生成公钥、私钥对的openssl命令行:
genrsa -out private.pem 2048rsa -in private.pem -inform pem -out public.key -outform der -puboutrsa -in private.pem -inform pem -out private.key -outform derpkcs8 -topk8 -inform der -in private.key -out pkcs8_private.key -outform der -nocrypt
- 生成服务端私钥private.pem, 扩展名是pem, 即这个文件的内容是 human-readable的.
openssl> genrsa -out private.pem 2048
- 利用已经生成的密钥文件private.pem生成公钥文件public.key, 该文件是der格式的 ,即not-human-readable. 这条命令同时保证生成的公钥文件满足国际电联的X.509证书标准, 虽然public.key在这里只是个公钥文件并不是证书.
openssl> rsa -in private.pem -inform pem -out public.key -outform der -pubout
- 为了保护私钥的数据,防止被直接识别, 需要将pem文件转换成der文件, 转换之后的文件是not-human-readable.
openssl> rsa -in private.pem -inform pem -out private.key -outform der
- 最重要的一条, 要使得private.key符合PKCS#8标准, 需要使用pkcs8 命令行进行转换,转换后的密钥文件pkcs8_private.key可以直接为java使用.
pkcs8 -topk8 -inform der -in private.key -out pkcs8_private.key -outform der -nocrypt
测试代码:
package com.reindel.ciphers; import java.io.FileInputStream;import java.io.IOException;import java.security.GeneralSecurityException;import java.security.KeyFactory;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import javax.crypto.Cipher;import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils; public class RSACipher { public String encrypt(String rawText, String publicKeyPath, String transformation, String encoding) throws IOException, GeneralSecurityException { X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(publicKeyPath))); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.ENCRYPT_MODE, KeyFactory.getInstance("RSA").generatePublic(x509EncodedKeySpec)); return Base64.encodeBase64String(cipher.doFinal(rawText.getBytes(encoding))); } public String decrypt(String cipherText, String privateKeyPath, String transformation, String encoding) throws IOException, GeneralSecurityException { -
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(IOUtils.toByteArray(new FileInputStream(privateKeyPath))); Cipher cipher = Cipher.getInstance(transformation); cipher.init(Cipher.DECRYPT_MODE, KeyFactory.getInstance("RSA").generatePrivate(pkcs8EncodedKeySpec)); return new String(cipher.doFinal(Base64.decodeBase64(cipherText)), encoding); }}
package com.reindel.ciphers; import org.junit.Assert;import org.junit.Test;- import com.reindel.keys.RSAKeyPair;
-
public class RASACipherTest { private final String privateKeyPathName = "C://temp//pkcs8_private.key"; private final String publicKeyPathName = "C://temp//public.key"; private final String transformation = "RSA/ECB/PKCS1Padding"; private final String encoding = "UTF-8"; @Test public void testEncryptDecryptWithKeyPairFiles() throws Exception { try { String toBeEncrypt = " 2.John has a long mustache too; 3.John has a long mustache too; 4.John has a long mustache too; 5.John has a long mustache too; 6.John has a long mustache too; 7.John has a long mustache too; 8.John has a ;";
byte[] bytesToEncypt = toBeEncrypt.getBytes(); int length = bytesToEncypt.length; System.out.println("Bytes length = " + length); RSACipher rsaCipher = new RSACipher(); String encrypted = rsaCipher.encrypt(toBeEncrypt, publicKeyPathName, transformation, encoding); System.out.println("encrypted string: " + encrypted);
System.out.println("Before decrypt()"); String decrypted = rsaCipher.decrypt(encrypted, privateKeyPathName, transformation, encoding); System.out.println("decrypted string: " + decrypted); } catch(Exception exception) { System.out.println(exception.getMessage()); Assert.fail("The testEncryptDecryptWithKeyPairFiles() test failed because: " + exception.getMessage()); } }}
扫一扫
6652
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
