# 一、 概念介绍
## a. 对称加密与非对称加密
待补充
## b. RSA算法
待补充
## c. Openssl
待补充
# 二、 实现
## a. 生成公钥、私钥对的openssl命令行
genrsa -out private.pem 2048
rsa -in private.pem -inform pem -out public.key -outform der -pubout
rsa -in private.pem -inform pem -out private.key -outform der
pkcs8 -topk8 -inform der -in private.key -out pkcs8_private.key -outform der -nocrypt
## b. 命令行解释
### 1. 生成服务端私钥
openssl> genrsa -out private.pem 2048
*注:上述命令生成服务端私钥private.pem, 扩展名是pem, 即这个文件的内容是human-readable的。*
### 2. 生成公钥
openssl> rsa -in private.pem -inform pem -out public.key -outform der -pubout
*注:利用已经生成的密钥文件private.pem生成公钥文件public.key, 该文件是der格式的, 即not-human-readable。 这条命令同时保证生成的公钥文件满足国际电联的X.509证书标准, 虽然public.key仅仅是个公钥文件而不是证书。*
### 3. 改变私钥的存储格式
openssl> rsa -in private.pem -inform pem -out private.key -outform der
*注:为了保护私钥的数据,防止被直接识别, 需要将pem文件转换成der文件, 即由human-readable转换成not-human-readable.*
### 4.
pkcs8 -topk8 -inform der -in private.key -out pkcs8_private.key -outform der -nocrypt
*注:此条最重要!!! 要使得private.key符合PKCS#8标准, 需要显式使用pkcs8 命令行进行转换,转换后的密钥文件pkcs8_private.key可以直接为java使用.*
# 测试代码
package com.reindel.ciphers;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
public class RSACipher {
public String encrypt(String rawText, String publicKeyPath, String transformation, String encoding)
throws IOException, GeneralSecurityException {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(publicKeyPath)));
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec));
return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes(encoding)));
}
public String decrypt(String cipherText, String privateKeyPath, String transformation, String encoding)
throws IOException, GeneralSecurityException {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(privateKeyPath)));
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, KeyFactory.getInstance("RSA").generatePrivate(pkcs8EncodedKeySpec));
return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), encoding);
}
}
package com.reindel.ciphers;
import org.junit.Assert;
import org.junit.Test;
import com.reindel.keys.RSAKeyPair;
public class RASACipherTest {
private final String privateKeyPathName = "C://temp//pkcs8_private.key";
private final String publicKeyPathName = "C://temp//public.key";
private final String transformation = "RSA/ECB/PKCS1Padding";
private final String encoding = "UTF-8";
@Test
public void testEncryptDecryptWithKeyPairFiles()
throws Exception {
try {
String toBeEncrypt = " 2.John has a long mustache too; 3.John has a long mustache too; 4.John has a long mustache too; 5.John has a long mustache too; 6.John has a long mustache too; 7.John has a long mustache too; 8.John has a ;";
byte[] bytesToEncypt = toBeEncrypt.getBytes();
int length = bytesToEncypt.length;
System.out.println("Bytes length = " + length);
RSACipher rsaCipher = new RSACipher();
String encrypted = rsaCipher.encrypt(toBeEncrypt, publicKeyPathName, transformation, encoding);
System.out.println("encrypted string: " + encrypted);
System.out.println("Before decrypt()");
String decrypted = rsaCipher.decrypt(encrypted, privateKeyPathName, transformation, encoding);
System.out.println("decrypted string: " + decrypted);
} catch(Exception exception) {
System.out.println(exception.getMessage());
Assert.fail("The testEncryptDecryptWithKeyPairFiles() test failed because: " + exception.getMessage());
}
}
}
## a. 对称加密与非对称加密
待补充
## b. RSA算法
待补充
## c. Openssl
待补充
# 二、 实现
## a. 生成公钥、私钥对的openssl命令行
genrsa -out private.pem 2048
rsa -in private.pem -inform pem -out public.key -outform der -pubout
rsa -in private.pem -inform pem -out private.key -outform der
pkcs8 -topk8 -inform der -in private.key -out pkcs8_private.key -outform der -nocrypt
## b. 命令行解释
### 1. 生成服务端私钥
openssl> genrsa -out private.pem 2048
*注:上述命令生成服务端私钥private.pem, 扩展名是pem, 即这个文件的内容是human-readable的。*
### 2. 生成公钥
openssl> rsa -in private.pem -inform pem -out public.key -outform der -pubout
*注:利用已经生成的密钥文件private.pem生成公钥文件public.key, 该文件是der格式的, 即not-human-readable。 这条命令同时保证生成的公钥文件满足国际电联的X.509证书标准, 虽然public.key仅仅是个公钥文件而不是证书。*
### 3. 改变私钥的存储格式
openssl> rsa -in private.pem -inform pem -out private.key -outform der
*注:为了保护私钥的数据,防止被直接识别, 需要将pem文件转换成der文件, 即由human-readable转换成not-human-readable.*
### 4.
pkcs8 -topk8 -inform der -in private.key -out pkcs8_private.key -outform der -nocrypt
*注:此条最重要!!! 要使得private.key符合PKCS#8标准, 需要显式使用pkcs8 命令行进行转换,转换后的密钥文件pkcs8_private.key可以直接为java使用.*
# 测试代码
package com.reindel.ciphers;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
public class RSACipher {
public String encrypt(String rawText, String publicKeyPath, String transformation, String encoding)
throws IOException, GeneralSecurityException {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(publicKeyPath)));
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.ENCRYPT_MODE, KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec));
return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes(encoding)));
}
public String decrypt(String cipherText, String privateKeyPath, String transformation, String encoding)
throws IOException, GeneralSecurityException {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(privateKeyPath)));
Cipher cipher = Cipher.getInstance(transformation);
cipher.init(Cipher.DECRYPT_MODE, KeyFactory.getInstance("RSA").generatePrivate(pkcs8EncodedKeySpec));
return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), encoding);
}
}
package com.reindel.ciphers;
import org.junit.Assert;
import org.junit.Test;
import com.reindel.keys.RSAKeyPair;
public class RASACipherTest {
private final String privateKeyPathName = "C://temp//pkcs8_private.key";
private final String publicKeyPathName = "C://temp//public.key";
private final String transformation = "RSA/ECB/PKCS1Padding";
private final String encoding = "UTF-8";
@Test
public void testEncryptDecryptWithKeyPairFiles()
throws Exception {
try {
String toBeEncrypt = " 2.John has a long mustache too; 3.John has a long mustache too; 4.John has a long mustache too; 5.John has a long mustache too; 6.John has a long mustache too; 7.John has a long mustache too; 8.John has a ;";
byte[] bytesToEncypt = toBeEncrypt.getBytes();
int length = bytesToEncypt.length;
System.out.println("Bytes length = " + length);
RSACipher rsaCipher = new RSACipher();
String encrypted = rsaCipher.encrypt(toBeEncrypt, publicKeyPathName, transformation, encoding);
System.out.println("encrypted string: " + encrypted);
System.out.println("Before decrypt()");
String decrypted = rsaCipher.decrypt(encrypted, privateKeyPathName, transformation, encoding);
System.out.println("decrypted string: " + decrypted);
} catch(Exception exception) {
System.out.println(exception.getMessage());
Assert.fail("The testEncryptDecryptWithKeyPairFiles() test failed because: " + exception.getMessage());
}
}
}