import com.google.common.collect.Maps;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.UUID;
/**
* RSA 加解密工具类
*
* @author wangqinglong01
*/
@Slf4j
public class RSAUtil {
private static final String RSA = "RSA";
private static final String PRIVATE_KEY = "privateKey";
private static final String PUBLIC_KEY = "publicKey";
private static final String ALGORITHM = "MD5withRSA";
private static final int ZERO = 0;
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 用于封装随机产生的公钥与私钥
*/
private final static Map<String, String> KEY_MAP = Maps.newHashMap();
/**
* 获取公钥
*/
public static String getPublicKey() {
if (KEY_MAP.size() == ZERO) {
genKeyPair();
}
return KEY_MAP.get(PUBLIC_KEY);
}
/**
* 获取私钥
*/
public static String getPriKey() {
if (KEY_MAP.size() == ZERO) {
genKeyPair();
}
return KEY_MAP.get(PRIVATE_KEY);
}
@SneakyThrows
public static void genKeyPair() {
// KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(RSA);
// 初始化密钥对生成器,密钥大小为96-1024位
keyPairGen.initialize(1024, new SecureRandom());
// 生成一个密钥对,保存在keyPair中
KeyPair keyPair = keyPairGen.generateKeyPair();
// 得到私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
// 得到公钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()));
// 得到私钥字符串
String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded())));
// 将公钥和私钥保存到Map
//0表示公钥
KEY_MAP.put(PUBLIC_KEY, publicKeyString);
//1表示私钥
KEY_MAP.put(PRIVATE_KEY, privateKeyString);
}
/**
* RSA公钥加密(字段长度不能超过117字节)
*
* @param str 加密字符串
* @param publicKey 公钥
* @return 密文
* @throws Exception 加密过程中的异常信息
*/
public static String encrypt(String str, String publicKey) throws Exception {
//base64编码的公钥
byte[] decoded = Base64.decodeBase64(publicKey);
RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(RSA).generatePublic(new X509EncodedKeySpec(decoded));
//RSA加密
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
return Base64.encodeBase64String(cipher.doFinal(str.getBytes(StandardCharsets.UTF_8)));
}
/**
* RSA私钥解密(字段长度不能超过128字节)
*
* @param str 加密字符串
* @param privateKey 私钥
* @return 铭文
* @throws Exception 解密过程中的异常信息
*/
public static String decrypt(String str, String privateKey) throws Exception {
//64位解码加密后的字符串
byte[] inputByte = Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8));
//base64编码的私钥
byte[] decoded = Base64.decodeBase64(privateKey);
RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(RSA).generatePrivate(new PKCS8EncodedKeySpec(decoded));
//RSA解密
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.DECRYPT_MODE, priKey);
return new String(cipher.doFinal(inputByte));
}
/*==================================分段加解密==================================*/
/**
* RSA加密(分段)
*
* @param data 待加密数据
* @param pubKey 公钥
* @return 加密之后的数据
*/
public static String encryptSegment(String data, String pubKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
byte[] decodedKey = Base64.decodeBase64(pubKey.getBytes());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
PublicKey publicKey = keyFactory.generatePublic(keySpec);
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
int inputLen = data.getBytes().length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offset = ZERO;
byte[] cache;
int i = ZERO;
// 对数据分段加密
while (inputLen - offset > ZERO) {
if (inputLen - offset > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data.getBytes(), offset, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data.getBytes(), offset, inputLen - offset);
}
out.write(cache, ZERO, cache.length);
i++;
offset = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
// 获取加密内容使用base64进行编码,并以UTF-8为标准转化成字符串
// 加密后的字符串
return Base64.encodeBase64String(encryptedData);
}
/**
* RSA解密(分段)
*
* @param data 待解密数据
* @param priKey 私钥
* @return 解密之后的数据
*/
public static String decryptSegment(String data, String priKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
byte[] decodedKey = Base64.decodeBase64(priKey.getBytes());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey);
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
Cipher cipher = Cipher.getInstance(RSA);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] dataBytes = Base64.decodeBase64(data);
int inputLen = dataBytes.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offset = ZERO;
byte[] cache;
int i = ZERO;
// 对数据分段解密
while (inputLen - offset > ZERO) {
if (inputLen - offset > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(dataBytes, offset, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(dataBytes, offset, inputLen - offset);
}
out.write(cache, ZERO, cache.length);
i++;
offset = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
// 解密后的内容
return new String(decryptedData, StandardCharsets.UTF_8);
}
/*==================================验签==================================*/
/**
* 签名
*
* @param data 待签名数据
* @param privateKey 私钥
* @return 签名
*/
public static String sign(String data, PrivateKey privateKey) throws Exception {
byte[] keyBytes = privateKey.getEncoded();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
PrivateKey key = keyFactory.generatePrivate(keySpec);
Signature signature = Signature.getInstance(ALGORITHM);
signature.initSign(key);
signature.update(data.getBytes());
return new String(Base64.encodeBase64(signature.sign()));
}
/**
* 验签
*
* @param srcData 原始字符串
* @param publicKey 公钥
* @param sign 签名
* @return 是否验签通过
*/
public static boolean verify(String srcData, PublicKey publicKey, String sign) throws Exception {
byte[] keyBytes = publicKey.getEncoded();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(RSA);
PublicKey key = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(ALGORITHM);
signature.initVerify(key);
signature.update(srcData.getBytes());
return signature.verify(Base64.decodeBase64(sign.getBytes()));
}
public static void main(String[] args) {
try {
// 生成密钥对
genKeyPair();
// RSA加密
StringBuilder builder = new StringBuilder();
do {
builder.append(UUID.randomUUID().toString());
} while (builder.toString().length() <= 100);
String data = builder.toString();
System.out.println("data长度:" + data.length());
//=========================使用分段加解密=========================
String encryptSegment = encryptSegment(data, getPublicKey());
System.out.println("加密后内容:" + encryptSegment);
System.out.println("加密后内容长度:" + encryptSegment.length());
// RSA解密
String decryptSegment = decryptSegment(encryptSegment, getPriKey());
System.out.println("解密后内容:" + decryptSegment);
System.out.println("解密后内容长度:" + decryptSegment.length());
//=========================使用常规的加解密=========================
String encrypt = encrypt(data, getPublicKey());
System.out.println("加密后内容:" + encrypt);
System.out.println("加密后内容长度:" + encrypt.length());
// RSA解密
String decrypt = decrypt(encrypt, getPriKey());
System.out.println("解密后内容:" + decrypt);
System.out.println("解密后内容长度:" + decrypt.length());
} catch (Exception e) {
e.printStackTrace();
System.out.print("加解密异常");
}
}
}
工具类-06-RSA工具类(支持分段,验签)
于 2022-09-09 12:31:42 首次发布