packagecom.ljq.test;importjava.io.ByteArrayOutputStream;importjava.security.Key;importjava.security.KeyFactory;importjava.security.KeyPair;importjava.security.KeyPairGenerator;importjava.security.PrivateKey;importjava.security.PublicKey;importjava.security.Signature;importjava.security.interfaces.RSAPrivateKey;importjava.security.interfaces.RSAPublicKey;importjava.security.spec.PKCS8EncodedKeySpec;importjava.security.spec.X509EncodedKeySpec;importjava.util.HashMap;importjava.util.Map;importjavax.crypto.Cipher;/***
* RSA公钥/私钥/签名工具包
*
*
* 罗纳德·李维斯特(Ron [R]ivest)、阿迪·萨莫尔(Adi [S]hamir)和伦纳德·阿德曼(Leonard [A]dleman)
*
*
* 字符串格式的密钥在未在特殊说明情况下都为BASE64编码格式
* 由于非对称加密速度极其缓慢,一般文件不使用它来加密而是使用对称加密,
* 非对称加密算法可以用来对对称加密的密钥加密,这样保证密钥的安全也就保证了数据的安全
*
*
*@authorIceWee
* @date 2012-4-26
*@version1.0*/
public classRSAUtils {/*** 加密算法RSA*/
public static final String KEY_ALGORITHM = "RSA";/*** 签名算法*/
public static final String SIGNATURE_ALGORITHM = "MD5withRSA";/*** 获取公钥的key*/
private static final String PUBLIC_KEY = "RSAPublicKey";/*** 获取私钥的key*/
private static final String PRIVATE_KEY = "RSAPrivateKey";/*** RSA最大加密明文大小*/
private static final int MAX_ENCRYPT_BLOCK = 117;/*** RSA最大解密密文大小*/
private static final int MAX_DECRYPT_BLOCK = 128;/***
* 生成密钥对(公钥和私钥)
*
*
*@return*@throwsException*/
public static Map genKeyPair() throwsException {
KeyPairGenerator keyPairGen=KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
KeyPair keyPair=keyPairGen.generateKeyPair();
RSAPublicKey publicKey=(RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey=(RSAPrivateKey) keyPair.getPrivate();
Map keyMap = new HashMap(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);returnkeyMap;
}/***
* 用私钥对信息生成数字签名
*
*
*@paramdata 已加密数据
*@paramprivateKey 私钥(BASE64编码)
*
*@return*@throwsException*/
public static String sign(byte[] data, String privateKey) throwsException {byte[] keyBytes =Base64Utils.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec= newPKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateK=keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature=Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateK);
signature.update(data);returnBase64Utils.encode(signature.sign());
}/***
* 校验数字签名
*
*
*@paramdata 已加密数据
*@parampublicKey 公钥(BASE64编码)
*@paramsign 数字签名
*
*@return*@throwsException
**/
public static boolean verify(byte[] data, String publicKey, String sign)throwsException {byte[] keyBytes =Base64Utils.decode(publicKey);
X509EncodedKeySpec keySpec= newX509EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicK=keyFactory.generatePublic(keySpec);
Signature signature=Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicK);
signature.update(data);returnsignature.verify(Base64Utils.decode(sign));
}/***
* 私钥解密
*
*
*@paramencryptedData 已加密数据
*@paramprivateKey 私钥(BASE64编码)
*@return*@throwsException*/
public static byte[] decryptByPrivateKey(byte[] encryptedData, String privateKey)throwsException {byte[] keyBytes =Base64Utils.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec= newPKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
Key privateK=keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateK);int inputLen =encryptedData.length;
ByteArrayOutputStream out= newByteArrayOutputStream();int offSet = 0;byte[] cache;int i = 0;//对数据分段解密
while (inputLen - offSet > 0) {if (inputLen - offSet >MAX_DECRYPT_BLOCK) {
cache=cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
}else{
cache= cipher.doFinal(encryptedData, offSet, inputLen -offSet);
}
out.write(cache,0, cache.length);
i++;
offSet= i *MAX_DECRYPT_BLOCK;
}byte[] decryptedData =out.toByteArray();
out.close();returndecryptedData;
}/***
* 公钥解密
*
*
*@paramencryptedData 已加密数据
*@parampublicKey 公钥(BASE64编码)
*@return*@throwsException*/
public static byte[] decryptByPublicKey(byte[] encryptedData, String publicKey)throwsException {byte[] keyBytes =Base64Utils.decode(publicKey);
X509EncodedKeySpec x509KeySpec= newX509EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK=keyFactory.generatePublic(x509KeySpec);
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicK);int inputLen =encryptedData.length;
ByteArrayOutputStream out= newByteArrayOutputStream();int offSet = 0;byte[] cache;int i = 0;//对数据分段解密
while (inputLen - offSet > 0) {if (inputLen - offSet >MAX_DECRYPT_BLOCK) {
cache=cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
}else{
cache= cipher.doFinal(encryptedData, offSet, inputLen -offSet);
}
out.write(cache,0, cache.length);
i++;
offSet= i *MAX_DECRYPT_BLOCK;
}byte[] decryptedData =out.toByteArray();
out.close();returndecryptedData;
}/***
* 公钥加密
*
*
*@paramdata 源数据
*@parampublicKey 公钥(BASE64编码)
*@return*@throwsException*/
public static byte[] encryptByPublicKey(byte[] data, String publicKey)throwsException {byte[] keyBytes =Base64Utils.decode(publicKey);
X509EncodedKeySpec x509KeySpec= newX509EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK=keyFactory.generatePublic(x509KeySpec);//对数据加密
Cipher cipher =Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicK);int inputLen =data.length;
ByteArrayOutputStream out= newByteArrayOutputStream();int offSet = 0;byte[] cache;int i = 0;//对数据分段加密
while (inputLen - offSet > 0) {if (inputLen - offSet >MAX_ENCRYPT_BLOCK) {
cache=cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
}else{
cache= cipher.doFinal(data, offSet, inputLen -offSet);
}
out.write(cache,0, cache.length);
i++;
offSet= i *MAX_ENCRYPT_BLOCK;
}byte[] encryptedData =out.toByteArray();
out.close();returnencryptedData;
}/***
* 私钥加密
*
*
*@paramdata 源数据
*@paramprivateKey 私钥(BASE64编码)
*@return*@throwsException*/
public static byte[] encryptByPrivateKey(byte[] data, String privateKey)throwsException {byte[] keyBytes =Base64Utils.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec= newPKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
Key privateK=keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateK);int inputLen =data.length;
ByteArrayOutputStream out= newByteArrayOutputStream();int offSet = 0;byte[] cache;int i = 0;//对数据分段加密
while (inputLen - offSet > 0) {if (inputLen - offSet >MAX_ENCRYPT_BLOCK) {
cache=cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
}else{
cache= cipher.doFinal(data, offSet, inputLen -offSet);
}
out.write(cache,0, cache.length);
i++;
offSet= i *MAX_ENCRYPT_BLOCK;
}byte[] encryptedData =out.toByteArray();
out.close();returnencryptedData;
}/***
* 获取私钥
*
*
*@paramkeyMap 密钥对
*@return*@throwsException*/
public static String getPrivateKey(MapkeyMap)throwsException {
Key key=(Key) keyMap.get(PRIVATE_KEY);returnBase64Utils.encode(key.getEncoded());
}/***
* 获取公钥
*
*
*@paramkeyMap 密钥对
*@return*@throwsException*/
public static String getPublicKey(MapkeyMap)throwsException {
Key key=(Key) keyMap.get(PUBLIC_KEY);returnBase64Utils.encode(key.getEncoded());
}
}