有朋友私信我说,帖子(使用原生Java实现RSA加解密-非对称加密-CSDN博客)中生成RSA公钥、私钥是借助Linux命令完成的,那么Java代码能不能生成呢?笔者在这里明确告知答案:可以。
本篇(纯干货,完整代码)笔者将列出几种使用Java生成非对称加密算法RSA的公钥、私钥文件方法供大家参考。本篇介绍将会生成两种格式的公私钥文件,分别是pem格式、der格式。
方法一、使用原生Java API
1、使用原生Java生成pem格式的RSA公私钥文件
package com.frank.project.test.rsa;
import java.io.FileWriter;
import java.io.IOException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.Base64;
/**
* 原生Java生成RSA公私钥文件
*/
public class PureJavaGenerateRSAKey {
public static void main(String[] args) throws Exception {
generateRSAPemKeyFiles();
}
/**
* 生成RSA pem格式的公私钥文件
*
* @throws Exception
*/
private static void generateRSAPemKeyFiles() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
savePrivatePemFile(keyPair.getPrivate(), "D:/private_key_pure_java.pem");
savePublicPemFile(keyPair.getPublic(), "D:/public_key_pure_java.pem");
}
private static void savePrivatePemFile(Key key, String filename)
throws IOException {
String encoded = Base64.getEncoder().encodeToString(key.getEncoded());
FileWriter fileWriter = null;
try {
fileWriter = new FileWriter(filename);
fileWriter.write("-----BEGIN PRIVATE KEY-----\n");
fileWriter.write(encoded);
fileWriter.write("\n-----END PRIVATE KEY-----");
} finally {
if (null != fileWriter) {
fileWriter.close();
}
}
}
private static void savePublicPemFile(Key key, String filename)
throws IOException {
String encoded = Base64.getEncoder().encodeToString(key.getEncoded());
FileWriter fileWriter = null;
try {
fileWriter = new FileWriter(filename);
fileWriter.write("-----BEGIN PUBLIC KEY-----\n");
fileWriter.write(encoded);
fileWriter.write("\n-----END PUBLIC KEY-----");
} finally {
if (null != fileWriter) {
fileWriter.close();
}
}
}
}
2、使用原生Java生成der格式的RSA公私钥文件
import java.io.DataOutputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
...
/**
* 生成RSA der格式的公私钥文件
*/
private static void generateRSADerKeyFiles() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(2048);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
saveRSADerFile(keyPair.getPrivate(), "D:/private_key_pure_java.der");
saveRSADerFile(keyPair.getPublic(), "D:/public_key_pure_java.der");
}
private static void saveRSADerFile(Key key, String filename)
throws IOException {
byte[] keyBytes = key.getEncoded();
try (DataOutputStream dos = new DataOutputStream(new FileOutputStream(
filename))) {
dos.write(keyBytes);
}
}
方法二、使用bouncycastle工具API
maven需引入一下包,
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
<version>1.77</version>
</dependency>
1、Java使用bouncycastle工具包生成pem格式的RSA公私钥文件
package com.frank.project.test.rsa;
import java.io.FileWriter;
import java.io.IOException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.util.io.pem.PemObject;
public class BouncyCastleGenerateRSAKey {
public static void main(String[] args) throws Exception {
generateRSAPemKeyFiles();
}
/**
* 生成RSA pem格式的公私钥文件
*/
private static void generateRSAPemKeyFiles() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
savePrivatePemFile(keyPair.getPrivate(), "D:/private_key_bouncycastle.pem");
savePublicPemFile(keyPair.getPublic(), "D:/public_key_bouncycastle.pem");
}
private static void savePrivatePemFile(Key key, String filename)
throws IOException {
PemObject pemObject = new PemObject("PRIVATE KEY", key.getEncoded());
try (JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(filename))) {
pemWriter.writeObject(pemObject);
}
}
private static void savePublicPemFile(Key key, String filename)
throws IOException {
PemObject pemObject = new PemObject("PUBLIC KEY", key.getEncoded());
try (JcaPEMWriter pemWriter = new JcaPEMWriter(new FileWriter(filename))) {
pemWriter.writeObject(pemObject);
}
}
}
2、Java使用bouncycastle工具包生成der格式的RSA公私钥文件
package com.frank.project.test.rsa;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
public class BouncyCastleGenerateDerRSAKey {
public static void main(String[] args) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
saveDerFile(keyPair.getPrivate(), "D:/private_key_bouncycastle.der");
saveDerFile(keyPair.getPublic(), "D:/public_key_bouncycastle.der");
}
private static void saveDerFile(Key key, String filename)
throws IOException {
byte[] keyBytes;
// it's different for private key(pkcs), public key(x509)
if (key instanceof PrivateKey) {
keyBytes = PrivateKeyInfo.getInstance(key.getEncoded())
.getEncoded();
} else {
keyBytes = SubjectPublicKeyInfo.getInstance(key.getEncoded())
.getEncoded();
}
try (FileOutputStream fos = new FileOutputStream(filename)) {
fos.write(keyBytes);
}
}
}
方法三、使用Hutool工具API
需引入以下依赖,
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.26</version>
</dependency>
1、Java使用Hutool工具包生成pem格式的RSA公私钥文件
package com.frank.project.test.rsa;
import java.io.FileWriter;
import java.io.IOException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.util.Base64;
import cn.hutool.crypto.SecureUtil;
public class HutoolGeneratePemRSAKey {
public static void main(String[] args) throws Exception {
// use hutool's SecureUtil API generate private key, public key
KeyPair keyPair = SecureUtil.generateKeyPair("RSA", 4096, null);
savePemFile(keyPair.getPrivate(), "D:/private_key_hutool.pem");
savePemFile(keyPair.getPublic(), "D:/public_key_hutool.pem");
}
private static void savePemFile(Key key, String filename)
throws IOException {
String encodedKey = Base64.getEncoder()
.encodeToString(key.getEncoded());
String keyType = (key instanceof PrivateKey) ? "PRIVATE KEY"
: "PUBLIC KEY";
try (FileWriter writer = new FileWriter(filename)) {
writer.write("-----BEGIN " + keyType + "-----\n");
writer.write(encodedKey);
writer.write("\n-----END " + keyType + "-----");
writer.flush();
}
}
}
2、Java使用Hutool工具包生成der格式的RSA公私钥文件
package com.frank.project.test.rsa;
import java.security.KeyPair;
import cn.hutool.core.io.FileUtil;
import cn.hutool.crypto.SecureUtil;
public class HutoolGenerateDerRSAKey {
public static void main(String[] args) {
// 生成RSA密钥对
KeyPair keyPair = SecureUtil.generateKeyPair("RSA", 4096, null);
// 将公钥和私钥写入到DER文件
FileUtil.writeBytes(keyPair.getPublic().getEncoded(), "D:/public_key_hutool.der");
FileUtil.writeBytes(keyPair.getPrivate().getEncoded(), "D:/private_key_hutool.der");
}
}