注意:
1、原生Java中支持的是der格式的公私钥,不支持pem格式的。
2、Java中使用X509EncodedKeySpec生成公钥对象PublicKey,使用PKCS8EncodedKeySpec生成私钥对象PrivateKey.
本文给出一个全流程,毫无保留的公私钥生成以及使用方法。
第一步、在Linux环境下生成公钥、私钥文件
依次在Linux中执行以下命令
# 使用RSA算法生成pem格式的私钥文件,指定密钥长度2048
openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:2048
# 使用RSA算法在上述私钥文件基础上生成pem格式的公钥文件
openssl rsa -pubout -in private_key.pem -out public_key.pem
执行完成后,会看到输出两份文件 private_key.pem, public_key.pem。
使用cat命令查看,会显示以下格式的数据,
private_key.pem
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDBe/3YqWsvaasE
jX+Gbn8tKTk/i1UxTKZo6GkwHwV3p4vQzYlKpN1r+5t391r4cToBBt2eLTGrP5f+
5V/LtGlsrVgQ9TrTg+LBtL673HGGB4DWN01jy6dgwyYZyuht8jCJ3pzc7TedEGka
+YDu/vLidv5HWE0wVgJ830fBszGCrC4MaTWi8Hj7/qeZOcpxMnfiLdsoAl5zYYcP
T9nMJ9gH0+N1EWTpoTuHQyNZVdnOHBIWJosi9LvhBrFaEuY4dA691Etm6v+yboIX
e7nBuqHM9jJivgpzQWgrF4PFjodXI3Adp9isx5yWGW78BwlYvADU2j9AJ688QVSr
PYRCaGPVAgMBAAECggEBALZA+qOtKrb1nU9jjh1uVkOPEksGD1Cp+BLX4cWfYwIM
A8rC4TE7zQrbbd36VWmzFkVDV1yZC7FY7O8A11TF84yYWF1Y8nmtQNrgS84f35u1
06l1XGPFwTuHd4tSM9DlEs27sRz2Iq3DeI4dOlNmOhoSpoFD7ym5ywwfMrOF/Pwt
Wj5xjUirYPHtg+v9htxEvePFUpxAN0pMO1tH45CWljJc0g32eBLHQAm/R7Y427rW
l2rsqSj31wM3jbv/iHnu351WVfk4ej4mltsqdV4TQILiFYH41EE1N/yXTt3C0N2/
22BtwyHPu9gZR53a3j7FOPuNFSXslXBhEetb1hxzQN0CgYEA6gSS0c0I/wkjK9Ki
bwCnQp5ptQzdb/zUUwDXYuDzCMA7pu5ihwpohZfyjLat47kbcfZcf/RmNqtlV1ny
Zh51cSfv2AUUj2s+Gv5/ItHC3BDotOhyRSBI58qqZ/yrZdL1AIpT2aIubegnUbZ3
fEFcynWTctrgsWVjy+mICeS2dusCgYEA06i1aTAzMz8+zVntq9LkoYaEkCCQod4u
IhcOySqNtiyyp4/5XYyvQ0PX/JSYhLhBgsU1WBiFKCDOb8+UBLNZbAIxWn+fdhoT
ZBvUhBd5BB+90YbTlJ1UrpDGCWWpaGJkx8MYdx7bQqSva8vzf8PCp+X872yjn5Bm
N/glab57YD8CgYEAy0xp2AWNeTIQ8fMs1c31gHRqVLT2cmFseydR9j6CI+oMaHrT
8YjjQJu+ROw2qIyZASoLNcW2Pmwrv/UOFhUD5efR/xJ6yBVcgMry2+bqp4+w+eit
zMu9SlDQNUJWDEF2Qp/pNDomp6h08BHaP4HxAJmgHLl1VedFCVK5sg6VTT0CgYA2
9iY1bFi/Q/sQ4/s9lQPdlcqyimJERieAnrAuOKiX17+El3RPgIq6UtGxOvzn6djJ
FmClwahCJVK14hczqUbdLyyVrXJA/sBuTHPA4T+BfKST1gj3HGuy8NEb+5QkEPjO
jrC5rf+NrKoIues/EBxp8OTfXzyV4K9KdVtxvA7ZjQKBgQDmb0iMbuDlDr5U6T6V
jtESmXkc9v0Iki48YUKDkjuaR3ZOVdlc458pFob2lP6XgG9NR+nyI7DBnDiCdj4O
fdYQGDxe0esnBjrN9hzhli2s8vqJ3y0tUwDeXhUWKaoWNUJ84F/KsL+HWlSFrMSN
5wKsKBwct9OFepY8VLh5R6PHDQ==
-----END PRIVATE KEY-----
public_key.pem
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwXv92KlrL2mrBI1/hm5/
LSk5P4tVMUymaOhpMB8Fd6eL0M2JSqTda/ubd/da+HE6AQbdni0xqz+X/uVfy7Rp
bK1YEPU604PiwbS+u9xxhgeA1jdNY8unYMMmGcrobfIwid6c3O03nRBpGvmA7v7y
4nb+R1hNMFYCfN9HwbMxgqwuDGk1ovB4+/6nmTnKcTJ34i3bKAJec2GHD0/ZzCfY
B9PjdRFk6aE7h0MjWVXZzhwSFiaLIvS74QaxWhLmOHQOvdRLZur/sm6CF3u5wbqh
zPYyYr4Kc0FoKxeDxY6HVyNwHafYrMeclhlu/AcJWLwA1No/QCevPEFUqz2EQmhj
1QIDAQAB
-----END PUBLIC KEY-----
接着执行下面两条命令进行pem格式向der格式转换,
# pem私钥文件转换为der格式
openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem -out private_key.der -nocrypt
# pem公钥文件转换为der格式
openssl rsa -pubin -inform PEM -outform DER -in public_key.pem -out public_key.der
执行完成后,会看到输出两份文件 private_key.der,public_key.der
这两份文件非文本文件,是二进制文件,不能使用文本编辑器肉眼识别,且看下在Windows中的显示形式,
第二步、Java中加载公钥、私钥文件并进行加密、解密
环境:maven项目中,jdk1.8u191。本示例使用纯JDK工具,不需要额外引入其它jar。
1、向classpath下放入生成的两份der格式的公私钥文件,示例位置,
2、编写Java代码实现公私钥文件加载以及加解密,直接上完整代码,纯干货,
package com.frank.project.test.rsa;
import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
/**
* 公私钥加解密(success)
*/
public class RSAUtil {
private static final String ALGORITHM = "RSA";
public static void main(String[] args) throws Exception {
// 在classpath下的公私钥文件
String pubKeyFilename = "keys/public_key.der";
String priKeyFilename = "keys/private_key.der";
// 需要加密为文本
String text = "假把式大法师发送发送方";
// encrypt进行rsa加密,外层包裹base64加密
String encryptedString = Base64.getEncoder().encodeToString(encrypt(text, pubKeyFilename));
System.out.println("Encrypted String - " + encryptedString);
// 先base64解密,再decrypt rsa解密
System.out.println("Decrypted String - " + decrypt(Base64.getDecoder().decode(encryptedString.getBytes()), priKeyFilename));
}
/**
* 从公钥文件中读取公钥数据
* @param pubKeyFilename classpath下的公钥文件(.der格式)路径
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String pubKeyFilename) throws Exception {
InputStream in = null;
try {
// load key file from classpath
in = RSAUtil.class.getClassLoader().getResourceAsStream(pubKeyFilename);
if(null == in){
throw new FileNotFoundException(pubKeyFilename);
}
byte[] keyBytes = new byte[in.available()];
in.read(keyBytes);
KeyFactory kf = KeyFactory.getInstance(ALGORITHM);
// 使用X509生成公钥对象
X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(keyBytes);
return kf.generatePublic(keySpecX509);
} finally {
if(null != in){
in.close();
}
}
}
/**
* 从私钥文件中读取私钥数据
* @param priKeyFilename classpath下的私钥文件(.der格式)路径
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String priKeyFilename) throws Exception {
InputStream in = null;
try {
in = RSAUtil.class.getClassLoader().getResourceAsStream(priKeyFilename);
if(null == in){
throw new FileNotFoundException(priKeyFilename);
}
byte[] keyBytes = new byte[in.available()];
in.read(keyBytes);
// 使用PKCS8生成私钥对象
KeyFactory kf = KeyFactory.getInstance(ALGORITHM);
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(keyBytes);
return kf.generatePrivate(keySpecPKCS8);
} finally {
if(null != in){
in.close();
}
}
}
/**
* 使用公钥加密
* @param data 明文
* @param pubKeyFilename classpath下的公钥文件(.der格式)路径
* @return
* @throws Exception
*/
private static byte[] encrypt(String data, String pubKeyFilename) throws Exception {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, getPublicKey(pubKeyFilename));
return cipher.doFinal(data.getBytes());
}
/**
* 使用私钥解密
* @param data RSA密文字节数组
* @param priKeyFilename classpath下的公钥文件(.der格式)路径
* @return
* @throws Exception
*/
private static String decrypt(byte[] data, String priKeyFilename) throws Exception {
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, getPrivateKey(priKeyFilename));
return new String(cipher.doFinal(data));
}
}
控制台输出,
上述展示了公钥加密、私钥解密流程,使用私钥加密、公钥解密也可以,只需要微调下上面代码,
// 使用私钥加密,使用公钥解密
encryptedString = Base64.getEncoder().encodeToString(encryptUsePrivateKey(text, priKeyFilename));
decryptedString = decryptUsePublicKey(Base64.getDecoder().decode(encryptedString.getBytes()), pubKeyFilename);
...
private static byte[] encryptUsePrivateKey(String data, String priKeyFilename) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, getPrivateKey(priKeyFilename));
return cipher.doFinal(data.getBytes());
}
private static String decryptUsePublicKey(byte[] data, String pubKeyFilename) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, getPublicKey(pubKeyFilename));
return new String(cipher.doFinal(data));
}