1. AES
- 1.1 生成AES并保存至KeyStore
private static final String ANDROID_KEY_STORE = "AndroidKeyStore";
private static final String KEY_ALIAS = "PqSawSecret";
private static SecretKey createKeyStoreEntry() {
try {
KeyGenerator keyGenerator = KeyGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_AES, ANDROID_KEY_STORE);
KeyGenParameterSpec keyGenParameterSpec = new KeyGenParameterSpec.Builder(
KEY_ALIAS, KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE)
.build();
keyGenerator.init(keyGenParameterSpec);
return keyGenerator.generateKey();
} catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidAlgorithmParameterException e) {
throw new AssertionError(e);
}
}
- 1.2 AES 加密
private static final String CIPHER_TRANSFORMATION = "RSA/ECB/PKCS1Padding";
/**
* 加密
*
* @param data 要加密的数据
* @param alias KeyStore中的别名
* */
public byte[] encrypt(byte[] data, String alias){
try {
//取出密钥
KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) keyStore.getEntry(KEY_ALIAS, null);
SecretKey secretKey=entry.getSecretKey()
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] iv = cipher.getIV();
byte[] data = cipher.doFinal(data);
return cipher.doFinal(data);
} catch (Exception e) {
e.printStackTrace();
}
return null;
}
- 1.3 AES解密
//取出密钥
KeyStore.SecretKeyEntry entry = (KeyStore.SecretKeyEntry) keyStore.getEntry(KEY_ALIAS, null);
SecretKey secretKey=entry.getSecretKey()
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
cipher.init(Cipher.DECRYPT_MODE, secretKey, new GCMParameterSpec(128, iv));
cipher.doFinal(data)
RSA
- 1.1 老版方法
fun generateRSA() {
val endDate = Calendar.getInstance()
endDate.add(Calendar.YEAR, 10)
val build = KeyPairGeneratorSpec.Builder(appContext)
.setAlias("rsa")
.setStartDate(Calendar.getInstance().time)
.setSerialNumber(BigInteger.ONE)
.setEndDate(endDate.time)
.build()
val instance =
KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore")
instance.initialize(build)
val generateKey = instance.generateKeyPair()
val str = "need 加密 123.abc"
val public = generateKey.public
val privateKey = generateKey.private
val cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding")
cipher.init(Cipher.ENCRYPT_MODE, public)
//公钥 加密的字符字节数组
val encodeByte = cipher.doFinal(str.toByteArray())
//base64 加密字节数组 后的字符串
val encodeStr = String(Base64.encode(encodeByte, Base64.NO_WRAP))
Log.w("Debug", "RSATest-generateRSA:encodeStr $encodeStr ")
cipher.init(Cipher.DECRYPT_MODE, privateKey)
//将base64后的加密字符,转为加密后字节数组
val decodeByte = Base64.decode(encodeStr, Base64.NO_WRAP)
//私钥 解密加密字节数组
val decodeStr = cipher.doFinal(decodeByte)
Log.w("Debug", "RSATest-generateRSA:encodeStr ${String(decodeStr)} ")
}
- 1.2 新版方法
fun generateKey() {
val spec = KeyGenParameterSpec.Builder(
keyName,
KeyProperties.PURPOSE_ENCRYPT or KeyProperties.PURPOSE_DECRYPT
)
.setDigests(KeyProperties.DIGEST_SHA256)
.setKeySize(2048)
.setBlockModes(KeyProperties.BLOCK_MODE_ECB)
.setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1)
.build()
val pkg = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_RSA, KEYSTORE)
pkg.initialize(spec)
val genKeyPair = pkg.generateKeyPair()
Log.w(
"Debug",
"RSA-generateKey: public ${String(
Base64.encode(
genKeyPair.public.encoded,
Base64.NO_WRAP
)
)}"
)
val cipher =
Cipher.getInstance("RSA/ECB/PKCS1Padding")
cipher.init(Cipher.ENCRYPT_MODE, genKeyPair.public)
val encode = cipher.doFinal(str)
cipher.init(Cipher.DECRYPT_MODE, genKeyPair.private)
val doFinal = cipher.doFinal(encode)
Log.w("Debug", "RSA-generateKey:${String(doFinal)} ")
}
生成CSR
导包
implementation group: ‘org.bouncycastle’, name: ‘bcpkix-jdk15on’, version: ‘1.62’
@RunWith(AndroidJUnit4.class)
public class CSR {
byte[] bytes = "need 加密 123.abc".getBytes();
@Test
public void generate() throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException, OperatorCreationException, IOException {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
Log.w("Debug", "CSR-generate: pub key: "+toBase64(publicKey.getEncoded()));
Log.w("Debug", "CSR-generate: pri key: "+toBase64(privateKey.getEncoded()));
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE,publicKey);
byte[] encodeBytes = cipher.doFinal(this.bytes);
cipher.init(Cipher.DECRYPT_MODE,privateKey);
byte[] decodeBytes = cipher.doFinal(encodeBytes);
Log.w("Debug", "CSR-generate: "+new String(decodeBytes));
// 证书签名算法
String sigAlg = "SHA256withRSA";
// 各种基本信息
String params = "CN=test,C=CN";
PKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(
new X500Name(params), publicKey
);
// 签名算法
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder(sigAlg);
csBuilder.setProvider(new BouncyCastleProvider());
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest p10 = builder.build(signer);
PemObject pemObject = new PemObject("CERTIFICATE REQUEST", p10.getEncoded());
StringWriter str = new StringWriter();
JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(str);
jcaPEMWriter.writeObject(pemObject);
jcaPEMWriter.close();
str.close();
Log.w("Debug", "CSR-generate: "+str);
}
private String toBase64(byte[] bytes){
return new String(Base64.encode(bytes,Base64.NO_WRAP));
}
}