1.加解密对应长度
1024位密钥:
- 最大明文加密长度(单位:字节):117
- 最大密文解密长度(单位:字节):128
2048位密钥:
- 最大明文加密长度(单位:字节):245
- 最大密文解密长度(单位:字节):256
4096位密钥:
- 最大明文加密长度(单位:字节):501
- 最大密文解密长度(单位:字节):512
2.对应长度原理
通过上面列出的明文加密和密文解密对应长度我们会发现,例如2048位的密钥,2048位换算为字节等于256字节。对应的密文解密的最大长度就是256字节。而明文加密长度理应也是最大256字节,之所以少了11字节,简单理解是因为为了解密时方便解析,使用了11字节的填充标识。这样就导致明文加密的时候需要始终占用11字节,剩下的245字节才是实际可用的加密长度。
所以当需要加密的明文超出了密钥对应的最大明文加密长度时,就需要分段加密。下面代码给出了分段加密的方式,以供参考。
3.代码依赖包
- commons-codec-1.15.jar
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public class RsaTest {
// 算法类型
private final static String KEY_ALGORITHM = "RSA";
// 最大明文加密长度(单位:字节)
private final static int MAX_ENCRYPT_BLOCK = 245;
// 最大密文解密长度(单位:字节)
private final static int MAX_DECRYPT_BLOCK = 256;
/**
* 分段加密数据
*
* @param data 待加密的数据
* @param publicKeyStr 公钥字符串
* @return 经过Base64编码的加密好的数据
* @throws Exception
*/
public static String encryptData(String data, String publicKeyStr) throws Exception {
// 1.将公钥字符串转换为字节数组
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyStr);
// 2.根据公钥字符串生成publicKey
X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory factory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicKey = factory.generatePublic(spec);
// 3.将待加密数据字符串转换为字节数组
byte[] dataBytes = data.getBytes(StandardCharsets.UTF_8);
// 4.分段加密
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
ByteArrayOutputStream output = new ByteArrayOutputStream();
int dataLength = dataBytes.length;
int offSet = 0;
byte[] cache;
while (dataLength - offSet > 0) {
if (dataLength - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(dataBytes, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(dataBytes, offSet, dataLength - offSet);
}
output.write(cache, 0, cache.length);
offSet += MAX_ENCRYPT_BLOCK;
}
output.close();
// 5.返回Base64编码后的字符串
return Base64.getEncoder().encodeToString(output.toByteArray());
}
/**
* 分段解密数据
*
* @param ciphertext 密文
* @param privateKeyStr 私钥字符串
* @return 解密后的数据
* @throws Exception
*/
public static String decryptData(String ciphertext, String privateKeyStr) throws Exception {
// 1.将私钥字符串转换为字节数组
byte[] privateKeyBytes = Base64.getDecoder().decode(privateKeyStr);
// 2.根据私钥字符串生成privateKey
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory factory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = factory.generatePrivate(spec);
// 3.解码Base64字符串,转换为字节数组
byte[] dataBytes = Base64.getDecoder().decode(ciphertext);
// 4.分段解密
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
ByteArrayOutputStream output = new ByteArrayOutputStream();
int dataLength = dataBytes.length;
int offSet = 0;
byte[] cache;
while (dataLength - offSet > 0) {
if (dataLength - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(dataBytes, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(dataBytes, offSet, dataLength - offSet);
}
output.write(cache, 0, cache.length);
offSet += MAX_DECRYPT_BLOCK;
}
output.close();
// 返回解密好的原始数据
return output.toString();
}
public static void main(String[] args) throws Exception {
String publicKeyStr = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArF9CK/qMzej1vifFCINwp+7V4otEtVpCP0SIflQMvXjFqDyMuWZS4epwbZ2D6Ko5n3GPtHXs9vcVvw2kaGrmuKDbbASQyVlVCY1y91AsTJCTaF6DRa7cY/rYwvqHOc3XZZT86mes0MZmulGDt0V/0p7LdglZpBJrAXg9ANvIcBW8eQERleQPhszYPzQP3YUD6ogI3u6QRhR8uVSWqVrs5naVuNROTuZk/6ZG6rpXrzjniYLYT8TfT41fcL5JClDM51I96s9fJw3mfHFe9qlkWj9pdB76G44+mR+UHAvP96RQ35c6HmsLOu6I8PV0BM5+OzU0l5qVltmgs3Yr9RM5EwIDAQAB";
String privateKeyStr = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCsX0Ir+ozN6PW+J8UIg3Cn7tXii0S1WkI/RIh+VAy9eMWoPIy5ZlLh6nBtnYPoqjmfcY+0dez29xW/DaRoaua4oNtsBJDJWVUJjXL3UCxMkJNoXoNFrtxj+tjC+oc5zddllPzqZ6zQxma6UYO3RX/Snst2CVmkEmsBeD0A28hwFbx5ARGV5A+GzNg/NA/dhQPqiAje7pBGFHy5VJapWuzmdpW41E5O5mT/pkbqulevOOeJgthPxN9PjV9wvkkKUMznUj3qz18nDeZ8cV72qWRaP2l0Hvobjj6ZH5QcC8/3pFDflzoeaws67ojw9XQEzn47NTSXmpWW2aCzdiv1EzkTAgMBAAECggEAdWAsfCwRw4lWBZWpOwHeLcyaArkZIXED2Xc+ht+PCVp7JfONVBZUbBgrVMlE8KMxt9wpohYHNajNOxr8EEpzL9gBco2tVh6ppGaYmcYTVFPCvPhW5ZWL590By8uzV25OtZJ9otTUPhpMC6XEToFZ6D9PhuIZE3ujOA37ZGFFHOTfOaumAO/JOAywib+PzyqVOeqbLn9fxeMwiV7FQv4tfykmRjdidyXF51T1GYhKS4U15Rj9UEx5PUJlc36SWY/9bWOGSoEZd+JhzlXP88kK2kttiWj/exX8FYWFbeaRhPkK4YQ6+i3MbNxqz0NRJaEKQmCFtw1fSRC6NzlvuYZ7AQKBgQDybNJZf0M0x9NltOIzycu6MyOTIeO3tCUapQlxa5e7KzZS7j320f+juTNw4O3pt5Cklsb5CwGZPn/09RXC67ULRCtPHPHz69n19dNa1tVofu4jUT/UYTfe54xnGBtx1XMBEhWVJkucd6aaUr5yiO50uavPRHZmoUUA92aM0wr4gQKBgQC2BjkamkTxwvNFior8VDAHq376mXewBf6ybSS5lMamiOvqYpCONeCPMJOK84QYFSJI3c1iFKcKpm5rt41kNfE6uEkPjC4zFUZAhafdKi03V3VG3ZzSxFytWzt4wztf/TNq96JZynZHY837qh4D+UuouWNOKdmXMY+IvM2Sk3sHkwKBgQC0WAQ8FBJ5B1baSLAmeq6WPEjwwbtYBCm+Ipxdxf7AfKsTEq0CGsMklzgPdyVGQwrVhl1LE8cCq54hKtofgZ3TXckiN5Q/M2uYMGIlJ8Dm1dZua5kic5hOuM6YOzTfgDznxP5NUInbQp+sGnYXWoqaRy3rKTEztDFTQLkHdlCpAQKBgQCxUFSWLotUuuTB7FjBvrze69eRBKiL5vsaEqoAwgXVOnId65AHiEJNGjPP2rHlx8iTFMW6coXaIRBVjAOHB+kKm3RIWfSzPFkoB0rjbe+IBoEu3DilNDVXhhTj6cLQGdXZsIsNTuVzW6zPKAN/OXzTSmyLOsdEujmpKMpUq6fgUwKBgGHOzITAmMZXn3D9Yh4foPy2kNc9ME/Q2z0A5AKdY4HtZ1hmsmsGjUTPbtGXIJRxYeQHwoDI1xQKbvRJXaG33ulNnvuMl0XSr4XA7uYoAgSL1I+3xrTxTShAsDb42uE5KCsd969cyNfeNdwxF7S8KH0yKcUy5BqOdX4pUlrEQHnI";
String ciphertext = encryptData("君不见黄河之水天上来,奔流到海不复回。君不见高堂明镜悲白发,朝如青丝暮成雪。人生得意须尽欢,莫使金樽空对月。五花马,千金裘,呼儿将出换美酒。与尔同消万古愁。岑夫子丹丘生,将进酒,杯莫停,与君歌一曲,请军为我倾耳听,钟鼓馔玉不足贵,但愿长醉不复醒。", publicKeyStr);
System.out.println(ciphertext);
String data = decryptData(ciphertext, privateKeyStr);
System.out.println(data);
}
}