2. 程式人生 > >RSA加密解密(無資料大小限制,php、go、java互通實現)

RSA加密解密(無資料大小限制,php、go、java互通實現)

阿新 發佈:2019-01-09

RSA加解密中必須考慮到的金鑰長度、明文長度和密文長度問題。明文長度需要小於金鑰長度,而密文長度則等於金鑰長度。因此當加密內容長度大於金鑰長度時,有效的RSA加解密就需要對內容進行分段。

這是因為,RSA演算法本身要求加密內容也就是明文長度m必須0<m<金鑰長度n。如果小於這個長度就需要進行padding,因為如果沒有padding,就無法確定解密後內容的真實長度,字串之類的內容問題還不大,以0作為結束符,但對二進位制資料就很難,因為不確定後面的0是內容還是內容結束符。而只要用到padding,那麼就要佔用實際的明文長度,於是實際明文長度需要減去padding位元組長度。我們一般使用的padding標準有NoPPadding、OAEPPadding、PKCS1Padding等,其中PKCS#1建議的padding就佔用了11個位元組。

這樣,對於1024長度的金鑰。128位元組(1024bits)-減去11位元組正好是117位元組,但對於RSA加密來講,padding也是參與加密的,所以,依然按照1024bits去理解,但實際的明文只有117位元組了。

Go實現


package xrsa

import (
    "encoding/pem"
    "encoding/base64"
    "crypto/x509"
    "crypto/rsa"
    "crypto/rand"
    "errors"
    "crypto"
    "io"
    "bytes"
    "encoding/asn1"
)

const (
    CHAR_SET = "UTF-8"
    BASE_64_FORMAT = "UrlSafeNoPadding"
    RSA_ALGORITHM_KEY_TYPE = "PKCS8"
    RSA_ALGORITHM_SIGN = crypto.SHA256
)

type XRsa struct {
    publicKey *rsa.PublicKey
    privateKey *rsa.PrivateKey
}

// 生成金鑰對
func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error {
    // 生成私鑰檔案
    privateKey, err := rsa.GenerateKey(rand.Reader, keyLength)
    if err != nil {
        return err
    }
    derStream := MarshalPKCS8PrivateKey(privateKey)
    block := &pem.Block{
        Type:  "PRIVATE KEY",
        Bytes: derStream,
    }
    err = pem.Encode(privateKeyWriter, block)
    if err != nil {
        return err
    }

    // 生成公鑰檔案
    publicKey := &privateKey.PublicKey
    derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
    if err != nil {
        return err
    }
    block = &pem.Block{
        Type:  "PUBLIC KEY",
        Bytes: derPkix,
    }
    err = pem.Encode(publicKeyWriter, block)
    if err != nil {
        return err
    }

    return nil
}

func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) {
    block, _ := pem.Decode(publicKey)
    if block == nil {
        return nil, errors.New("public key error")
    }
    pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
    if err != nil {
        return nil, err
    }
    pub := pubInterface.(*rsa.PublicKey)

    block, _ = pem.Decode(privateKey)
    if block == nil {
        return nil, errors.New("private key error!")
    }
    priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
    if err != nil {
        return nil, err
    }

    pri, ok := priv.(*rsa.PrivateKey)
    if ok {
        return &XRsa {
            publicKey: pub,
            privateKey: pri,
        }, nil
    } else {
        return nil, errors.New("private key not supported")
    }
}

// 公鑰加密
func (r *XRsa) PublicEncrypt(data string) (string, error) {
    partLen := r.publicKey.N.BitLen() / 8 - 11
    chunks := split([]byte(data), partLen)

    buffer := bytes.NewBufferString("")
    for _, chunk := range chunks {
        bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk)
        if err != nil {
            return "", err
        }
        buffer.Write(bytes)
    }

    return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil
}

// 私鑰解密
func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) {
    partLen := r.publicKey.N.BitLen() / 8
    raw, err := base64.RawURLEncoding.DecodeString(encrypted)
    chunks := split([]byte(raw), partLen)

    buffer := bytes.NewBufferString("")
    for _, chunk := range chunks {
        decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk)
        if err != nil {
            return "", err
        }
        buffer.Write(decrypted)
    }

    return buffer.String(), err
}

// 資料加簽
func (r *XRsa) Sign(data string) (string, error) {
    h := RSA_ALGORITHM_SIGN.New()
    h.Write([]byte(data))
    hashed := h.Sum(nil)

    sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed)
    if err != nil {
        return "", err
    }
    return base64.RawURLEncoding.EncodeToString(sign), err
}

// 資料驗籤
func (r *XRsa) Verify(data string, sign string) error {
    h := RSA_ALGORITHM_SIGN.New()
    h.Write([]byte(data))
    hashed := h.Sum(nil)

    decodedSign, err := base64.RawURLEncoding.DecodeString(sign)
    if err != nil {
        return err
    }

    return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)
}

func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte {
    info := struct {
        Version             int
        PrivateKeyAlgorithm []asn1.ObjectIdentifier
        PrivateKey          []byte
    }{}
    info.Version = 0
    info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1)
    info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
    info.PrivateKey = x509.MarshalPKCS1PrivateKey(key)

    k, _ := asn1.Marshal(info)
    return k
}

func split(buf []byte, lim int) [][]byte {
    var chunk []byte
    chunks := make([][]byte, 0, len(buf)/lim+1)
    for len(buf) >= lim {
        chunk, buf = buf[:lim], buf[lim:]
        chunks = append(chunks, chunk)
    }
    if len(buf) > 0 {
        chunks = append(chunks, buf[:len(buf)])
    }
    return chunks
}

Php實現


if (! function_exists('url_safe_base64_encode')) {
    function url_safe_base64_encode ($data) {
        return str_replace(array('+','/', '='),array('-','_', ''), base64_encode($data));
    }
}

if (! function_exists('url_safe_base64_decode')) {
    function url_safe_base64_decode ($data) {
        $base_64 = str_replace(array('-','_'),array('+','/'), $data);
        return base64_decode($base_64);
    }
}

class XRsa
{
    const CHAR_SET = "UTF-8";
    const BASE_64_FORMAT = "UrlSafeNoPadding";
    const RSA_ALGORITHM_KEY_TYPE = OPENSSL_KEYTYPE_RSA;
    const RSA_ALGORITHM_SIGN = OPENSSL_ALGO_SHA256;

    protected $public_key;
    protected $private_key;
    protected $key_len;

    public function __construct($pub_key, $pri_key = null)
    {
        $this->public_key = $pub_key;
        $this->private_key = $pri_key;

        $pub_id = openssl_get_publickey($this->public_key);
        $this->key_len = openssl_pkey_get_details($pub_id)['bits'];
    }

    /*
     * 建立金鑰對
     */
    public static function createKeys($key_size = 2048)
    {
        $config = array(
            "private_key_bits" => $key_size,
            "private_key_type" => self::RSA_ALGORITHM_KEY_TYPE,
        );
        $res = openssl_pkey_new($config);
        openssl_pkey_export($res, $private_key);
        $public_key_detail = openssl_pkey_get_details($res);
        $public_key = $public_key_detail["key"];

        return [
            "public_key" => $public_key,
            "private_key" => $private_key,
        ];
    }

    /*
     * 公鑰加密
     */
    public function publicEncrypt($data)
    {
        $encrypted = '';
        $part_len = $this->key_len / 8 - 11;
        $parts = str_split($data, $part_len);

        foreach ($parts as $part) {
            $encrypted_temp = '';
            openssl_public_encrypt($part, $encrypted_temp, $this->public_key);
            $encrypted .= $encrypted_temp;
        }

        return url_safe_base64_encode($encrypted);
    }

    /*
     * 私鑰解密
     */
    public function privateDecrypt($encrypted)
    {
        $decrypted = "";
        $part_len = $this->key_len / 8;
        $base64_decoded = url_safe_base64_decode($encrypted);
        $parts = str_split($base64_decoded, $part_len);

        foreach ($parts as $part) {
            $decrypted_temp = '';
            openssl_private_decrypt($part, $decrypted_temp,$this->private_key);
            $decrypted .= $decrypted_temp;
        }
        return $decrypted;
    }

    /*
     * 私鑰加密
     */
    public function privateEncrypt($data)
    {
        $encrypted = '';
        $part_len = $this->key_len / 8 - 11;
        $parts = str_split($data, $part_len);

        foreach ($parts as $part) {
            $encrypted_temp = '';
            openssl_private_encrypt($part, $encrypted_temp, $this->private_key);
            $encrypted .= $encrypted_temp;
        }

        return url_safe_base64_encode($encrypted);
    }

    /*
     * 公鑰解密
     */
    public function publicDecrypt($encrypted)
    {
        $decrypted = "";
        $part_len = $this->key_len / 8;
        $base64_decoded = url_safe_base64_decode($encrypted);
        $parts = str_split($base64_decoded, $part_len);

        foreach ($parts as $part) {
            $decrypted_temp = '';
            openssl_public_decrypt($part, $decrypted_temp,$this->public_key);
            $decrypted .= $decrypted_temp;
        }
        return $decrypted;
    }

    /*
     * 資料加簽
     */
    public function sign($data)
    {
        openssl_sign($data, $sign, $this->private_key, self::RSA_ALGORITHM_SIGN);

        return url_safe_base64_encode($sign);
    }

    /*
     * 資料簽名驗證
     */
    public function verify($data, $sign)
    {
        $pub_id = openssl_get_publickey($this->public_key);
        $res = openssl_verify($data, url_safe_base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN);

        return $res;
    }
}

Java實現


package com.inspii;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;

import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.security.interfaces.RSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;

public class XRsa {
    public static final String CHARSET = "UTF-8";
    public static final String RSA_ALGORITHM = "RSA";
    public static final String RSA_ALGORITHM_SIGN = "SHA256WithRSA";

    private RSAPublicKey publicKey;
    private RSAPrivateKey privateKey;

    public XRsa(String publicKey, String privateKey)
    {
        try {
            KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);

            //通過X509編碼的Key指令獲得公鑰物件
            X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));
            this.publicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
            //通過PKCS#8編碼的Key指令獲得私鑰物件
            PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));
            this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);
        } catch (Exception e) {
            throw new RuntimeException("不支援的金鑰", e);
        }
    }

    public static Map<String, String> createKeys(int keySize){
        //為RSA演算法建立一個KeyPairGenerator物件
        KeyPairGenerator kpg;
        try{
            kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM);
        }catch(NoSuchAlgorithmException e){
            throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]");
        }

        //初始化KeyPairGenerator物件,不要被initialize()源碼錶面上欺騙,其實這裡宣告的size是生效的
        kpg.initialize(keySize);
        //生成密匙對
        KeyPair keyPair = kpg.generateKeyPair();
        //得到公鑰
        Key publicKey = keyPair.getPublic();
        String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());
        //得到私鑰
        Key privateKey = keyPair.getPrivate();
        String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());
        Map<String, String> keyPairMap = new HashMap<String, String>();
        keyPairMap.put("publicKey", publicKeyStr);
        keyPairMap.put("privateKey", privateKeyStr);

        return keyPairMap;
    }

    public String publicEncrypt(String data){
        try{
            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
            cipher.init(Cipher.ENCRYPT_MODE, publicKey);
            return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));
        }catch(Exception e){
            throw new RuntimeException("加密字串[" + data + "]時遇到異常", e);
        }
    }

    public String privateDecrypt(String data){
        try{
            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
            cipher.init(Cipher.DECRYPT_MODE, privateKey);
            return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);
        }catch(Exception e){
            throw new RuntimeException("解密字串[" + data + "]時遇到異常", e);
        }
    }

    public String privateEncrypt(String data){
        try{
            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
            cipher.init(Cipher.ENCRYPT_MODE, privateKey);
            return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));
        }catch(Exception e){
            throw new RuntimeException("加密字串[" + data + "]時遇到異常", e);
        }
    }

    public String publicDecrypt(String data){
        try{
            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
            cipher.init(Cipher.DECRYPT_MODE, publicKey);
            return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);
        }catch(Exception e){
            throw new RuntimeException("解密字串[" + data + "]時遇到異常", e);
        }
    }

    public String sign(String data){
        try{
            //sign
            Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN);
            signature.initSign(privateKey);
            signature.update(data.getBytes(CHARSET));
            return Base64.encodeBase64URLSafeString(signature.sign());
        }catch(Exception e){
            throw new RuntimeException("簽名字串[" + data + "]時遇到異常", e);
        }
    }

    public boolean verify(String data, String sign){
        try{
            Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN);
            signature.initVerify(publicKey);
            signature.update(data.getBytes(CHARSET));
            return signature.verify(Base64.decodeBase64(sign));
        }catch(Exception e){
            throw new RuntimeException("驗簽字符串[" + data + "]時遇到異常", e);
        }
    }

    private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){
        int maxBlock = 0;
        if(opmode == Cipher.DECRYPT_MODE){
            maxBlock = keySize / 8;
        }else{
            maxBlock = keySize / 8 - 11;
        }
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        int offSet = 0;
        byte[] buff;
        int i = 0;
        try{
            while(datas.length > offSet){
                if(datas.length-offSet > maxBlock){
                    buff = cipher.doFinal(datas, offSet, maxBlock);
                }else{
                    buff = cipher.doFinal(datas, offSet, datas.length-offSet);
                }
                out.write(buff, 0, buff.length);
                i++;
                offSet = i * maxBlock;
            }
        }catch(Exception e){
            throw new RuntimeException("加解密閥值為["+maxBlock+"]的資料時發生異常", e);
        }
        byte[] resultDatas = out.toByteArray();
        IOUtils.closeQuietly(out);
        return resultDatas;
    }
}

參考

https://segmentfault.com/a/1190000011263680


對java和go感興趣的讀者,可以加我的微信,互相交流學習,有時很忙,來不及回覆,請諒解。


相關推薦

RSA加密解密資料大小限制phpgojava互通實現

RSA加解密中必須考慮到的金鑰長度、明文長度和密文長度問題。明文長度需要小於金鑰長度,而密文長度則等於金鑰長度。因此當加密內容長度大於金鑰長度時,有效的RSA加解密就需要對內容進行分段。這是因為,RSA演算法本身要求加密內容也就是明文長度m必須0<m<金鑰長度n。

Node.js 基於 ursa 模組的 RSA 加密解密已與IOSAndroid實現加密通訊

前幾天除錯一個RSA加密,遇到一些問題,在網上找了好久好久,與Node.js相關的資源少得非常可憐,最後還是靠自己一步一步解決了,今天把程式碼和一些心得拿出來分享一下: cnode連結地址:https://cnodejs.org/topic/54d2de4cf

C/C++使用openssl進行摘要和加密解密md5, sha256, des, rsa

fin hex pau 字節 system org key rate 釋放 openssl裏面有很多用於摘要哈希、加密解密的算法,方便集成於工程項目,被廣泛應用於網絡報文中的安全傳輸和認證。下面以md5,sha256,des,rsa幾個典型的api簡單使用作為例子。

RSA加密解密實現JAVA

1.關於RSA演算法的原理解析參考:http://www.ruanyifeng.com/blog/2013/06/rsa_algorithm_part_one.html 2.RSA金鑰長度、明文長度和密文長度參考:https://blog.csdn.net/liuhuabai100/article/deta

JDK中JCA的簡單使用---RSA加密解密

Cipher 類 Cipher類提供用於加密和解密的加密密碼功能。加密是獲取資料(稱為明文)和 金鑰,並且生成資料(密文)對於不知道金鑰的第三方無意義的過程。解密是一個相反的過程:採用密文和金鑰並生成明文。 對稱與非對稱加密 有兩種主要的加密型別:對稱(也稱為金鑰)和非對稱(或公

解決前端websocket資料幀接收資料大小限制資料分幀問題

websocket前後臺出現問題解決方法: 一開始通過限制後臺返回資料幀以125位元組分隔分段資料返回給前臺,但除錯時發現只要加上其他的一些資訊返回json string很容易就會超過了125位元組,於是在後臺修改了這個限制大小為2048,但是這時候前端就出現了無法接收的問題。 丟擲錯誤為:

C# Java間進行RSA加密解密互動

/** * RSA加密 * @param text--待加密的明文 * @param key--公鑰,由伺服器端提供的經base64編碼的字串 * @return */ public static String RSAEncryptoWithPu

php rsa加密解密例項非對稱加密

php服務端與客戶端互動、提供開放api時,通常需要對敏感的部分api資料傳輸進行資料加密,這時候rsa非對稱加密就能派上用處了,下面通過一個例子來說明如何用php來實現資料的加密解密 1、加密解密的第一步是生成公鑰、私鑰對,私鑰加密的內容能通過公鑰解密(反過來亦可以

Openssl及加密解密openssl

opensslopenssl是一個條件實現了上百種算法、實現了單向加密工具等一組套件,代碼量很小但是功能強大。它有三部分組成:libcrypto:通用功能的加密庫,軟件開發時可以直接調用libssl:實現TLS/SSL的功能openssl:多功能命令行工具,加密、解密、創建CA、證書、一對秘鑰等openssl

利用RSACryptoServiceProvider進行RSA加密解密

rop color ria keyvalue ngs eat splay null crypto 利用RSACryptoServiceProvider進行RSA加密解密 加密獲取公私鑰 static void Main(string[] args)

iOS常用加密RSA加密解密

pen style 工作 eight else mark 分段 load port 前言: iOS常用的加密有很多種,前兩天在工作中遇到了RSA加密,現在把代嗎分享出來。 RSA基本原理 RSA使用"秘匙對"對數據進行加密解密.在加密解密數據前,需要先生成公鑰(publi

C# Java間進行RSA加密解密交互

exc add 交互 長度限制 orm keys 什麽 highlight arr 引用:http://blog.csdn.net/dslinmy/article/details/37362661 這裏,講一下RSA算法加解密在C#和Java之間交互的問題,這兩天糾結了很久

C#-java RSA加密解密

過程 data readline utf 解密 param rsa私鑰 convert graph using Org.BouncyCastle.Math;using Org.BouncyCastle.Crypto.Parameters;using Org.BouncyCa

C#自定義RSA加密解密RSA簽名和驗證類實例

狀態 share normal evel thumb weight encrypt security clas 本文實例講述了C#自定義RSA加密解密及RSA簽名和驗證類。分享給大家供大家參考。具體分析如下: 這個C#類自定義RSA加密解密及RSA簽名和驗證,包含了RSA

RSA加密解密及數字簽名Java實現

cto 包括 sign object misc 數據 factory 了解 對稱密鑰 RSA公鑰加密算法是1977年由羅納德·李維斯特(Ron Rivest)、阿迪·薩莫爾(Adi Shamir)和倫納德·阿德曼(Leonard Adleman)一起提出的。當時他們三人都在

Java使用非對稱數據加密RSA加密解密

ner tco init git turn comm [] 4類 fse   emmmmmm就是呢,我今天研究了一下非對稱數據加密RSA的使用,算法什麽的暫時不研究,加密算法還有很多,以後再研究吧,就醬(>人<;)。非對稱加密算法需要兩個密鑰:公開密鑰(publicKey)

php rsa加密解密實例 及簽名驗證-自己實踐

date wql bio eee resource haar ted can open <?php /** * Created by PhpStorm. * User: Administrator * Date: 2018/4/1 *

RSA加密解密

ase castle mar class ext 默認 crypto publickey () using System;using System.IO;using System.Security.Cryptography;using System.Text;using M

字符串加密解密Base64

bcd base64 else if 字符 utf-8 base Coding ase NPU var Base64 = { // private property _keyStr: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijkl

RSA加密解密和簽名驗證機制以及其區別和聯絡

https://blog.csdn.net/wangjianno2/article/details/68965299   1.RSA的加密解密機制原理RSA公鑰加密體制包含如下3個演算法:KeyGen(金鑰生成演算法),Encrypt(加密演算法)以及Decrypt(解密演算法)。詳細如下: