public class RsaTest {
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeySpecException {
// key必须是16位,如果加密key不变,则加密后的结果不变
String keyStr = "1234567890123456";
byte[] key = keyStr.getBytes(StandardCharsets.UTF_8);
AES aes = SecureUtil.aes(key);
// 身份证
String cardNo = "123456789012345678";
//给身份证加密
String aCiphertext = aes.encryptBase64(cardNo);
System.out.println("身份证加密后,aKey:" + aCiphertext);//dXzNDNxckOrb7uz2ON0AALdB3876BYz3rv3cUutdHRc=
//身份证解密
String aDecrypt = aes.decryptStr(aCiphertext);
System.out.println("身份证解密后得到:" + aDecrypt);
// RSA 加密
String content = "需要加密的内容";
// 为RSA算法创建一个KeyPairGenerator对象
KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("No such algorithm-->[" + "RSA" + "]");
}
// 初始化KeyPairGenerator对象,密钥长度
kpg.initialize(1024);
// 生成密匙对
KeyPair keyPair = kpg.generateKeyPair();
// 得到公钥
Key publicKey = keyPair.getPublic();
String publicKeyStr = org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString(publicKey.getEncoded());
// 得到私钥
Key privateKey = keyPair.getPrivate();
String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());
// map装载公钥和私钥 , 如果公钥、私钥不变,则加密结果相同
Map<String, String> keys = new HashMap();
keys.put("publicKey", publicKeyStr);
//keys.put("publicKey", "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkNvwilBg9hS0jN2TL6koM9inu7H6vdBZ_c9G1P6UU1RaEWuaKqjvK0Hw5obT_0dTic2qlWyAk3LtuSae9R8c0yVylkUsKgvMKi29Pm13jnOl3kdt-z0YHemWtX9mozrL4xNEj-fB_c3fOxnbAQVc-tCXdDlMYPoJWYn7-EvRWdQIDAQAB");
keys.put("privateKey", privateKeyStr);
//keys.put("privateKey", "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKQ2_CKUGD2FLSM3ZMvqSgz2Ke7sfq90Fn9z0bU_pRTVFoRa5oqqO8rQfDmhtP_R1OJzaqVbICTcu25Jp71HxzTJXKWRSwqC8wqLb0-bXeOc6XeR237PRgd6Za1f2ajOsvjE0SP58H9zd87GdsBBVz60Jd0OUxg-glZifv4S9FZ1AgMBAAECgYBuhouhgmfmUFKXF1uCXAjHPI_wvcBuuwXBduS4x0OHB_0FzGDLB9UCptxVtd8rJ8HPQLuQ3AqAhQiqLGz32u3aJtKywUpWJHgOFGxNrh4EZdVdyXw8iu1HMg8L-THLpYtYtdB0CakcNZqdv_eNuC1Y1-6ZwsAVbplWKkBwG4oBKQJBANwd5dO2v7nJgy55Zc-5BHI6-Ru9fAE6-0Y80UjxyuZW1Syc1AVM9V4Rnbvv8sjTY4NtEaE4IOWNdLEr5r_1Y-cCQQC-_CMKnGLAEpD1qiPRcw_HdqFKQ7kaYr2OZMnLfoCHx_JThFWPsdcj_xZXQVKnrl405GHKoGovxO1fPtuABSdDAkEAporwg3l4Iuf3G0i64aoJVSyNopGBq6SmzgPiDaD0dccpT7HxMXmDBQOrJrFsLsrSNnRlrGe9bDHVIuAmnQLb7QJAbXefrilNAMKji-vlc9v7o1x_vk1q_5CxDbj_YUA0857LastjL2XD5sIDUCgE9E-hd7efxcCEnLTHSdyBe7N4eQJBANYMrPPBPr-2do4ngEDrvxwqbL6E4IL7npoTosySjHqURltj3p22qGQ4B1znA_8R3rCRfkDqgvFih02gT5GxvoE");
System.out.println("生成的公钥:" + keys.get("publicKey"));
//MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkNvwilBg9hS0jN2TL6koM9inu7H6vdBZ_c9G1P6UU1RaEWuaKqjvK0Hw5obT_0dTic2qlWyAk3LtuSae9R8c0yVylkUsKgvMKi29Pm13jnOl3kdt-z0YHemWtX9mozrL4xNEj-fB_c3fOxnbAQVc-tCXdDlMYPoJWYn7-EvRWdQIDAQAB
System.out.println("生成的私钥:" + keys.get("privateKey"));
//MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKQ2_CKUGD2FLSM3ZMvqSgz2Ke7sfq90Fn9z0bU_pRTVFoRa5oqqO8rQfDmhtP_R1OJzaqVbICTcu25Jp71HxzTJXKWRSwqC8wqLb0-bXeOc6XeR237PRgd6Za1f2ajOsvjE0SP58H9zd87GdsBBVz60Jd0OUxg-glZifv4S9FZ1AgMBAAECgYBuhouhgmfmUFKXF1uCXAjHPI_wvcBuuwXBduS4x0OHB_0FzGDLB9UCptxVtd8rJ8HPQLuQ3AqAhQiqLGz32u3aJtKywUpWJHgOFGxNrh4EZdVdyXw8iu1HMg8L-THLpYtYtdB0CakcNZqdv_eNuC1Y1-6ZwsAVbplWKkBwG4oBKQJBANwd5dO2v7nJgy55Zc-5BHI6-Ru9fAE6-0Y80UjxyuZW1Syc1AVM9V4Rnbvv8sjTY4NtEaE4IOWNdLEr5r_1Y-cCQQC-_CMKnGLAEpD1qiPRcw_HdqFKQ7kaYr2OZMnLfoCHx_JThFWPsdcj_xZXQVKnrl405GHKoGovxO1fPtuABSdDAkEAporwg3l4Iuf3G0i64aoJVSyNopGBq6SmzgPiDaD0dccpT7HxMXmDBQOrJrFsLsrSNnRlrGe9bDHVIuAmnQLb7QJAbXefrilNAMKji-vlc9v7o1x_vk1q_5CxDbj_YUA0857LastjL2XD5sIDUCgE9E-hd7efxcCEnLTHSdyBe7N4eQJBANYMrPPBPr-2do4ngEDrvxwqbL6E4IL7npoTosySjHqURltj3p22qGQ4B1znA_8R3rCRfkDqgvFih02gT5GxvoE
String sCiphertext = null;
try {
RSAPrivateKey rSAPrivateKey = RSAUtils.getPrivateKey(keys.get("privateKey"));
sCiphertext = RSAUtils.privateEncrypt(content, rSAPrivateKey);
} catch (Exception e) {
System.out.println("发生异常" + e.getMessage());
}
System.out.println("加密后得到密文:" + sCiphertext);
//mr5fkld7DT02IvX93JvT97lTFyn1NK6GtaOc26ODIBp6IYfZyO0t6bXCE0U5rqgu-vA_XOIt04YYTen6S_3zyzABd5cjgxphbclaeXUVxdn1hB3MZuyYblhnTOGKwv7fcRI9SjQey_GtuTLxMCfdCLWabC3c97D35VRc3PuUbnY
System.out.println("密文长度:" + sCiphertext.length());
//171
//RSA解密
RSAPublicKey rSAPublicKey = RSAUtils.getPublicKey(keys.get("publicKey"));
String sDecrypt = RSAUtils.publicDecrypt(sCiphertext, rSAPublicKey);
System.out.println("解密后得到原文:" + sDecrypt);
}
}
public class RSAUtils {
public static final String RSA_ALGORITHM = "RSA";
public static final String CHARSET = "UTF-8";
/**
* 创建公私钥
* @param keySize 密钥长度,单位为 bit 。
* 密钥长度的选择是安全性和程序性能平衡的结果,密钥长度越长,安全性越好,加密解密所需时间越长。
* 密钥长度增长一倍,公钥操作所需时间增加约 4 倍,私钥操作所需时间增加约 8 倍,公私钥生成时间约增长 16 倍
* @return
*/
public static Map<String, String> createKeys(int keySize) {
// 为RSA算法创建一个KeyPairGenerator对象
KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM);
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]");
}
// 初始化KeyPairGenerator对象,密钥长度
kpg.initialize(keySize);
// 生成密匙对
KeyPair keyPair = kpg.generateKeyPair();
// 得到公钥
Key publicKey = keyPair.getPublic();
String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());
// 得到私钥
Key privateKey = keyPair.getPrivate();
String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());
// map装载公钥和私钥
Map<String, String> keyPairMap = new HashMap<String, String>();
keyPairMap.put("publicKey", publicKeyStr);
keyPairMap.put("privateKey", privateKeyStr);
// 返回map
return keyPairMap;
}
/**
* 得到公钥
* @param publicKey 密钥字符串(经过base64编码)
* @throws Exception
*/
public static RSAPublicKey getPublicKey(String publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
// 通过X509编码的Key指令获得公钥对象
KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));
RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
return key;
}
/**
* 得到私钥
* @param privateKey 密钥字符串(经过base64编码)
* @throws Exception
*/
public static RSAPrivateKey getPrivateKey(String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
// 通过PKCS#8编码的Key指令获得私钥对象
KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));
RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);
return key;
}
/**
* 公钥加密
* @param data
* @param publicKey
* @return
*/
public static String publicEncrypt(String data, RSAPublicKey publicKey) {
try {
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));
} catch (Exception e) {
throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e);
}
}
/**
* 私钥解密
* @param data
* @param privateKey
* @return
*/
public static String privateDecrypt(String data, RSAPrivateKey privateKey) {
try {
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), privateKey.getModulus().bitLength()), CHARSET);
} catch (Exception e) {
throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);
}
}
/**
* 私钥加密
* @param data
* @param privateKey
* @return
*/
public static String privateEncrypt(String data, RSAPrivateKey privateKey) {
try {
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
//每个Cipher初始化方法使用一个模式参数opmod,并用此模式初始化Cipher对象。此外还有其他参数,包括密钥key、包含密钥的证书certificate、算法参数params和随机源random。
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), privateKey.getModulus().bitLength()));
} catch (Exception e) {
throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e);
}
}
/**
* 公钥解密
* @param data
* @param publicKey
* @return
*/
public static String publicDecrypt(String data, RSAPublicKey publicKey) {
try {
Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);
} catch (Exception e) {
throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);
}
}
//rsa切割解码 , ENCRYPT_MODE,加密数据 ,DECRYPT_MODE,解密数据
private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize) {
int maxBlock = 0; //最大块
if (opmode == Cipher.DECRYPT_MODE) {
maxBlock = keySize / 8;
} else {
maxBlock = keySize / 8 - 11;
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] buff;
int i = 0;
try {
while (datas.length > offSet) {
if (datas.length - offSet > maxBlock) {
//可以调用以下的doFinal()方法完成加密或解密数据:
buff = cipher.doFinal(datas, offSet, maxBlock);
} else {
buff = cipher.doFinal(datas, offSet, datas.length - offSet);
}
out.write(buff, 0, buff.length);
i++;
offSet = i * maxBlock;
}
} catch (Exception e) {
throw new RuntimeException("加解密阀值为[" + maxBlock + "]的数据时发生异常", e);
}
byte[] resultDatas = out.toByteArray();
IOUtils.closeQuietly(out);
return resultDatas;
}
}