非对称加密算法 RSA过程 : 以甲乙双方为例
1、初始化密钥 构建密钥对,生成公钥、私钥保存到keymap中
KeyPairGenerator ---> KeyPair --> RSAPublicKey、RSAPrivateKey
2、甲方使用私钥加密, 加密后在用私钥对加密数据进行数据签名,然后发送给乙方
RSACoder.encryptByPrivateKey(data, privateKey);
RSACoder.sign(encodedData, privateKey);
3、乙方则通过公钥验证签名的加密数据,如果验证正确则在通过公钥对加密数据进行解密
RSACoder.verify(encodedData, publicKey, sign);
RSACoder.decryptByPublicKey(encodedData, publicKey);
4、乙方在通过公钥加密发送给甲方
RSACoder.encryptByPublicKey(decodedData, publicKey);
5、甲方通过私钥解密该数据
RSACoder.decryptPrivateKey(encodedData, privateKey);
流程图如下:
java代码实现如下:
package com.bank.utils;
import java.security.MessageDigest;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
public abstract class Coder {
public static final String KEY_SHA = "SHA";
public static final String KEY_MD5 = "MD5";
/**
* MAC算法可选以下多种算法
*
* <pre>
* HmacMD5
* HmacSHA1
* HmacSHA256
* HmacSHA384
* HmacSHA512
* </pre>
*/
public static final String KEY_MAC = "HmacMD5";
/**
* BASE64解密
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptBASE64( String key ) throws Exception{
return (new BASE64Decoder()).decodeBuffer(key);
}
/**
* BASE64加密
* @param key
* @return
* @throws Exception
*/
public static String encryptBASE64( byte[] key) throws Exception{
return (new BASE64Encoder()).encodeBuffer(key);
}
/**
* MD5 加密
* @param data
* @return
* @throws Exception
*/
public static byte[] encryptMD5( byte[] data) throws Exception {
MessageDigest md5 = MessageDigest.getInstance(KEY_MD5);
md5.update(data);
return md5.digest();
}
/**
* SHA 加密
* @param data
* @return
* @throws Exception
*/
public static byte[] encryptSHA( byte[] data) throws Exception {
MessageDigest sha = MessageDigest.getInstance(KEY_SHA);
sha.update(data);
return sha.digest();
}
/**
* 初始化HMAC密钥
*
* @return
* @throws Exception
*/
public static String initMacKey() throws Exception{
KeyGenerator keyGenerator = KeyGenerator.getInstance(KEY_MAC);
SecretKey secretKey = keyGenerator.generateKey();
return encryptBASE64(secretKey.getEncoded());
}
/**
* HMAC 加密
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptHMAC( byte[] data, String key) throws Exception{
SecretKey secretKey = new SecretKeySpec(decryptBASE64(key), KEY_MAC);
Mac mac = Mac.getInstance(secretKey.getAlgorithm());
mac.init(secretKey);
return mac.doFinal(data);
}
}
package com.bank.utils;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
public abstract class RSACoder extends Coder{
public static final String KEY_ALGORITHM = "RSA";
public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
private static final String PUBLIC_KEY = "RSAPublicKey";
private static final String PRIVATE_KEY = "RSAPrivatekey";
/**
* 用私钥对信息生成数字签名
* @param data 加密数据
* @param privateKey 私钥
* @return
* @throws Exception
*/
public static String sign(byte[] data, String privateKey) throws Exception {
//解密由base64编码的私钥
byte[] keyBytes = decryptBASE64(privateKey);
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
//取私钥对象
PrivateKey pKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
//用私钥生成数字签名
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(pKey);
signature.update(data);
return encryptBASE64(signature.sign());
}
/**
* 校验数字签名
* @param data 加密数据
* @param publicKey 公钥
* @param sign 数字签名
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, String publicKey, String sign) throws Exception{
//解密有base64编码的公钥
byte[] keyBytes = decryptBASE64(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
//取公钥对象
PublicKey pKey = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pKey);
signature.update(data);
//验证签名是否正常
return signature.verify(decryptBASE64(sign));
}
/**
* 解密
* 用私钥解密
* @param data 加密数据
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptPrivateKey(byte[] data, String key) throws Exception{
byte[] keyBytes = decryptBASE64(key);
//取得私钥
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory factory = KeyFactory.getInstance(KEY_ALGORITHM);
Key pKey = factory.generatePrivate(encodedKeySpec);
//对数据解密
Cipher cipher = Cipher.getInstance(factory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, pKey);
return cipher.doFinal(data);
}
/**
* 用公钥解密
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey( byte[] data, String key) throws Exception{
//解密
byte[] keyBytes = decryptBASE64(key);
//取得公钥
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key pKey = keyFactory.generatePublic(keySpec);
//对数据解密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, pKey);
return cipher.doFinal(data);
}
/**
* 用公钥加密
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey( byte[] data, String key) throws Exception{
byte[] keyBytes = decryptBASE64(key);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key pKey = keyFactory.generatePublic(keySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, pKey);
return cipher.doFinal(data);
}
/**
* 用私钥加密
* @param data
* @param key
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String key) throws Exception{
byte[] keyBytes = decryptBASE64(key);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateKey = keyFactory.generatePrivate(keySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 取得私钥
* @param keyMap
* @return
* @throws Exception
*/
public static String getPrivateKey( Map<String, Object> keyMap) throws Exception{
Key key = (Key) keyMap.get(PRIVATE_KEY);
return encryptBASE64(key.getEncoded());
}
/**
* 取得公钥
* @param keyMap
* @return
* @throws Exception
*/
public static String getPublicKey( Map<String, Object> keyMap) throws Exception{
Key key = (Key) keyMap.get(PUBLIC_KEY);
return encryptBASE64(key.getEncoded());
}
/**
* 初始化密钥
* @return
* @throws Exception
*/
public static Map<String, Object> initKey() throws Exception{
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//公钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
//私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PRIVATE_KEY, privateKey);
keyMap.put(PUBLIC_KEY, publicKey);
return keyMap;
}
}
package com.bank.test;
import java.util.Map;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import com.bank.utils.RSACoder;
public class RSACoderTest {
private String publicKey;
private String privateKey;
/*
* 非对称加密算法 RSA过程 : 以甲乙双方为例
* 1、初始化密钥 构建密钥对,生成公钥、私钥保存到keymap中
* KeyPairGenerator ---> KeyPair --> RSAPublicKey、RSAPrivateKey
* 2、甲方使用私钥加密, 加密后在用私钥对加密数据进行数据签名,然后发送给乙方
* RSACoder.encryptByPrivateKey(data, privateKey);
* RSACoder.sign(encodedData, privateKey);
* 3、乙方则通过公钥验证签名的加密数据,如果验证正确则在通过公钥对加密数据进行解密
* RSACoder.verify(encodedData, publicKey, sign);
* RSACoder.decryptByPublicKey(encodedData, publicKey);
*
* 4、乙方在通过公钥加密发送给甲方
* RSACoder.encryptByPublicKey(decodedData, publicKey);
* 5、甲方通过私钥解密该数据
* RSACoder.decryptPrivateKey(encodedData, privateKey);
*/
@Before
public void setUp() throws Exception {
Map<String , Object> keyMap = RSACoder.initKey();
publicKey = RSACoder.getPublicKey(keyMap);
privateKey = RSACoder.getPrivateKey(keyMap);
System.out.println("公钥:\n" + publicKey);
System.out.println("私钥:\n" + privateKey);
}
@Test
public void test() throws Exception{
String inputStr = "abc";
byte[] data = inputStr.getBytes();//每次的得到的字节数组是不一样的。
//第二步 私钥加密
byte[] encodedData = RSACoder.encryptByPrivateKey(data, privateKey);
//私钥进行数据签名
String sign = RSACoder.sign(encodedData, privateKey);
//第三步 公钥验证数字签名
boolean flag = RSACoder.verify(encodedData, publicKey, sign);
System.out.println("flag:" + flag);
//用公钥对数据解密
byte[] decodedData = RSACoder.decryptByPublicKey(encodedData, publicKey);
System.out.println("data:" + data + "加密数据:" + encodedData + " 解密数据:" + decodedData);
System.out.println("加密前数据-:" + new String(data) + " 解密后数据: " + new String(decodedData));
//第四步使用公钥加密数据
encodedData = RSACoder.encryptByPublicKey(decodedData, publicKey);
//第五步 使用私钥解密数据
decodedData = RSACoder.decryptPrivateKey(encodedData, privateKey);
System.out.println("data:" + data + "加密数据:" + encodedData + " 解密数据:" + decodedData);
System.out.println("加密前数据:" + inputStr + " 解密后数据: " + new String(decodedData));
}
@Test
public void test1() throws Exception{
System.out.println("私钥加密-----公钥解密");
String inputStr = "abc";
byte[] data = inputStr.getBytes();
System.out.println("data:" + data);
byte[] encodedData = RSACoder.encryptByPrivateKey(data, privateKey);
byte[] decodedData = RSACoder.decryptByPublicKey(encodedData, publicKey);
String outputStr = new String( decodedData );
System.out.println("加密前:" + inputStr +"\n 解密后:" + outputStr);
Assert.assertEquals(inputStr, outputStr);
System.out.println("私钥签名---公钥验证签名");
//产生签名
String sign = RSACoder.sign(encodedData, privateKey);
System.out.println("签名:\r" + sign);
//验证签名
boolean flag = RSACoder.verify(encodedData, publicKey, sign);
System.out.println("状态:\r" + flag);
Assert.assertTrue(flag);
}
}