生成一对密钥
//RSA公钥私钥产生 GenRsaKey(bits值为:1024或2048)
func GenRsaKey(bits int) error {
// 生成私钥文件
privateKey, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return err
}
derStream := x509.MarshalPKCS1PrivateKey(privateKey)
block := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: derStream,
}
file, err := os.Create("private.pem")
if err != nil {
return err
}
err = pem.Encode(file, block)
if err != nil {
return err
}
// 生成公钥文件
publicKey := &privateKey.PublicKey
derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
if err != nil {
return err
}
block = &pem.Block{
Type: "PUBLIC KEY",
Bytes: derPkix,
}
file, err = os.Create("public.pem")
if err != nil {
return err
}
err = pem.Encode(file, block)
if err != nil {
return err
}
return nil
}
数据加密
func RSAEncryptOAEP(publicKeypem, labeltext, plaintext string) (ciphertext string) {
publicBlock, _ := pem.Decode([]byte(publicKeypem))
if publicBlock == nil {
panic("public key error")
}
pub, err := x509.ParsePKIXPublicKey(publicBlock.Bytes)
if err != nil {
panic("publicKey is not *rsa.PublicKey")
}
publicKey := pub.(*rsa.PublicKey)
rng := rand.Reader
secretMessage := []byte(plaintext)
label := []byte(labeltext)
cipherbyte, err := rsa.EncryptOAEP(sha256.New(), rng, publicKey, secretMessage, label)
if err != nil {
panic(fmt.Sprintf("Error from encryption: %s\n", err))
}
// 由于加密是随机函数,所以密文每次都不一样。
//fmt.Printf("Ciphertext: %x\n", cipherbyte)
ciphertext = fmt.Sprintf("%x", cipherbyte)
return
}
数据解密
func RSADecryptOAEP(privateKeypem, labeltext, ciphertext string) (plaintext string) {
privateBlock, _ := pem.Decode([]byte(privateKeypem))
if privateBlock == nil {
panic("private key error")
}
privateKey, err := x509.ParsePKCS1PrivateKey(privateBlock.Bytes)
if err != nil {
panic("privateKey is not *rsa.PrivateKey")
}
rng := rand.Reader
cipherByte, _ := hex.DecodeString(ciphertext)
label := []byte(labeltext)
plainbyte, err := rsa.DecryptOAEP(sha256.New(), rng, privateKey, cipherByte, label)
if err != nil {
panic(fmt.Sprintf("Error decrypting: %s\n", err))
}
plaintext = string(plainbyte)
return
}