非对称加密
- 非对称加密需要两个秘钥,公钥和私钥
- 公钥和私钥必须是一对秘钥
- 如果由公钥加密,则必须由私钥解密;如果由私钥加密,则需要由公钥加密。
- 常见的算法RSA和ECC
生成秘钥对
String algorithm = "RSA";
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
byte[] privateKeyEncoded = privateKey.getEncoded();
byte[] publicKeyEncoded = publicKey.getEncoded();
String privateKeyString = Base64.encode(privateKeyEncoded);
String publicKeyString = Base64.encode(publicKeyEncoded);
System.out.println(privateKeyString);
System.out.println(publicKeyString);
加密和解密
public static String decryptRSA(String algorithm,Key key,String encrypted) throws Exception{
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.DECRYPT_MODE,key);
byte[] decode = Base64.decode(encrypted);
byte[] result= cipher.doFinal(decode);
System.out.println(new String(result));
return new String(bytes1);
}
public static String encryptRSA(String algorithm,Key key,String input) throws Exception{
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE,key);
byte[] bytes = cipher.doFinal(input.getBytes());
System.out.println(Base64.encode(bytes));
return Base64.encode(bytes);
}
保存公钥和私钥
private static void generateKeyToFile(String algorithm, String pubPath, String priPath) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
byte[] publicKeyEncoded = publicKey.getEncoded();
byte[] privateKeyEncoded = privateKey.getEncoded();
String publicKeyString = Base64.encode(publicKeyEncoded);
String privateKeyString = Base64.encode(privateKeyEncoded);
FileUtils.writeStringToFile(new File(pubPath), publicKeyString, Charset.forName("UTF-8"));
FileUtils.writeStringToFile(new File(priPath), privateKeyString, Charset.forName("UTF-8"));
}
读取公钥和私钥
public static PublicKey getPublicKey(String pulickPath,String algorithm) throws Exception{
String publicKeyString = FileUtils.readFileToString(new File(pulickPath), Charset.defaultCharset());
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
X509EncodedKeySpec spec = new X509EncodedKeySpec(Base64.decode(publicKeyString));
return keyFactory.generatePublic(spec);
}
public static PrivateKey getPrivateKey(String priPath,String algorithm) throws Exception{
String privateKeyString = FileUtils.readFileToString(new File(priPath), Charset.defaultCharset());
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.decode(privateKeyString));
return keyFactory.generatePrivate(spec);
}
生成签名和验证签名
public static String getSignature(String input, String algorithm, PrivateKey privateKey) throws Exception {
Signature signature = Signature.getInstance(algorithm);
signature.initSign(privateKey);
signature.update(input.getBytes());
byte[] sign = signature.sign();
return Base64.encode(sign);
}
public static boolean verifySignature(String input, String algorithm, PublicKey publicKey, String signaturedData) throws Exception {
Signature signature = Signature.getInstance(algorithm);
signature.initVerify(publicKey);
signature.update(input.getBytes());
return signature.verify(Base64.decode(signaturedData));
}