padding值给弄对,加密的bytes上限117,但是有空的话会加上padding,所以加密过来的字符串其实不止是117;要满足2的7次方,才是一个完整的block。输入的bytes,加密后的长度其实不止是117;其实一个block的size应该是128。解密的时候要把block的size要传对。
package com.winplan365.othink.rest.tool;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.winplan365.othink.rest.dto.CryptoDto;
import org.apache.tomcat.util.codec.binary.Base64;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
public class RSAUtil {
private static Map<Integer, String> KEY_MAP = new HashMap<>();
private static String PRIVATE_KEY_STR;
private static String PUBLIC_KEY_STR;
private static int MAX_ENCRYPT_BLOCK = 117;
private static int MAX_DECRYPT_BLOCK = 128;
static {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.genKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
String privateKeyStr = new String(Base64.encodeBase64(privateKey.getEncoded()));
String publicKeyStr = new String(Base64.encodeBase64(publicKey.getEncoded()));
KEY_MAP.put(0, privateKeyStr);
KEY_MAP.put(1, publicKeyStr);
PRIVATE_KEY_STR = KEY_MAP.get(0);
PUBLIC_KEY_STR = KEY_MAP.get(1);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
public static String encrypt(String str, String publicKeyStr) throws Exception {
byte[] decoded = Base64.decodeBase64(publicKeyStr);
PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded));
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] inputArray = str.getBytes(StandardCharsets.UTF_8);
int inputLength = inputArray.length;
int offset = 0;
byte[] resultBytes = {};
byte[] cache = {};
while (inputLength - offset > 0) {
if (inputLength - offset > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(inputArray, offset, MAX_ENCRYPT_BLOCK);
offset += MAX_ENCRYPT_BLOCK;
} else {
cache = cipher.doFinal(inputArray, offset, inputLength - offset);
offset = inputLength;
}
resultBytes = Arrays.copyOf(resultBytes, resultBytes.length + cache.length);
System.arraycopy(cache, 0, resultBytes, resultBytes.length - cache.length, cache.length);
}
String outStr = Base64.encodeBase64String(resultBytes);
return outStr;
}
public static String decrypt(String str, String privateKeyStr) throws Exception {
byte[] inputBytes = Base64.decodeBase64(str.getBytes(StandardCharsets.UTF_8));
byte[] decoded = Base64.decodeBase64(privateKeyStr);
PrivateKey privateKey = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded));
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
int inputLength = inputBytes.length;
int offset = 0;
byte[] cache = {};
while (inputLength - offset > 0) {
if (inputLength - offset > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(inputBytes, offset, MAX_DECRYPT_BLOCK);
offset += MAX_DECRYPT_BLOCK;
} else {
cache = cipher.doFinal(inputBytes, offset, inputLength - offset);
offset = inputLength;
}
byteArrayOutputStream.write(cache);
}
byteArrayOutputStream.close();
String outStr = new String(byteArrayOutputStream.toByteArray());
return outStr;
}
public static String encrypt(String str) throws Exception {
return encrypt(str, PUBLIC_KEY_STR);
}
public static String decrypt(String str) throws Exception {
return decrypt(str, PRIVATE_KEY_STR);
}
public static void main(String[] args) {
try {
String str = "Whenever I looked back, time blocked my path to retreat.";
String encryptedStr = RSAUtil.encrypt(str);
System.out.println(encryptedStr);
System.out.println(decrypt(encryptedStr));
CryptoDto cryptoDto = new CryptoDto("She will be loved.", System.currentTimeMillis() - 30000L);
ObjectMapper objectMapper = new ObjectMapper();
String decryptedStr = objectMapper.writeValueAsString(cryptoDto);
System.out.println(decryptedStr);
CryptoDto deserializedDto = objectMapper.readValue(decryptedStr, CryptoDto.class);
System.out.println(deserializedDto);
if (deserializedDto.getExpires() < System.currentTimeMillis()) {
System.out.println("Token expires.");
}
} catch (Exception e) {
e.printStackTrace();
}
}
}