Java非對稱加密演算法RSA
阿新 • • 發佈:2018-12-20
流程分析:
- 甲方構建金鑰對兒,將公鑰公佈給乙方,將私鑰保留。
- 甲方使用私鑰加密資料,然後用私鑰對加密後的資料簽名,傳送給乙方簽名以及加密後的資料;乙方使用公鑰、簽名來驗證待解密資料是否有效,如果有效使用公鑰對資料解密。
- 乙方使用公鑰加密資料,向甲方傳送經過加密後的資料;甲方獲得加密資料,通過私鑰解密。
package cn.tzz.java.crypto; import java.io.IOException; import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; import javax.crypto.Cipher; import sun.misc.BASE64Decoder; import sun.misc.BASE64Encoder; public class RSACryptUtil { public static final String KEY_ALGORITHM = "RSA"; public static final String SIGNATURE_ALGORITHM = "MD5withRSA"; private static final String PUBLIC_KEY = "RSAPublicKey"; private static final String PRIVATE_KEY = "RSAPrivateKey"; public static String encryptBASE64(byte[] key) { return (new BASE64Encoder()).encodeBuffer(key); } public static byte[] decryptBASE64(String key) throws IOException { return new BASE64Decoder().decodeBuffer(key); } /**初始化金鑰*/ public static Map<String, Object> initKey() { KeyPairGenerator keyPairGen; Map<String, Object> keyMap = new HashMap<String, Object>(2); try { keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM); keyPairGen.initialize(1024); KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();// 公鑰 RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();// 私鑰 keyMap.put(PUBLIC_KEY, publicKey); keyMap.put(PRIVATE_KEY, privateKey); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } return keyMap; } /**獲取私鑰*/ public static String getPrivateKey(Map<String, Object> keyMap){ Key key = (Key) keyMap.get(PRIVATE_KEY); return encryptBASE64(key.getEncoded()); } /**獲取公鑰*/ public static String getPublicKey(Map<String, Object> keyMap){ Key key = (Key) keyMap.get(PUBLIC_KEY); return encryptBASE64(key.getEncoded()); } /**用公鑰解密*/ public static byte[] decryptByPublicKey(byte[] data, String key) throws Exception { byte[] keyBytes = decryptBASE64(key);// 對金鑰解密 // 取得公鑰 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 對資料解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } /**用私鑰解密*/ public static byte[] decryptByPrivateKey(byte[] data, String key) throws Exception { byte[] keyBytes = decryptBASE64(key);// 對金鑰解密 // 取得私鑰 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 對資料解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } /**用公鑰加密*/ public static byte[] encryptByPublicKey(byte[] data, String key) throws Exception { byte[] keyBytes = decryptBASE64(key);// 對公鑰解密 // 取得公鑰 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 對資料加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); } /**用私鑰加密*/ public static byte[] encryptByPrivateKey(byte[] data, String key) throws Exception { byte[] keyBytes = decryptBASE64(key);// 對金鑰解密 // 取得私鑰 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 對資料加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } /** * 用私鑰對資訊生成數字簽名 * @param data 加密資料 * @param privateKey 私鑰 */ public static String sign(byte[] data, String privateKey) throws Exception { byte[] keyBytes = decryptBASE64(privateKey);// 解密由base64編碼的私鑰 // 構造PKCS8EncodedKeySpec物件 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密演算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取私鑰匙物件 PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); // 用私鑰對資訊生成數字簽名 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); return encryptBASE64(signature.sign()); } /** * 校驗數字簽名 * @param data 加密資料 * @param publicKey 公鑰 * @param sign 數字簽名 * * @return 校驗成功返回true 失敗返回false * */ public static boolean verify(byte[] data, String publicKey, String sign) throws Exception { byte[] keyBytes = decryptBASE64(publicKey);// 解密由base64編碼的公鑰 // 構造X509EncodedKeySpec物件 X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密演算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取公鑰匙物件 PublicKey pubKey = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data); // 驗證簽名是否正常 return signature.verify(decryptBASE64(sign)); } }
測試類:
package cn.tzz.java.crypto; import java.util.Map; import org.junit.Test; public class RSACryptUtilTest { private static String publicKey; private static String privateKey; static { Map<String, Object> keyMap = RSACryptUtil.initKey(); publicKey = RSACryptUtil.getPublicKey(keyMap); privateKey = RSACryptUtil.getPrivateKey(keyMap); System.out.println("公鑰: \n\r" + publicKey); System.out.println("私鑰: \n\r" + privateKey); } @Test public void test(){ try { System.out.println("公鑰加密---私鑰解密"); String date = "123456"; byte[] encodedData = RSACryptUtil.encryptByPublicKey(date.getBytes(), publicKey); String encodedStr = RSACryptUtil.encryptBASE64(encodedData); byte[] decodedData = RSACryptUtil.decryptByPrivateKey(RSACryptUtil.decryptBASE64(encodedStr), privateKey); String outputStr = new String(decodedData); System.out.println("加密前: " + date + "\n\r" + "加密後: " + encodedStr + "\n\r" + "解密後: " + outputStr); } catch (Exception e) { e.printStackTrace(); } } @Test public void testSign() throws Exception { try { System.out.println("私鑰加密---公鑰解密"); String inputStr = "123456"; byte[] data = inputStr.getBytes(); byte[] encodedData = RSACryptUtil.encryptByPrivateKey(data, privateKey); byte[] decodedData = RSACryptUtil.decryptByPublicKey(encodedData, publicKey); String outputStr = new String(decodedData); System.out.println("加密前: " + inputStr + "\n\r" + "解密後: " + outputStr); System.out.println("私鑰簽名——公鑰驗證簽名"); // 產生簽名 String sign = RSACryptUtil.sign(encodedData, privateKey); System.out.println("簽名:\r" + sign); // 驗證簽名 boolean status = RSACryptUtil.verify(encodedData, publicKey, sign); System.out.println("狀態:\r" + status); } catch (Exception e) { e.printStackTrace(); } } }