java rsa加密数据大小_RSA加密解密(无数据大小限制,php、go、java互通实现)

最新推荐文章于 2022-05-06 11:18:25 发布
最新推荐文章于 2022-05-06 11:18:25 发布
阅读量737 收藏 1
点赞数
文章标签: java rsa加密数据大小
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_29463881/article/details/114932717
版权

RSA加解密中必须考虑到的密钥长度、明文长度和密文长度问题。明文长度需要小于密钥长度,而密文长度则等于密钥长度。因此当加密内容长度大于密钥长度时,有效的RSA加解密就需要对内容进行分段。

这是因为,RSA算法本身要求加密内容也就是明文长度m必须0

这样,对于1024长度的密钥。128字节(1024bits)-减去11字节正好是117字节,但对于RSA加密来讲,padding也是参与加密的,所以,依然按照1024bits去理解,但实际的明文只有117字节了。

所以如果要对任意长度的数据进行加密,就需要将数据分段后进行逐一加密,并将结果进行拼接。同样,解码也需要分段解码,并将结果进行拼接。

Php实现

if (! function_exists('url_safe_base64_encode')) {

function url_safe_base64_encode ($data) {

return str_replace(array('+','/', '='),array('-','_', ''), base64_encode($data));

}

}

if (! function_exists('url_safe_base64_decode')) {

function url_safe_base64_decode ($data) {

$base_64 = str_replace(array('-','_'),array('+','/'), $data);

return base64_decode($base_64);

}

}

class XRsa

{

const CHAR_SET = "UTF-8";

const BASE_64_FORMAT = "UrlSafeNoPadding";

const RSA_ALGORITHM_KEY_TYPE = OPENSSL_KEYTYPE_RSA;

const RSA_ALGORITHM_SIGN = OPENSSL_ALGO_SHA256;

protected $public_key;

protected $private_key;

protected $key_len;

public function __construct($pub_key, $pri_key = null)

{

$this->public_key = $pub_key;

$this->private_key = $pri_key;

$pub_id = openssl_get_publickey($this->public_key);

$this->key_len = openssl_pkey_get_details($pub_id)['bits'];

}

/*

* 创建密钥对

*/

public static function createKeys($key_size = 2048)

{

$config = array(

"private_key_bits" => $key_size,

"private_key_type" => self::RSA_ALGORITHM_KEY_TYPE,

);

$res = openssl_pkey_new($config);

openssl_pkey_export($res, $private_key);

$public_key_detail = openssl_pkey_get_details($res);

$public_key = $public_key_detail["key"];

return [

"public_key" => $public_key,

"private_key" => $private_key,

];

}

/*

* 公钥加密

*/

public function publicEncrypt($data)

{

$encrypted = '';

$part_len = $this->key_len / 8 - 11;

$parts = str_split($data, $part_len);

foreach ($parts as $part) {

$encrypted_temp = '';

openssl_public_encrypt($part, $encrypted_temp, $this->public_key);

$encrypted .= $encrypted_temp;

}

return url_safe_base64_encode($encrypted);

}

/*

* 私钥解密

*/

public function privateDecrypt($encrypted)

{

$decrypted = "";

$part_len = $this->key_len / 8;

$base64_decoded = url_safe_base64_decode($encrypted);

$parts = str_split($base64_decoded, $part_len);

foreach ($parts as $part) {

$decrypted_temp = '';

openssl_private_decrypt($part, $decrypted_temp,$this->private_key);

$decrypted .= $decrypted_temp;

}

return $decrypted;

}

/*

* 私钥加密

*/

public function privateEncrypt($data)

{

$encrypted = '';

$part_len = $this->key_len / 8 - 11;

$parts = str_split($data, $part_len);

foreach ($parts as $part) {

$encrypted_temp = '';

openssl_private_encrypt($part, $encrypted_temp, $this->private_key);

$encrypted .= $encrypted_temp;

}

return url_safe_base64_encode($encrypted);

}

/*

* 公钥解密

*/

public function publicDecrypt($encrypted)

{

$decrypted = "";

$part_len = $this->key_len / 8;

$base64_decoded = url_safe_base64_decode($encrypted);

$parts = str_split($base64_decoded, $part_len);

foreach ($parts as $part) {

$decrypted_temp = '';

openssl_public_decrypt($part, $decrypted_temp,$this->public_key);

$decrypted .= $decrypted_temp;

}

return $decrypted;

}

/*

* 数据加签

*/

public function sign($data)

{

openssl_sign($data, $sign, $this->private_key, self::RSA_ALGORITHM_SIGN);

return url_safe_base64_encode($sign);

}

/*

* 数据签名验证

*/

public function verify($data, $sign)

{

$pub_id = openssl_get_publickey($this->public_key);

$res = openssl_verify($data, url_safe_base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN);

return $res;

}

}

Go实现

package xrsa

import (

"encoding/pem"

"encoding/base64"

"crypto/x509"

"crypto/rsa"

"crypto/rand"

"errors"

"crypto"

"io"

"bytes"

"encoding/asn1"

)

const (

CHAR_SET = "UTF-8"

BASE_64_FORMAT = "UrlSafeNoPadding"

RSA_ALGORITHM_KEY_TYPE = "PKCS8"

RSA_ALGORITHM_SIGN = crypto.SHA256

)

type XRsa struct {

publicKey *rsa.PublicKey

privateKey *rsa.PrivateKey

}

// 生成密钥对

func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error {

// 生成私钥文件

privateKey, err := rsa.GenerateKey(rand.Reader, keyLength)

if err != nil {

return err

}

derStream := MarshalPKCS8PrivateKey(privateKey)

block := &pem.Block{

Type: "PRIVATE KEY",

Bytes: derStream,

}

err = pem.Encode(privateKeyWriter, block)

if err != nil {

return err

}

// 生成公钥文件

publicKey := &privateKey.PublicKey

derPkix, err := x509.MarshalPKIXPublicKey(publicKey)

if err != nil {

return err

}

block = &pem.Block{

Type: "PUBLIC KEY",

Bytes: derPkix,

}

err = pem.Encode(publicKeyWriter, block)

if err != nil {

return err

}

return nil

}

func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) {

block, _ := pem.Decode(publicKey)

if block == nil {

return nil, errors.New("public key error")

}

pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)

if err != nil {

return nil, err

}

pub := pubInterface.(*rsa.PublicKey)

block, _ = pem.Decode(privateKey)

if block == nil {

return nil, errors.New("private key error!")

}

priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)

if err != nil {

return nil, err

}

pri, ok := priv.(*rsa.PrivateKey)

if ok {

return &XRsa {

publicKey: pub,

privateKey: pri,

}, nil

} else {

return nil, errors.New("private key not supported")

}

}

// 公钥加密

func (r *XRsa) PublicEncrypt(data string) (string, error) {

partLen := r.publicKey.N.BitLen() / 8 - 11

chunks := split([]byte(data), partLen)

buffer := bytes.NewBufferString("")

for _, chunk := range chunks {

bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk)

if err != nil {

return "", err

}

buffer.Write(bytes)

}

return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil

}

// 私钥解密

func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) {

partLen := r.publicKey.N.BitLen() / 8

raw, err := base64.RawURLEncoding.DecodeString(encrypted)

chunks := split([]byte(raw), partLen)

buffer := bytes.NewBufferString("")

for _, chunk := range chunks {

decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk)

if err != nil {

return "", err

}

buffer.Write(decrypted)

}

return buffer.String(), err

}

// 数据加签

func (r *XRsa) Sign(data string) (string, error) {

h := RSA_ALGORITHM_SIGN.New()

h.Write([]byte(data))

hashed := h.Sum(nil)

sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed)

if err != nil {

return "", err

}

return base64.RawURLEncoding.EncodeToString(sign), err

}

// 数据验签

func (r *XRsa) Verify(data string, sign string) error {

h := RSA_ALGORITHM_SIGN.New()

h.Write([]byte(data))

hashed := h.Sum(nil)

decodedSign, err := base64.RawURLEncoding.DecodeString(sign)

if err != nil {

return err

}

return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)

}

func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte {

info := struct {

Version int

PrivateKeyAlgorithm []asn1.ObjectIdentifier

PrivateKey []byte

}{}

info.Version = 0

info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1)

info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}

info.PrivateKey = x509.MarshalPKCS1PrivateKey(key)

k, _ := asn1.Marshal(info)

return k

}

func split(buf []byte, lim int) [][]byte {

var chunk []byte

chunks := make([][]byte, 0, len(buf)/lim+1)

for len(buf) >= lim {

chunk, buf = buf[:lim], buf[lim:]

chunks = append(chunks, chunk)

}

if len(buf) > 0 {

chunks = append(chunks, buf[:len(buf)])

}

return chunks

}

Java实现

package com.inspii;

import org.apache.commons.codec.binary.Base64;

import org.apache.commons.io.IOUtils;

import javax.crypto.Cipher;

import java.io.ByteArrayOutputStream;

import java.security.*;

import java.security.interfaces.RSAPublicKey;

import java.security.interfaces.RSAPrivateKey;

import java.security.spec.PKCS8EncodedKeySpec;

import java.security.spec.X509EncodedKeySpec;

import java.util.HashMap;

import java.util.Map;

public class XRsa {

public static final String CHARSET = "UTF-8";

public static final String RSA_ALGORITHM = "RSA";

public static final String RSA_ALGORITHM_SIGN = "SHA256WithRSA";

private RSAPublicKey publicKey;

private RSAPrivateKey privateKey;

public XRsa(String publicKey, String privateKey)

{

try {

KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);

//通过X509编码的Key指令获得公钥对象

X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));

this.publicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);

//通过PKCS#8编码的Key指令获得私钥对象

PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));

this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);

} catch (Exception e) {

throw new RuntimeException("不支持的密钥", e);

}

}

public static Map createKeys(int keySize){

//为RSA算法创建一个KeyPairGenerator对象

KeyPairGenerator kpg;

try{

kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM);

}catch(NoSuchAlgorithmException e){

throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]");

}

//初始化KeyPairGenerator对象,不要被initialize()源码表面上欺骗,其实这里声明的size是生效的

kpg.initialize(keySize);

//生成密匙对

KeyPair keyPair = kpg.generateKeyPair();

//得到公钥

Key publicKey = keyPair.getPublic();

String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());

//得到私钥

Key privateKey = keyPair.getPrivate();

String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());

Map keyPairMap = new HashMap();

keyPairMap.put("publicKey", publicKeyStr);

keyPairMap.put("privateKey", privateKeyStr);

return keyPairMap;

}

public String publicEncrypt(String data){

try{

Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);

cipher.init(Cipher.ENCRYPT_MODE, publicKey);

return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));

}catch(Exception e){

throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e);

}

}

public String privateDecrypt(String data){

try{

Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);

cipher.init(Cipher.DECRYPT_MODE, privateKey);

return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);

}catch(Exception e){

throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);

}

}

public String privateEncrypt(String data){

try{

Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);

cipher.init(Cipher.ENCRYPT_MODE, privateKey);

return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));

}catch(Exception e){

throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e);

}

}

public String publicDecrypt(String data){

try{

Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);

cipher.init(Cipher.DECRYPT_MODE, publicKey);

return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);

}catch(Exception e){

throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e);

}

}

public String sign(String data){

try{

//sign

Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN);

signature.initSign(privateKey);

signature.update(data.getBytes(CHARSET));

return Base64.encodeBase64URLSafeString(signature.sign());

}catch(Exception e){

throw new RuntimeException("签名字符串[" + data + "]时遇到异常", e);

}

}

public boolean verify(String data, String sign){

try{

Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN);

signature.initVerify(publicKey);

signature.update(data.getBytes(CHARSET));

return signature.verify(Base64.decodeBase64(sign));

}catch(Exception e){

throw new RuntimeException("验签字符串[" + data + "]时遇到异常", e);

}

}

private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){

int maxBlock = 0;

if(opmode == Cipher.DECRYPT_MODE){

maxBlock = keySize / 8;

}else{

maxBlock = keySize / 8 - 11;

}

ByteArrayOutputStream out = new ByteArrayOutputStream();

int offSet = 0;

byte[] buff;

int i = 0;

try{

while(datas.length > offSet){

if(datas.length-offSet > maxBlock){

buff = cipher.doFinal(datas, offSet, maxBlock);

}else{

buff = cipher.doFinal(datas, offSet, datas.length-offSet);

}

out.write(buff, 0, buff.length);

i++;

offSet = i * maxBlock;

}

}catch(Exception e){

throw new RuntimeException("加解密阀值为["+maxBlock+"]的数据时发生异常", e);

}

byte[] resultDatas = out.toByteArray();

IOUtils.closeQuietly(out);

return resultDatas;

}

}

参考

某一个吃货
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
RSA加解密Java&Android;解决长度限制亲测可用idea
03-16
RSA加解密,Java,Android前后端可以用,已经解决长度限制,本人用的idea,亲测可以用
JAVA利用RSA加密算法的长度限制问题解决方案注意: RSA加密明文最大长度117字节,解密要求密文最大长度为128字节,所以在加密和解密的过程中需要分块进行。 RSA加密明文的长度是有限制的,如
draven1122的博客
02-15 2万+
地址:http://blog.csdn.net/centralperk/article/details/8538697
too much data for RSA block .关于RSA算法密钥长度/密文长度/明文长度
www.jiav.net技术网站的加盟博客
01-29 1199
今天在做RSA加密的时候遇到了一个这样的错误:ArrayIndexOutOfBoundsException: too much data for RSA block 查询相关资料后得知该错误是加密数据过长导致的。 加密数据长度 <= 模长-11 解决办法:将要加密数据截取后分段加密 下面是关于RSA算法密钥长度/密文长度/明文长度的介绍 本文转自:http://blog.si...
Rsa加密解密.rar_RSA 加密解密_java rsa_rsa加密_rsa加密java_加密 解密
07-14
RSA解密加密JAVA
RSA密钥长度、明文长度和密文长度
thlzjfefe的博客
03-13 8958
本文介绍RSA加解密中必须考虑到的密钥长度、明文长度和密文长度问题,对第一次接触RSA的开发人员来讲,RSA算是比较复杂的算法,RSA算法自己其实也很简单,RSA的复杂度是由于数学家把效率和安全也考虑进去的缘故。html 本文先只谈密钥长度、明文长度和密文长度的概念知识,RSA的理论及示例等之后再谈。提到密钥,咱们不得不提到RSA的三个重要大数:公钥指数e、私钥指数d和模值n。这三个大数是咱们使用RSA时须要直接接触的,理解了本文的基础概念,即便未接触过RSA的开发人员也能应对自如的使用RSA相关函数库,
【IoT】加密与安全:非对称加密算法 RSA 1024 公钥、秘钥、明文和密文长度
热门推荐
产品线负责人
11-05 3万+
RSA 1024 是指公钥及私钥分别是 1024bit,也就是 1024/8 = 128Bytes。 RSA 原理 RSA 算法密钥长度的选择是安全性和程序性能平衡的结果,密钥长度越长,安全性越好,加密解密所需时间越长。 1、非对称加密算法中 1024bit 密钥的强度相当于对称加密算法 80bit 密钥的强度; 2、密钥长度增长一倍,公钥操作所需时间增加约 4 倍,私钥操作所需时间...
RSA java实现代码
phillip629的博客
11-04 459
import java.io.ByteArrayOutputStream; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.Public...
java 加密使长度变短
moty2011的博客
05-06 4625
加密
java rsa加密长度限制,对可以使用RSA加密数据量的限制是多少?
weixin_39743423的博客
02-16 459
Typically it is recommended that RSA be used to encrypt a symmetric key, which is then used to encrypt the "payload".What is the practical (or theoretical) limit to the amount of data that can be encr...
Java数据加密时密码的长度限制
weixin_33946020的博客
09-02 1208
2019独角兽企业重金招聘Python工程师标准>>> ...
RSA.rar_java RSA_rsa_rsa java_rsa加密解密
09-21
适合才接触RSA非对称加密解密的人。RSA基本加密和解密源码JAVA
RSA.rar_RSA算法Python_python实现加密_rsa加密_加密_加密解密
09-20
python实现RSA加密解密算法,带图形界面,key.py随机生成公钥私钥,消息可利用加密器解密器进行加密
RSA-Tool.rar_java RSA tool_rsa加密_rsa加密解密_tool
09-23
java RSA 不对称加密密钥生成、加密解密实例
RSA.zip_rsa_rsa java_rsa加密解密
09-21
RSA加密算法,用JAVA语言实现加密,解密
杭州电子科技大学数据结构(题目).pdf
04-26
杭州电子科技大学,期末考试资料,计算机专业期末考试试卷,试卷及答案,数据结构。
重庆大学 2010-2011(一)模拟电子技术A卷答案.pdf
最新发布
04-26
重庆大学期末考试试卷,重大期末考试试题,试题及答案
如何创意年会组织形式?.docx
04-26
年会班会资料,节目策划,游戏策划,策划案,策划方案,活动方案,筹办,公司年会,开场白,主持人,策划主题,主持词,小游戏。
基于Django框架的博客系统.zip
04-26
基于Django框架的博客系统.zip
【基于Springboot+Vue的Java毕业设计】校园服务平台项目实战(源码+录像演示+说明).rar
04-26
【基于Springboot+Vue的Java毕业设计】校园服务平台项目实战(源码+录像演示+说明).rar 【项目技术】 开发语言:Java 框架:Spingboot+vue 架构:B/S 数据库:mysql 【演示视频-编号:321】 https://pan.quark.cn/s/8dea014f4d36 【实现功能】 系统可以提供信息显示和相应服务,其管理员增删改查接单员和接单员资料,审核接单员预订订单,查看订单评价和评分,通过留言功能回复用户提问。
rsa文件加密 java_RSA对文件进行加密和解密
05-25
Java中,可以使用Java加密库来实现RSA加密和解密。下面是一个简单的示例代码: ```java import java.io.*; import java.security.*; import javax.crypto.*; public class RSAEncryption { private static ...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值