加密的明文长度不能超过 (RSA密钥的长度-11),比如1024位的,明文长度不能超过117。
密文的长度总是密钥的长度的一半,比如1024位的,密文长度是64,如果是1032位,密文长度是65位
1024位=1024bit=128byte,128-11=117。
RSA加密内容的长度有限,和密钥长度有关,这是它的算法决定的。不过一般可以用RSA加密其他算法的密钥,比如用RSA加密DES的密钥,再用DES算法加密明文数据。
RSA一般还是用来签名比较多,如果只是签名用的话,加密明文的MD5值就可以了
java中默认填充方式是RSA/ECB/PKCS1Padding,Cipher.getInstance("RSA/ECB/PKCS1Padding");android不是
java
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
android
Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");
在服务端和客户端都使用
Cipher cipher = Cipher.getInstance("RSA/ECB/NoPadding");即可
参考:
http://stackoverflow.com/questions/6069369/rsa-encryption-difference-between-java-and-android
http://stackoverflow.com/questions/2956647/rsa-encrypt-with-base64-encoded-public-key-in-android
各种 padding 对输入数据长度的要求:
私钥加密:
RSA_PKCS1_PADDING RSA_size-11
RSA_NO_PADDING RSA_size-0
RSA_X931_PADDING RSA_size-2
公钥加密
RSA_PKCS1_PADDING RSA_size-11
RSA_SSLV23_PADDING RSA_size-11
RSA_X931_PADDING RSA_size-2
RSA_NO_PADDING RSA_size-0
RSA_PKCS1_OAEP_PADDING RSA_size-2 * SHA_DIGEST_LENGTH-2
- #include
- #include
- int main()
- {
- RSA *r;
- int bits=1024,ret,len,flen,padding,i;
- unsigned long e=RSA_3;
- BIGNUM *bne;
- unsigned char *key,*p;
- BIO *b;
- unsigned char from[500],to[500],out[500];
- bne=BN_new();
- ret=BN_set_word(bne,e);
- r=RSA_new();
- ret=RSA_generate_key_ex(r,bits,bne,NULL);
- if(ret!=1)
- {
- printf("RSA_generate_key_ex err!\n");
- return -1;
- }
- b=BIO_new(BIO_s_mem());
- ret=i2d_RSAPrivateKey_bio(b,r);
- key=malloc(1024);
- len=BIO_read(b,key,1024);
- BIO_free(b);
- b=BIO_new_file("rsa.key","w");
- ret=i2d_RSAPrivateKey_bio(b,r);
- BIO_free(b);
- 116
- flen=RSA_size(r);
- printf("please select private enc padding : \n");
- printf("1.RSA_PKCS1_PADDING\n");
- printf("3.RSA_NO_PADDING\n");
- printf("5.RSA_X931_PADDING\n");
- scanf("%d",&padding);
- if(padding==RSA_PKCS1_PADDING)
- flen-=11;
- else if(padding==RSA_X931_PADDING)
- flen-=2;
- else if(padding==RSA_NO_PADDING)
- flen=flen;
- else
- {
- printf("rsa not surport !\n");
- return -1;
- }
- for(i=0;i
- memset(&from[i],i,1);
- len=RSA_private_encrypt(flen,from,to,r,padding);
- if(len<=0)
- {
- printf("RSA_private_encrypt err!\n");
- return -1;
- }
- len=RSA_public_decrypt(len,to,out,r,padding);
- if(len<=0)
- {
- printf("RSA_public_decrypt err!\n");
- return -1;
- }
- if(memcmp(from,out,flen))
- {
- printf("err!\n");
- return -1;
- }
- printf("please select public enc padding : \n");
- printf("1.RSA_PKCS1_PADDING\n");
- 117
- printf("2.RSA_SSLV23_PADDING\n");
- printf("3.RSA_NO_PADDING\n");
- printf("4.RSA_PKCS1_OAEP_PADDING\n");
- scanf("%d",&padding);
- flen=RSA_size(r);
- if(padding==RSA_PKCS1_PADDING)
- flen-=11;
- else if(padding==RSA_SSLV23_PADDING)
- flen-=11;
- else if(padding==RSA_X931_PADDING)
- flen-=2;
- else if(padding==RSA_NO_PADDING)
- flen=flen;
- else if(padding==RSA_PKCS1_OAEP_PADDING)
- flen=flen-2 * SHA_DIGEST_LENGTH-2 ;
- else
- {
- printf("rsa not surport !\n");
- return -1;
- }
- for(i=0;i
- memset(&from[i],i+1,1);
- len=RSA_public_encrypt(flen,from,to,r,padding);
- if(len<=0)
- {
- printf("RSA_public_encrypt err!\n");
- return -1;
- }
- len=RSA_private_decrypt(len,to,out,r,padding);
- if(len<=0)
- {
- printf("RSA_private_decrypt err!\n");
- return -1;
- }
- if(memcmp(from,out,flen))
- {
- printf("err!\n");
- return -1;
- }
- printf("test ok!\n");
- RSA_free(r);
- return 0;
- }
复制代码