非对称加密算法
非对称加密算法的密钥,一把公开,称为公钥,一把保密,称为私钥。非对称加密算法解决了对称加密算法密钥分配的问题,极大的提高了算法的安全性。非堆成加密算法的代表算法:RSA算法,广泛的被使用到各个方面
-
RSA算法实现
算法 密钥长度 密钥长度默认值 工作模式 填充模式 备注 RSA 512-65536 1024 ECB NoPadding
PKCS1Pdaaing
OAEPWITHMD5AndMGF1Padding
OAEPWITHSHA1AndMGF1Padding
OAEPWITHSHA256AndMGF1Padding
OAEPWITHSHA394AndMGF1Padding
OAEPWITHSHA512AndMGF1Paddingjava 7实现 RSA 512-65536 2048 NONE NoPadding
PKCS1Pdaaing
OAEPWITHMD5AndMGF1Padding
OAEPWITHSHA1AndMGF1Padding
OAEPWITHSHA256AndMGF1Padding
OAEPWITHSHA394AndMGF1Padding
OAEPWITHSHA512AndMGF1Padding
ISO9796-1 PaddingBouncy Castle实现 算法实现:
/** * @Author: zxx * @Description: RSA加密解密 * 注意:大部分情况下约定的是公钥加密,私钥解密 */ public class RSAUtil { /** * 算法常量: RSA */ private static final String ALGORITHM_RSA = "RSA"; /** * 公钥 */ private static final String PUBLICKEY = "RSAPublicKey"; /** * 私钥 */ private static final String PRIVATEKEY = "RSAPrivateKey"; /** * RSA密钥长度 */ private static final int KEY_SIZE = 1024; /** * 公钥加密,公钥的都是使用X509EncodedKeySpec规约 * @return */ public static byte[] encryptByPublicKey(byte[] data, byte[] key){ byte[] rbyte = null; try { X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //获取公钥 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE,publicKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 公钥解密 * @return */ public static byte[] decryptByPublicKey(byte[] data, byte[] key){ byte[] rbyte = null; try { X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //获取公钥 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE,publicKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 私钥加密,私钥的都是使用PKCS8EncodedKeySpec规约 * @return */ public static byte[] encryptByPrivateKey(byte[] data, byte[] key){ byte[] rbyte = null; try { PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //获取公钥 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE,privateKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 私钥解密 * @return */ public static byte[] decryptByPrivateKey(byte[] data, byte[] key){ byte[] rbyte = null; try { PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //获取公钥 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE,privateKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 获取公钥 * @return */ public static byte[] getPublicKey(Map<String,Object> keyMap){ Key key =(Key) keyMap.get(PUBLICKEY); return key.getEncoded(); } /** * 获取私钥 * @return */ public static byte[] getPrivateKey(Map<String,Object> keyMap){ Key key =(Key) keyMap.get(PRIVATEKEY); return key.getEncoded(); } /** * 初始化密钥 * @return */ public static Map<String,Object> initKey(){ Map<String,Object> keyMap = null; try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA); keyPairGenerator.initialize(KEY_SIZE); //生成密钥对 KeyPair keyPair = keyPairGenerator.genKeyPair(); //获取公钥和私钥 RSAPublicKey publicKey =(RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey =(RSAPrivateKey) keyPair.getPrivate(); //公钥和私钥放到Map中 keyMap = new HashMap<>(2); keyMap.put(PUBLICKEY,publicKey); keyMap.put(PRIVATEKEY,privateKey); }catch (Exception e){ e.printStackTrace(); } return keyMap; } }
如果涉及到使用证书,以下是加载证书代码:
/** * @Author: zxx * @Description: 证书加载 */ public class CertUtil { /** * 获取私钥 * @param keyStorePath * @param password * @param alias * @return * @throws Exception */ private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath, String password, String alias) throws Exception { KeyStore ks = getKeyStore(keyStorePath,password); return (PrivateKey) ks.getKey(alias,password.toCharArray()); } /** * 获取公钥 * @param keyStorePath * @param password * @param alias * @return * @throws Exception */ private static PublicKey getPublicKeyByKeyStore(String keyStorePath, String password, String alias) throws Exception { Certificate certificate = getCertificate(keyStorePath); return certificate.getPublicKey(); } /** * 获取Certificate * @param keyStorePath * @return */ private static Certificate getCertificate(String keyStorePath) throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); FileInputStream inputStream = new FileInputStream(keyStorePath); Certificate certificate = certificateFactory.generateCertificate(inputStream); inputStream.close(); return certificate; } /** * 获得KeyStore * @param keyStorePath * @param password * @return */ private static KeyStore getKeyStore(String keyStorePath, String password) throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream inputStream = new FileInputStream(keyStorePath); keyStore.load(inputStream,password.toCharArray()); inputStream.close(); return keyStore; } }
证书如何生成:
以生成PKCS8为例,使用的是支付宝开放平台助手来生产: