java 使用pem密钥进行RSA加解密

转载自：https://www.cnblogs.com/vicent/p/3805722.html

1.使用openssl生成私钥和公钥

openssl下载地址：http://www.openssl.org/source

openssl生成私钥命令： genrsa -out rsa_private_key.pem 1024

openssl生成公钥命令： rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

2.此时在openssl安装目录下的bin文件夹可以看到 rsa_private_key.pem 和 rsa_public_key.pem 两个文件。这时候的私钥是不能直接使用的，需要进行 pkcs8 编码

openssl的pkcs8编码命令：pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt

那么在bin文件夹可以看到 pkcs8_rsa_private_key.pem 文件。至此，可用的密钥对已经生成好了，私钥使用pkcs8_rsa_private_key.pem，公钥采用rsa_public_key.pem。

3.使用密钥对进行签名、加解密

public class RSAPemCoder {
public static final String KEY_SHA = “SHA”;
public static final String KEY_MD5 = “MD5”;
public static final String KEY_ALGORITHM = “RSA”;
public static final String SIGNATURE_ALGORITHM = “MD5withRSA”;

/**
 * 用私钥对信息生成数字签名
 *
 * @param data 加密数据
 * @param privateKey 私钥
 * @return
 * @throws Exception
 */
public static String sign(byte[] data, PrivateKey privateKey) throws Exception {  
    Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
    signature.initSign(privateKey);
    signature.update(data);
    return encryptBASE64(signature.sign());
}

/**
 * 校验数字签名
 *
 * @param data 加密数据
 * @param publicKey 公钥
 * @param sign 数字签名
 * @return 校验成功返回true 失败返回false
 * @throws Exception
 */
public static boolean verify(byte[] data, PublicKey publicKey, String sign) throws Exception {
    Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
    signature.initVerify(publicKey);
    signature.update(data);
    return signature.verify(decryptBASE64(sign));
}

/**
 * 私钥解密
 *
 * @param data 密文
 * @param PrivateKey 私钥
 * @return
 * @throws Exception
 */
public static byte[] decryptByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
    KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
    Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
    cipher.init(Cipher.DECRYPT_MODE, privateKey);
    return cipher.doFinal(data);
}

/**
 * 用公钥解密
 *
 * @param data 密文
 * @param publicKey 公钥 
 * @return
 * @throws Exception
 */
public static byte[] decryptByPublicKey(byte[] data, PublicKey publicKey) throws Exception {
    KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
    Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
    cipher.init(Cipher.DECRYPT_MODE, publicKey);
    return cipher.doFinal(data);
}

/**
 * 用公钥加密
 *
 * @param data 明文
 * @param PublicKey 公钥
 * @return
 * @throws Exception
 */
public static byte[] encryptByPublicKey(byte[] data, PublicKey publicKey) throws Exception {
    KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
    Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
    cipher.init(Cipher.ENCRYPT_MODE, publicKey);
    return cipher.doFinal(data);
}

/**
 * 用私钥加密
 *
 * @param data 明文
 * @param privateKey 私钥
 * @return
 * @throws Exception
 */
public static byte[] encryptByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
    KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
    Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
    cipher.init(Cipher.ENCRYPT_MODE, privateKey);
    return cipher.doFinal(data);
}

public static PrivateKey getPrivateKeyFromPem() throws Exception {
    BufferedReader br = new BufferedReader(new FileReader("e:/pkcs8_privatekey.pem"));
    String s = br.readLine();
    String str = "";
    s = br.readLine();
    while (s.charAt(0) != '-') {
        str += s + "\r";
        s = br.readLine();
    }
    BASE64Decoder base64decoder = new BASE64Decoder();
    byte[] b = base64decoder.decodeBuffer(str);

    // 生成私匙  
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(b);
    PrivateKey privateKey = kf.generatePrivate(keySpec);
    return privateKey;
}

public static PublicKey getPublicKeyFromPem() throws Exception {
    BufferedReader br = new BufferedReader(new FileReader("e:/publickey.pem"));
    String s = br.readLine();
    String str = "";
    s = br.readLine();
    while (s.charAt(0) != '-') {
        str += s + "\r";
        s = br.readLine();
    }
    BASE64Decoder base64decoder = new BASE64Decoder();
    byte[] b = base64decoder.decodeBuffer(str);
    KeyFactory kf = KeyFactory.getInstance("RSA");
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(b);
    PublicKey pubKey = kf.generatePublic(keySpec);
    return pubKey;
}

public static byte[] decryptBASE64(String key) throws Exception {   
    return (new BASE64Decoder()).decodeBuffer(key);   
}   

public static String encryptBASE64(byte[] key) throws Exception {   
    return (new BASE64Encoder()).encodeBuffer(key);   
}   

public static byte[] encryptMD5(byte[] data) throws Exception {   

    MessageDigest md5 = MessageDigest.getInstance(KEY_MD5);   
    md5.update(data);   

    return md5.digest();   

}   

public static byte[] encryptSHA(byte[] data) throws Exception {   

    MessageDigest sha = MessageDigest.getInstance(KEY_SHA);   
    sha.update(data);   

    return sha.digest();   

}   

}