package com.fh.util;
import javax.crypto.Cipher;
import Decoder.BASE64Decoder;
import Decoder.BASE64Encoder;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
/**
* RSA加密工具类 使用PKCS1_PADDING填充,密钥长度1024
* 加解密结果在这里测试通过:http://tool.chacuo.net/cryptrsaprikey 注意加密内容的编码要一致,统一UTF-8比较好
*
* @author daxi
*/
public class RSAUtil {
public static final String KEY_ALGORTHM = "RSA";
public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
public static final String PUBLIC_KEY = "RSAPublicKey";// 公钥
public static final String PRIVATE_KEY = "RSAPrivateKey";// 私钥
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/** */
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 初始化密钥 RSA加密解密的实现,需要有一对公私密钥,公私密钥的初始化如下 非对称加密一般都用于加密对称加密算法的密钥,而不是直接加密内容
*
* @return
* @throws Exception
*/
public static Map<String, Object> initKey() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORTHM);
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 公钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
// 私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
/**
* 取得公钥,并转化为String类型
*
* @param keyMap
* @throws Exception
* @return-
*/
public static String getPublicKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return Coder.encryptBASE64(key.getEncoded());
}
/**
* 取得私钥,并转化为String类型
*
* @param keyMap
* @return
* @throws Exception
*/
public static String getPrivateKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return Coder.encryptBASE64(key.getEncoded());
}
/**
* 用私钥加密
*
* @param data 加密数据
* @param key 密钥
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String key) throws Exception {
byte[] keyBytes = Coder.decryptBASE64(key);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORTHM);
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
* 用私钥解密 * @param data 加密数据
*
* @param key 密钥
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data, String key) throws Exception {
byte[] keyBytes = Coder.decryptBASE64(key);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORTHM);
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
}
/**
* 用公钥加密
*
* @param data 加密数据
* @param key 密钥
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String key) throws Exception {
byte[] keyBytes = Coder.decryptBASE64(key);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORTHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);
// 对数据加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
* 用公钥解密
*
* @param data 加密数据
* @param key 密钥
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data, String key) throws Exception {
byte[] keyBytes = Coder.decryptBASE64(key);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORTHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
}
/**************************************************************************
* 通过RSA加密解密算法,我们可以实现数字签名的功能。我们可以用私钥对信息生 成数字签名,再用公钥来校验数字签名,当然也可以反过来公钥签名,私钥校验。
*************************************************************************/
/**
* 用私钥对信息生成数字签名
*
* @param data //加密数据
* @param privateKey //私钥
* @return
* @throws Exception
*/
public static String sign(byte[] data, String privateKey) throws Exception {
// 解密私钥
byte[] keyBytes = Coder.decryptBASE64(privateKey);
// 构造PKCS8EncodedKeySpec对象
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
// 指定加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORTHM);
// 取私钥匙对象
PrivateKey privateKey2 = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
// 用私钥对信息生成数字签名
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey2);
signature.update(data);
return Coder.encryptBASE64(signature.sign());
}
/**
* 校验数字签名
*
* @param data 加密数据
* @param publicKey 公钥
* @param sign 数字签名
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {
// 解密公钥
byte[] keyBytes = Coder.decryptBASE64(publicKey);
// 构造X509EncodedKeySpec对象
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyBytes);
// 指定加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORTHM);
// 取公钥匙对象
PublicKey publicKey2 = keyFactory.generatePublic(x509EncodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicKey2);
signature.update(data);
// 验证签名是否正常
return signature.verify(Coder.decryptBASE64(sign));
}
public static void main(String[] args) throws Exception {
// 生产密钥
Map<String, Object> keys = initKey();
String privatekey = RSAUtil.getPrivateKey(keys);
String publickey = RSAUtil.getPublicKey(keys);
// 打印私钥
//System.out.println("-----BEGIN PRIVATE KEY-----");
//System.out.println(privatekey);
//System.out.println("-----END PRIVATE KEY-----");
//System.out.println();
// 打印公钥
//System.out.println("-----BEGIN PUBLIC KEY-----");
//System.out.println(publickey);
//System.out.println("-----END PUBLIC KEY-----");
// RSA公钥加密
/*
* String message = "hello"; byte[] publicEncrypt =
* encryptByPublicKey(message.getBytes("UTF-8"),publickey.replace(" ",""));
* String publicBase = Coder.encryptBASE64(publicEncrypt);
* System.out.println("公钥加密:" + publicBase);
*
* //RSA私钥解密 byte[] messages = Coder.decryptBASE64(publicBase); String
* decryptedNaughty = new String(decryptByPrivateKey(messages,
* privatekey.replace(" ",""))); System.out.println("私钥解密"+decryptedNaughty);
*
* //RSA私钥加密 byte[] privateEncrypt =
* encryptByPrivateKey(message.getBytes("UTF-8"),privatekey.replace(" ",""));
* String privateBase = Coder.encryptBASE64(privateEncrypt);
* System.out.println("私钥加密"+privateBase);
*
* //RSA公钥解密 byte[] messages1 = Coder.decryptBASE64(privateBase); String
* decryptedNaughty1 = new String(decryptByPublicKey(messages1,
* publickey.replace(" ",""))); System.out.println("公钥解密"+decryptedNaughty1);
*/
syjm();
}
/***
* 测试加密
*/
public static void syjm() throws Exception {
String privatekey = "MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJKpBM8FQknWV4W+0uJrEkbR4pZS\r\n" +
"qBfxCDApe0NA2SAW7ZWL8OM0LWXP5XhYQCStnUGT5GLrqxUZzTxm/HfHpv7loKrW8RNwZBCOq2lS\r\n" +
"ekTGHSpytTgV7B9JdE1PNIlNmN4CM3wEwJfEWp3dFmXm6EEyn/pe009F+zEbDY6dQSQrAgMBAAEC\r\n" +
"gYBAoEglLY0TWmdA4WCuMz5fhLdTRGMcAbN4/Z56eUX0VQYmgv8IL4LdvWnBySmiv/pu3kuip3TB\r\n" +
"HJiKyFryMUFNn7c4wwe3bE7qTbxlI12HVNi2TM5juSwkcOnQoCSO36GUQnpTfircp1hUudmAudpE\r\n" +
"H3iB5q7KYvs9mOaVJQ892QJBANU5W1R+4bWjSvz06Yd9MrWobgTmk8dmwQ1gb5dryxvzpT7lLQtQ\r\n" +
"W+17mwByPWbdU4To1mvdESo6HqD5D9AnRt0CQQCwFR0xJ1i+BWMRs8dk6nv3TEbfCYG62ymxoOEB\r\n" +
"zTy1Gl43GT7T3gFd5X2U2FR5Yq3Wl9zoHUgVRMSb9XgKafKnAkBRJ7OLRX/DEpPIE6+O0igq3CCD\r\n" +
"3P8CNinkXYAbsftseB+9AJ1UYRGcIh+s285jCHpxa+2wwEN4PwbJXgKWx1xBAkBtxev6DdaUOFWH\r\n" +
"3rVrI4f/Jy1ztMCM1j8K/wnnjqTPHs4nuXRirx/ZAs4ksi0Ps8Y+Z1SP3Flo8QNFW2Xn0B83AkB4\r\n" +
"6voviQRiKWwUjX1xPikrLEWNmLw94MUvAcUb4kH2vvpsRBJzaWAP5/ZaF9QOMCokyYtWTF5Y88/w\r\n" +
"1PfezMdT";
String publickey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSqQTPBUJJ1leFvtLiaxJG0eKWUqgX8QgwKXtD\r\n" +
"QNkgFu2Vi/DjNC1lz+V4WEAkrZ1Bk+Ri66sVGc08Zvx3x6b+5aCq1vETcGQQjqtpUnpExh0qcrU4\r\n" +
"FewfSXRNTzSJTZjeAjN8BMCXxFqd3RZl5uhBMp/6XtNPRfsxGw2OnUEkKwIDAQAB";
// 公钥加密\
String message = "123";
byte[] publicEncrypt = encryptByPublicKey(message.getBytes("UTF-8"), publickey.replace(" ", ""));
String publicBase = Coder.encryptBASE64(publicEncrypt);
System.out.println("公钥加密:" + publicBase);
// RSA私钥解密
byte[] messages = Coder.decryptBASE64(publicBase);
String decryptedNaughty = new String(decryptByPrivateKey(messages, privatekey.replace(" ", "")));
System.out.println("私钥解密" + decryptedNaughty);
// RSA私钥加密
byte[] privateEncrypt = encryptByPrivateKey(message.getBytes("UTF-8"), privatekey.replace(" ", ""));
String privateBase = Coder.encryptBASE64(privateEncrypt);
System.out.println("私钥加密" + privateBase);
// RSA公钥解密
byte[] messages1 = Coder.decryptBASE64(privateBase);
String decryptedNaughty1 = new String(decryptByPublicKey(messages1, publickey.replace(" ", "")));
System.out.println("公钥解密" + decryptedNaughty1);
}
}
class Coder {
/**
* BASE64解密
*
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptBASE64(String key) throws Exception {
return (new BASE64Decoder()).decodeBuffer(key);
}
/**
* BASE64加密
*
* @param key
* @return
* @throws Exception
*/
public static String encryptBASE64(byte[] key) throws Exception {
return (new BASE64Encoder()).encodeBuffer(key);
}
}