RSA 算法是一种非对称加解密算法。服务方生成一对 RSA 密钥,即公钥 + 私钥,将公钥提供给调用方,调用方使用公钥对数据进行加密后,服务方根据私钥进行解密。
我们要实现对数据加密,先使用sha256对数据算出哈希值,用于验证数据的完整性和真实性,保证不会被篡改,再放到RSA加密,最后通过base64转码
RSA工具代码
@Slf4j
public class RSAUtils {
/**
* 获取公钥的key
*/
private static final String PUBLIC_KEY = "RSAPublicKey";
/**
* 获取私钥的key
*/
private static final String PRIVATE_KEY = "RSAPrivateKey";
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 随机生成密钥对
*/
public static Map<String, String> genKeyPair() {
// KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象
KeyPairGenerator keyPairGen = null;
try {
keyPairGen = KeyPairGenerator.getInstance("RSA");
} catch (Exception e) {
e.printStackTrace();
}
// 初始化密钥对生成器,密钥大小为96-1024位
keyPairGen.initialize(1024);
// 生成一个密钥对,保存在keyPair中
KeyPair keyPair = keyPairGen.generateKeyPair();
// 得到私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
// 得到公钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
try {
// 使用Base64对公钥加密得到字符串
String publicKeyString = Base64Util.encode(publicKey.getEncoded());
// 使用Base64对私钥加密得到字符串
String privateKeyString = Base64Util.encode(privateKey.getEncoded());
Map<String, String> keyMap = new HashMap<String, String>(2);
keyMap.put(PUBLIC_KEY, publicKeyString);
keyMap.put(PRIVATE_KEY, privateKeyString);
return keyMap;
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* 从字符串中加载公钥
*
* @param publicKeyStr 公钥数据字符串
* @return RSAPublicKey 加载出来的公钥
* @throws Exception 加载公钥时产生的异常
*/
public static RSAPublicKey loadPublicKeyByStr(String publicKeyStr) {
try {
byte[] buffer = Base64Util.decode(publicKeyStr);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
return (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (Exception e) {
throw new RuntimeException();
}
}
/**
* 从字符串中加载私钥
*
* @param privateKeyStr 私钥数据字符串
* @return RSAPublicKey 加载出来的私钥
* @throws Exception 加载私钥时产生的异常
*/
public static RSAPrivateKey loadPrivateKeyByStr(String privateKeyStr) {
try {
byte[] buffer = Base64Util.decode(privateKeyStr);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (Exception e) {
log.error("loadPrivateKeyByStr :{}", e);
throw new RuntimeException();
}
}
/**
* 公钥加密过程
*
* @param publicKey 公钥
* @param data 明文数据
* @return byte[] 加密结果
* @throws Exception 加密过程中的异常信息
*/
public static byte[] encrypt(RSAPublicKey publicKey, byte[] data) {
if (publicKey == null) {
return null;
}
Cipher cipher = null;
try {
// 使用默认RSA
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
} catch (Exception e) {
throw new RuntimeException();
}
}
/**
* 私钥加密过程
*
* @param privateKey 私钥
* @param data 明文数据
* @return byte[] 加密结果
* @throws Exception 加密过程中的异常信息
*/
public static byte[] encrypt(RSAPrivateKey privateKey, byte[] data) {
if (privateKey == null) {
return null;
}
Cipher cipher = null;
try {
// 使用默认RSA
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
} catch (Exception e) {
log.error("encrypt error :{}", e);
throw new RuntimeException();
}
}
/**
* 私钥解密过程
*
* @param privateKey 私钥
* @param data 密文数据
* @return 明文
* @throws Exception 解密过程中的异常信息
*/
public static byte[] decrypt(RSAPrivateKey privateKey, byte[] data) {
if (privateKey == null) {
return null;
}
Cipher cipher = null;
try {
// 使用默认RSA
cipher = Cipher.getInstance("RSA");
// cipher= Cipher.getInstance("RSA", new BouncyCastleProvider());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
} catch (Exception e) {
log.error("decrypt error", e);
throw new RuntimeException();
}
}
/**
* 公钥解密过程
*
* @param publicKey 公钥
* @param data 密文数据
* @return 明文
* @throws Exception 解密过程中的异常信息
*/
public static byte[] decrypt(RSAPublicKey publicKey, byte[] data) {
if (publicKey == null) {
return null;
}
Cipher cipher = null;
try {
// 使用默认RSA
cipher = Cipher.getInstance("RSA");
// cipher= Cipher.getInstance("RSA", new BouncyCastleProvider());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
} catch (Exception e) {
log.error("decrypt error :{}", e);
throw new RuntimeException();
}
}
/**
* 获取私钥
*
* @param keyMap 密钥对
* @return
* @throws Exception
*/
public static String getPrivateKey(Map<String, String> keyMap) {
String privateKey = keyMap.get(PRIVATE_KEY);
return privateKey;
}
/**
* 获取公钥
*
* @param keyMap 密钥对
* @return
* @throws Exception
*/
public static String getPublicKey(Map<String, String> keyMap) {
String publicKey = keyMap.get(PUBLIC_KEY);
return publicKey;
}
public static void main(String[] args) {
Map<String, String> stringStringMap = genKeyPair();
//公钥
String publicKey = stringStringMap.get(PUBLIC_KEY);
//私钥
String privateKey = stringStringMap.get(PRIVATE_KEY);
log.info("获取RSA 信息 :{}", genKeyPair());
}
}
base64 工具类
public class Base64Util {
/**
* 使用Base64加密字符串
*
* @return 加密之后的字符串
* @throws Exception
*/
public static String encode(byte[] data) {
String encodedData = Base64.getEncoder().encodeToString(data);
return encodedData;
}
/**
* 使用Base64解密
*
* @return 解密之后的字符串
* @throws Exception
*/
public static byte[] decode(String data) {
byte[] decodedData = Base64.getDecoder().decode(data);
return decodedData;
}
}