1.后端生成公私密钥对
2.公钥给前端,前端用公钥给密码加密,登录的时候返回加密后的密码以及公钥
3.后端拿到前端返回的公钥,获取到对应的私钥,用私钥进行解密
import org.apache.commons.codec.binary.Base64;
import javax.crypto.Cipher;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
public class RSAUtil {
private static final String ALGORITHM_NAME = "RSA";
/**
* 生成秘钥对
* @return
* @throws NoSuchAlgorithmException
*/
public static Map<String, String> generateKeyPair(){
KeyPairGenerator keyPairGen = null;
try {
keyPairGen = KeyPairGenerator.getInstance(ALGORITHM_NAME);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
keyPairGen.initialize(1024,new SecureRandom());
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
String publicKey = new String(Base64.encodeBase64(rsaPublicKey.getEncoded()));
String privateKey = new String(Base64.encodeBase64((rsaPrivateKey.getEncoded())));
Map<String, String> keyMap = new HashMap<>();
keyMap.put("publicKey", publicKey);
keyMap.put("privateKey", privateKey);
return keyMap;
}
/**
* 加密
* @param string
* @param publicKey
* @return
* @throws Exception
*/
public static String encrypt(String string, String publicKey){
byte[] decoded = Base64.decodeBase64(publicKey);
RSAPublicKey pubKey = null;
try {
pubKey = (RSAPublicKey) KeyFactory.getInstance(ALGORITHM_NAME).generatePublic(new X509EncodedKeySpec(decoded));
Cipher cipher = null;
cipher = Cipher.getInstance(ALGORITHM_NAME);
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
return Base64.encodeBase64String(cipher.doFinal(string.getBytes("UTF-8")));
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
/**
*解密
* @param string
* @param privateKey
* @return
* @throws Exception
*/
public static String decrypt(String string, String privateKey){
try {
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey)));
Cipher cipher = Cipher.getInstance(ALGORITHM_NAME);
cipher.init(Cipher.DECRYPT_MODE, rsaPrivateKey);
return new String(cipher.doFinal(Base64.decodeBase64(string)));
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
}
//生成公私钥,返回公钥,用啥存储对应关系都行,这里用的redis
@RequestMapping(value = "/publicKey", method = RequestMethod.GET)
public Result<String> publicKey(){
Map<String, String> map = RSAUtil.generateKeyPair();
String publicKey = map.get("publicKey");
String privateKey = map.get("privateKey");
redisUtil.set(CommonConstant.PREFIX_RSA_KEY+publicKey,privateKey,60 * 3);
return Result.OK(publicKey);
}
//登录的时候传递加密后的密码的同时还需要传递回公钥,通过公钥获取对应的私钥
privateKey = redisUtil.get(CommonConstant.PREFIX_RSA_KEY+publicKey)
//私钥解密前端用公钥加密的密码
password = RSAUtil.decrypt(password, privateKeyObj.toString());