鑰 * @param plainTextData * 明文資料 * @return * @throws Exception * 加密過程中的異常資訊 */ public static byte[] encrypt(RSAPrivateKey privateKey, byte[] plainTextData) throws Exception { if (privateKey == null) { throw new Exception("加密私鑰為空, 請設定"); } Cipher cipher = null; try { // 使用預設RSA cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, privateKey); byte[] output = cipher.doFinal(plainTextData); return output; } catch (NoSuchAlgorithmException e) { throw new Exception("無此加密演算法"); } catch (NoSuchPaddingException e) { e.printStackTrace(); return null; } catch (InvalidKeyException e) { throw new Exception("加密私鑰非法,請檢查"); } catch (IllegalBlockSizeException e) { throw new Exception("明文長度非法"); } catch (BadPaddingException e) { throw new Exception("明文資料已損壞"); } } /** * 私鑰解密過程 * * @param privateKey * 私鑰 * @param cipherData * 密文資料 * @return 明文 * @throws Exception * 解密過程中的異常資訊 */ public static byte[] decrypt(RSAPrivateKey privateKey, byte[] cipherData) throws Exception { if (privateKey == null) { throw new Exception("解密私鑰為空, 請設定"); } Cipher cipher = null; try { // 使用預設RSA cipher = Cipher.getInstance("RSA"); // cipher= Cipher.getInstance("RSA", new BouncyCastleProvider()); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] output = cipher.doFinal(cipherData); return output; } catch (NoSuchAlgorithmException e) { throw new Exception("無此解密演算法"); } catch (NoSuchPaddingException e) { e.printStackTrace(); return null; } catch (InvalidKeyException e) { throw new Exception("解密私鑰非法,請檢查"); } catch (IllegalBlockSizeException e) { throw new Exception("密文長度非法"); } catch (BadPaddingException e) { throw new Exception("密文資料已損壞"); } } /** * 公鑰解密過程 * * @param publicKey * 公鑰 * @param cipherData * 密文資料 * @return 明文 * @throws Exception * 解密過程中的異常資訊 */ public static byte[] decrypt(RSAPublicKey publicKey, byte[] cipherData) throws Exception { if (publicKey == null) { throw new Exception("解密公鑰為空, 請設定"); } Cipher cipher = null; try { // 使用預設RSA cipher = Cipher.getInstance("RSA"); // cipher= Cipher.getInstance("RSA", new BouncyCastleProvider()); cipher.init(Cipher.DECRYPT_MODE, publicKey); byte[] output = cipher.doFinal(cipherData); return output; } catch (NoSuchAlgorithmException e) { throw new Exception("無此解密演算法"); } catch (NoSuchPaddingException e) { e.printStackTrace(); return null; } catch (InvalidKeyException e) { throw new Exception("解密公鑰非法,請檢查"); } catch (IllegalBlockSizeException e) { throw new Exception("密文長度非法"); } catch (BadPaddingException e) { throw new Exception("密文資料已損壞"); } } /** * 位元組資料轉十六進位制字串 * * @param data * 輸入資料 * @return 十六進位制內容 */ public static String byteArrayToString(byte[] data) { StringBuilder stringBuilder = new StringBuilder(); for (int i = 0; i < data.length; i++) { // 取出位元組的高四位 作為索引得到相應的十六進位制識別符號 注意無符號右移 stringBuilder.append(HEX_CHAR[(data[i] & 0xf0) >>> 4]); // 取出位元組的低四位 作為索引得到相應的十六進位制識別符號 stringBuilder.append(HEX_CHAR[(data[i] & 0x0f)]); if (i < data.length - 1) { stringBuilder.append(' '); } } return stringBuilder.toString(); } }
2.2簽名及校驗類
package cn.com.wjqhuaxia; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; /** * RSA簽名驗籤類 */ public class RSASignature { /** * 簽名演算法 */ public static final String SIGN_ALGORITHMS = "SHA1WithRSA"; /** * RSA簽名 * * @param content * 待簽名資料 * @param privateKey * 商戶私鑰 * @param encode * 字符集編碼 * @return 簽名值 */ public static String sign(String content, String privateKey, String encode) { try { PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)); KeyFactory keyf = KeyFactory.getInstance("RSA"); PrivateKey priKey = keyf.generatePrivate(priPKCS8); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS); signature.initSign(priKey); signature.update(content.getBytes(encode)); byte[] signed = signature.sign(); return new String(Base64.getEncoder().encodeToString(signed)); } catch (Exception e) { e.printStackTrace(); } return null; } public static String sign(String content, String privateKey) { try { PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey)); KeyFactory keyf = KeyFactory.getInstance("RSA"); PrivateKey priKey = keyf.generatePrivate(priPKCS8); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS); signature.initSign(priKey); signature.update(content.getBytes()); byte[] signed = signature.sign(); return new String(Base64.getEncoder().encode(signed)); } catch (Exception e) { e.printStackTrace(); } return null; } /** * RSA驗簽名檢查 * * @param content * 待簽名資料 * @param sign * 簽名值 * @param publicKey * 分配給開發商公鑰 * @param encode * 字符集編碼 * @return 布林值 */ public static boolean doCheck(String content, String sign, String publicKey, String encode) { try { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] encodedKey = Base64.getDecoder().decode(publicKey); PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS); signature.initVerify(pubKey); signature.update(content.getBytes(encode)); boolean bverify = signature.verify(Base64.getDecoder().decode(sign)); return bverify; } catch (Exception e) { e.printStackTrace(); } return false; } public static boolean doCheck(String content, String sign, String publicKey) { try { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] encodedKey = Base64.getDecoder().decode(publicKey); PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS); signature.initVerify(pubKey); signature.update(content.getBytes()); boolean bverify = signature.verify(Base64.getDecoder().decode(sign)); return bverify; } catch (Exception e) { e.printStackTrace(); } return false; } }
2.3 測試類
package cn.com.wjqhuaxia; import java.util.Base64; public class MainTest { public static final String PRIVATE_KEY_FILE = "D:/tools/openssl/RSA/rsa_private.pem"; //公鑰檔案路徑 // public static final String PUBLIC_KEY_FILE = RSAUtil.class.getClassLoader().getResource("").getPath() + "rsa_private.key"; public static final String PUBLIC_KEY_FILE = "D:/tools/openssl/RSA/rsa_public.crt"; public static void main(String[] args) throws Exception { // RSAEncrypt.genKeyPair(filepath); String filepath = "D:/tools/openssl/RSA/"; System.out.println("--------------公鑰加密私鑰解密過程-------------------"); // 公鑰 String publicKeyString = RSAEncrypt.getPublicKey(PUBLIC_KEY_FILE); // 私鑰 // String loadPrivateKeyByFile = RSAEncrypt.loadPrivateKeyByFile(filepath); //獲取私鑰 String privateKeyString = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC3Vs7ndTzw9lS+3KijEY26RistYbOx0qNTlrq49vDg+2fVQurNh41uzeIdjwKZfpe9Gtsy7ZRzGv+3EH5rK8Bo+rPteBGKt2tjsZAcaR78RZ8PVOmozJYX2aZqpirPf/vSLhB/vaKeyJpvp6WQG6gLSbZRgFzb+vACgE2m7Pt9rD2pNjPowEsPf6jcqQ19I7FY9TtYRU4ypRR4MXFJw6pLfrIfof/TPpgXdp5AaQ8OaPmxsOsiYHG3Nvv0HWLRYtq/JYhQrh8bCOklPI/jdusxvXpTBfJLrQmruVfRJ3HyqXuY1R4/IP2iyZdPdnncnqKPr8UdOk9SDB9CR32dH2V7AgMBAAECggEAJwOH/+UI1NX2bq8SC7FekXcBFSUnUf3a15zJmzahR574F3+n65ie1idlqJiYGwW/UHR4lLvNzTi/lbsiy7eBuFUxGKVmRjiF168fVYxhFZnTITYWit8OSYD9UtCNZ556fd1jkWtPQa66fmwUZTgdaFmFPI6uM/mQPVgELjNbyQATZ7i9rZKUuDhT5QwWjn+uk/qcsv80gDjHCesdrzfwbWbnlPMFLY8f7rKOyTnwuBIR07UqagiLrHdli8NpWw6viNymdxmqgteiG4LBXERdV3/vA0Zr+naX4rGpmgMum77mbyKqFZ8Q3j4MYVCA29SVH9OeYJRUJqIy8hnKU5faIQKBgQDv8Cn/ng5xHiI9emDDryIDmZmDZaswkL2Wm010ccgcoyMzYUiHmHRUYy47yrk0VVlqnJObZlUSHNTrTkamjMqXrIF4Q69ndXDVRoF8VXzmJvYuSEeClg0YvkLSQV87dZu6DI7R0ucIrrGY/hXIxNSmzZIbDuDTBexvK3puy6bxKQKBgQDDnLPY1Xca6QMHpWTlIHWsEJ58szNKsJpMNsxHQT7tozrW0iBztAw13d6fs3Yt4LJF4XpNqBd1GSuVKRtnrClXT1xf3pZZbo7999OfFQMht6xp53kZYYE0toMJEt6039uHgQUvFXPOv3eVLvYcU1kJXwzrXWqd+3V1DItoOc5CAwKBgQDiPA89qGhxnDoowZUvrZhi0JeA34I0vqUktranjwlihygPsDDVOZimYQYc9p7+i2NONOiw5CJee7T/UcUoESSNMui43wkqgf+r+VjqRSkJUb9aEGjs5lLe+7bBzUXgKJp3KJQZn8Sb2Sw314vuzDi+NqMGxFaUYsd2YwaEJZ35UQKBgQC8rCyb/GlBP3Z4rYK/ratSJ0V2qbHTXLu2vzQRllEIDOT3xv0eHI+adUIBb6uRXKUW2gCJXpQhkgGDgX65ZEkLubQzlBIYeJbbR2qKik3W+74E+ArJ/E4Pdeq1mcnNVA3+iOdjHqHwzKSe9AjWEV5Tt6ZSbmwjrSMBnvPnt7nF2QKBgAS0/YHxPU4QDsb6PqoGJ64utjgmqrqDAjp4OgCpdtP9gJqKYSi60b54NF50JKnpxVunq8+kOp38LsDdp+9RdD8+xvPMPFM3wGRHhnFvbd1ZnwSjsCj7bw1ARSHldQ2N3aUhtSyCjj0Gdc1jDquORMTGGgUA0jQ2/blTFw+WRE9b"; String plainText = "ihep_公鑰加密私鑰解密"; System.out.println("原文:" + plainText); // 公鑰加密過程 byte[] cipherData = RSAEncrypt.encrypt(RSAEncrypt.loadPublicKeyByStr(publicKeyString), plainText.getBytes()); String cipher = new String(Base64.getEncoder().encode(cipherData)); System.out.println("加密:" + cipher); // 私鑰解密過程 byte[] res = RSAEncrypt.decrypt(RSAEncrypt.loadPrivateKeyByStr(privateKeyString), Base64.getDecoder().decode(cipher)); String restr = new String(res); System.out.println("解密:" + restr); System.out.println(); System.out.println("--------------私鑰加密公鑰解密過程-------------------"); plainText = "ihep_私鑰加密公鑰解密"; // 私鑰加密過程 cipherData = RSAEncrypt.encrypt(RSAEncrypt.loadPrivateKeyByStr(privateKeyString), plainText.getBytes()); cipher = new String(Base64.getEncoder().encode(cipherData)); // 公鑰解密過程 res = RSAEncrypt.decrypt(RSAEncrypt.loadPublicKeyByStr(publicKeyString), Base64.getDecoder().decode(cipher)); restr = new String(res); System.out.println("原文:" + plainText); System.out.println("加密:" + cipher); System.out.println("解密:" + restr); System.out.println(); System.out.println("---------------私鑰簽名過程------------------"); String content = "ihep_這是用於簽名的原始資料"; String signstr = RSASignature.sign(content, privateKeyString); System.out.println("簽名原串:" + content); System.out.println("簽名串:" + signstr); System.out.println(); System.out.println("---------------公鑰校驗簽名------------------"); System.out.println("簽名原串:" + content); System.out.println("簽名串:" + signstr); System.out.println("驗簽結果:" + RSASignature.doCheck(content, signstr, publicKeyString)); System.out.println(); } }