关于非对称(RSA)加解密,签名与验签

 

签名是客户端用私钥对请求参数进行rsa签名算法后生成的字符串,验签是对服务端使用公钥对客户端的请求参数进行签名算法后和客户端的签名字符串进行比较是否相同,鉴别请求者身份的过程。

代码示例:

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.TreeMap;

import org.springframework.util.Base64Utils;

/**
 * 非对称加密算法 - RSA
 *
 * @author jie
 *
 */
public class RSA {
    /** RSA算法 */
    private static final String RSA_ALGORITHM = "RSA";
    /** RSA签名算法 */
    private static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA";
    /** RSA公钥key */
    public static final String RSA_PUBLIC_KEY = "RSA_PUBLIC_KEY";
    /** RSA私钥key */
    public static final String RSA_PRIVATE_KEY = "RSA_PRIVATE_KEY";

    /**
     * 生成RSA公私钥对:密钥格式PKCS8
     *
     * @param keysize
     *            密钥长度:1024, 2048
     * @return RSA公、私钥对Map<String, String>
     * @throws Exception
     */
    public static Map<String, String> generateKeyPair(Integer keysize) throws Exception {
        // 生成RSA Key
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM);
        keyPairGenerator.initialize(keysize);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        // Key --> Base64
        String publicKeyBase64 = Base64Utils.encodeToUrlSafeString(publicKey.getEncoded());
        String privateKeyBase64 = Base64Utils.encodeToUrlSafeString(privateKey.getEncoded());

        Map<String, String> ret = new HashMap<String, String>();
        ret.put(RSA_PUBLIC_KEY, publicKeyBase64);
        ret.put(RSA_PRIVATE_KEY, privateKeyBase64);
        return ret;
    }

    /**
     * RSA私钥签名:签名方式SHA1withRSA
     *
     * @param data
     *            待签名byte[]
     * @param privateKeyBase64
     *            私钥(Base64编码)
     * @return 签名byte[]
     * @throws Exception
     */
    public static byte[] sign(byte[] data, String privateKeyBase64) throws Exception {
        // Base64 --> Key
        byte[] bytes = Base64Utils.decodeFromUrlSafeString(privateKeyBase64);
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);
        KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
        PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
        // Sign
        Signature signature = Signature.getInstance(RSA_SIGNATURE_ALGORITHM);
        signature.initSign(privateKey);
        signature.update(data);
        return signature.sign();
    }

    /**
     * RSA公钥验签
     *
     * @param data
     *            待签名字符串
     * @param publicKeyBase64
     *            公钥(Base64编码)
     * @return 验签结果
     * @throws Exception
     */
    public static boolean verify(byte[] data, String publicKeyBase64, String sign) throws Exception {
        // Base64 --> Key
        byte[] bytes = Base64Utils.decodeFromUrlSafeString(publicKeyBase64);
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes);
        KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
        PublicKey publicKey = keyFactory.generatePublic(keySpec);
        // verify
        Signature signature = Signature.getInstance(RSA_SIGNATURE_ALGORITHM);
        signature.initVerify(publicKey);
        signature.update(data);
        return signature.verify(Base64Utils.decodeFromUrlSafeString(sign));
    }

    public static void main(String[] args) {
        try {
            // 0. 生成公、私钥对
            Map<String, String> keyPair = RSA.generateKeyPair(1024);
            System.out.println("私钥:" + keyPair.get(RSA_PRIVATE_KEY));
            System.out.println("公钥:" + keyPair.get(RSA_PUBLIC_KEY));

            // 将参数进行字典排序
            StringBuilder sb = new StringBuilder();
            Map<String, String> map = new TreeMap<String, String>();
            map.put("orderId", "10086");
            map.put("mobile", "18888888888");
            // 组成待签名字符串
            sb.delete(0, sb.length()); // 清空StringBuilder
            for (Map.Entry<String, String> entry : map.entrySet()) {
                if (sb.toString().contains("="))
                    sb.append("&");
                sb.append(entry.getKey() + "=" + entry.getValue());
            }
            String signContent = sb.toString();
            System.out.println("待签名内容:" + signContent);

            // 1. 用私钥生成签名
            byte[] signBytes = RSA.sign(signContent.getBytes(), keyPair.get(RSA_PRIVATE_KEY));
            String sign = Base64Utils.encodeToUrlSafeString(signBytes);
            System.out.println("签名:" + sign);

            // 2. 用公钥进行验签
            boolean verify = RSA.verify(signContent.getBytes(), keyPair.get(RSA_PUBLIC_KEY), sign);
            System.out.println("验签结果:" + verify);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

加解密是对报文加密解密,避免被恶意截取,使用公钥进行加密,私钥进行解密

示例代码:

import javax.crypto.Cipher;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;

public class RSAEncrypt {



    private static final String ALGO = "RSA";
    private static final String CHARSET = "UTF-8";

    /*
     * 用于存储随机产生的公钥与私钥
     */
    private static Map<Integer, String> KEY_CACHE = new HashMap<>();

    /**
     * 随机生成密钥对
     *
     * @throws NoSuchAlgorithmException
     */
    private static void generateKeyPair() throws NoSuchAlgorithmException {
        // KeyPairGenerator 类用于生成公钥和私钥对,基于RSA算法生成对象
        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGO);
        // 初始化密钥对生成器,密钥大小为 96-1024 位
        keyPairGen.initialize(1024, new SecureRandom());
        // 生成一个密钥对,保存在 keyPair 中
        KeyPair keyPair = keyPairGen.generateKeyPair();
        // 得到私钥
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        // 得到公钥
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        String publicKeyString = new String(Base64.getEncoder().encode(publicKey.getEncoded()));
        // 得到私钥字符串
        String privateKeyString = new String(Base64.getEncoder().encode((privateKey.getEncoded())));
        // 将公钥和私钥保存到 Map
        KEY_CACHE.put(0, publicKeyString);
        KEY_CACHE.put(1, privateKeyString);
    }

    /**
     * RSA公钥加密
     *
     * @param data       加密字符串
     * @param publicKey 公钥
     * @return 密文
     * @throws Exception 加密过程中的异常信息
     */
    private static String encrypt(String data, String publicKey) throws Exception {
        // base64 编码的公钥
        byte[] decoded = Base64.getDecoder().decode(publicKey);
        RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(ALGO).generatePublic(new X509EncodedKeySpec(decoded));
        // RSA加密
        Cipher cipher = Cipher.getInstance(ALGO);
        // 公钥加密
        cipher.init(Cipher.ENCRYPT_MODE, pubKey);
        return Base64.getEncoder().encodeToString(cipher.doFinal(data.getBytes(CHARSET)));
    }

    /**
     * RSA私钥解密
     *
     * @param data        加密字符串
     * @param privateKey 私钥
     * @return 铭文
     * @throws Exception 解密过程中的异常信息
     */
    private static String decrypt(String data, String privateKey) throws Exception {
        byte[] inputByte = Base64.getDecoder().decode(data.getBytes(CHARSET));
        // base64 编码的私钥
        byte[] decoded = Base64.getDecoder().decode(privateKey);
        RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(ALGO).generatePrivate(new PKCS8EncodedKeySpec(decoded));
        // RSA 解密
        Cipher cipher = Cipher.getInstance(ALGO);
        // 私钥解密
        cipher.init(Cipher.DECRYPT_MODE, priKey);
        return new String(cipher.doFinal(inputByte));
    }

    public static void main(String[] args) {
        String originData = "hellp Test Asymmetric encrypt!";
        try {
            generateKeyPair();
            String encryData = encrypt(originData, KEY_CACHE.get(0));
            System.out.println("encryData = " + encryData);
            String decryData = decrypt(encryData, KEY_CACHE.get(1));
            System.out.println("decryData = " + decryData);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值