- 一、前言
- 二、签名与验签
- 1、程序代码如下:
- 2、程序运行结果:
- 三、加密解密
- 1、添加加解密方法
- 2、程序运行结果
RSA 算法相比于AES算法不同的是RSA的秘钥为不同的两个一个为公钥一个为私钥且目前理论上无法通过私钥/公钥去推得公钥/私钥。其数学原理为数论中寻求两个大素数比较简单,而将它们的乘积进行因式分解却极其困难,将他们的乘积作为公钥,从而无法通过分解因式获得私钥实现。
一般情况下,使用私钥进行签名,使用公钥验证签名。签名验签是为了验证用户身份是否合法,和登录一个作用。用于被调用方验证;使用公钥进行加密使用私钥解密.。加密解密是为防止数据被篡改。
相比于AES来说RSA一般用于加密短的明文,因为内容越长,效率越低。
package cn.zlc.des.rsa;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.base64;
@Slf4j
public class RSAUtil {
public static final String KEY_ALGORITHM = "RSA";
public static final String PUBLIC_KEY = "publicKey";
public static final String PRIVATE_KEY = "privateKey";
//map对象中存放公私钥
public static Map initKey() throws Exception {
//获得对象 KeyPairGenerator 参数 RSA 1024个字节
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
//通过对象 KeyPairGenerator 获取对象KeyPair
KeyPair keyPair = keyPairGen.generateKeyPair();
//通过对象 KeyPair 获取RSA公私钥对象RSAPublicKey RSAPrivateKey
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
//公私钥对象存入map中
Map keyMap = new HashMap<>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
public static PublicKey getPublicKey(String key) throws Exception {
byte[] keyBytes = base64.decodebase64(key);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePublic(keySpec);
}
public static PrivateKey getPrivateKey(String key) throws Exception {
byte[] keyBytes = base64.decodebase64(key.getBytes(StandardCharsets.UTF_8));
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePrivate(keySpec);
}
public static String signByPrivateKey(String content, String privateKey) {
try {
PrivateKey priKey = getPrivateKey(privateKey);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(priKey);
signature.update(content.getBytes(StandardCharsets.UTF_8));
byte[] signed = signature.sign();
return new String(base64.encodebase64URLSafe(signed), StandardCharsets.UTF_8);
} catch (Exception e) {
log.warn("sign error, content: {}, priKey: {}", content, privateKey);
log.error("sign error, message is {}", e.getMessage());
}
return null;
}
public static boolean verifySignByPublicKey(String content, String sign, String publicKey) {
try {
PublicKey pubKey = getPublicKey(publicKey);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pubKey);
signature.update(content.getBytes(StandardCharsets.UTF_8));
return signature.verify(base64.decodebase64(sign.getBytes(StandardCharsets.UTF_8)));
} catch (Exception e) {
log.warn("sign error, content: {}, sign: {}, pubKey: {}", content, sign, publicKey);
log.error("sign error", e);
}
return false;
}
public static void main(String[] args) {
String signContent = "待签名数据";
// 第一步,生成一对公私钥
Map keys = new HashMap<>(2);
try {
keys = RSAUtil.initKey();
}catch (Exception e){
log.error("init RSA key error,message is {}", e.getMessage());
System.exit(-1);
}
// 获得私钥
Key privateKey = keys.get(PRIVATE_KEY);
// 私钥base64编码字符串
String base64PrivateKeyStr = base64.encodebase64String(privateKey.getEncoded());
log.info("base64 privateKey String is:{}", base64PrivateKeyStr);
// 签名
String signString = RSAUtil.signByPrivateKey(signContent, base64PrivateKeyStr);
log.info("sign by privateKey ,signString is: {}", signString);
// 获得公钥
Key publicKey = keys.get(PUBLIC_KEY);
String base64PublicKeyStr = base64.encodebase64String(publicKey.getEncoded());
log.info("base64 publicKey String is:{}", base64PublicKeyStr);
boolean verifySignResult = RSAUtil.verifySignByPublicKey(signContent ,signString, base64PublicKeyStr);
log.info("verify sign result is: {}", verifySignResult);
}
}
2、程序运行结果:
17:57:52.337 [main] INFO cn.zlc.des.rsa.RSAUtil - base64 privateKey String is:MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAInvHaqkXciGW5sFb9S2oF/2KYR7zm+IGfX/KIUlMoo/g5v5DZBBFRr4Ez+PUvsjvnCigwHhigD6QCs2bTPuQfUdqeUV3N5qcf1wHjxA0mERrVneAuR1dyhikB2RbRkw901ZIpYEKBh5LDNEiA1wAkYvw9cpl6i31uiISPhmvpoXAgMBAAECgYAUUHcaDqMRSVhseFyEA3GTMHnk3ScGHhFUvYOGOHg9DCWh7wgkWrF1C1wqXD1oZ1dA125b9I+SnUieFKH4p/pmm9XvQZ3pwz2rJd+PFdo3KpXtdH6snJn4X1dO/1E8uaJOVKyKqZmNYO7/TK+4SxPKsR7W1em1wtvXTMy6/jK84QJBAMPWULhZyw4YYQNNl9YhAP+T3bJLyI1zl1xXmg1JB34GrkReh/otw8Mc9rDTkf8wjUwYtPUyC7q3tibTdu1o0VMCQQC0Tv0XCTE/ghMndxM+16XAfFyY4WkN7Se/Cp62UPHmvQ/HIusvGrdPkI59Bv7rq+gTebImzXxnRwe29+X4tKetAkBIgWiRWG1dYplIZ8n3dXCxL0W9ZWFzPYCkp6pZkNg9SKvslDMz5Q29h1OuVCaRnKAztFILFeRR1QKTjWdSrqQRAkA+kaJ12fTDCwpGiaWeCwszrnQbgS0JbiB6xN6qeZBX94eAHPfr0qOF8q3faQwREAhqqbJOkMP4usdMkN223knJAkBW8PO+DilQFgRqH47RIhz3md0EKVzqE02aYb8XO4DMQ8UgOqX6YGp3KEWW7Gwb0ASQZLlW+wkFmgLtt4aGhNY/ 17:57:52.346 [main] INFO cn.zlc.des.rsa.RSAUtil - sign by privateKey ,signString is: F1agu3KpQtcxXMFwiRNUv5LA-A9ebellLL_RnwoqxRQTwI5mt8bHq3tMzZxUq0E9Odaa-88oVnq9t1X9G9PoiVDcaMLXIrWCvDMw3xdssZ-TbspteBO1sGdV9UOk58KLU3aft3R3HvCaYl0mXcybdrN--MRtnB5xJYfHyh8QwL8 17:57:52.346 [main] INFO cn.zlc.des.rsa.RSAUtil - base64 publicKey String is:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ7x2qpF3IhlubBW/UtqBf9imEe85viBn1/yiFJTKKP4Ob+Q2QQRUa+BM/j1L7I75wooMB4YoA+kArNm0z7kH1HanlFdzeanH9cB48QNJhEa1Z3gLkdXcoYpAdkW0ZMPdNWSKWBCgYeSwzRIgNcAJGL8PXKZeot9boiEj4Zr6aFwIDAQAB 17:57:52.347 [main] INFO cn.zlc.des.rsa.RSAUtil - verify sign result is: true三、加密解密 1、添加加解密方法
package cn.zlc.des.rsa;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.codec.binary.base64;
@Slf4j
public class RSAUtil {
public static final String KEY_ALGORITHM = "RSA";
public static final String SIGNATURE_ALGORITHM = "SHA1WithRSA";
public static final String PUBLIC_KEY = "publicKey";
public static final String PRIVATE_KEY = "privateKey";
//map对象中存放公私钥
public static Map initKey() throws Exception {
//获得对象 KeyPairGenerator 参数 RSA 1024个字节
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
//通过对象 KeyPairGenerator 获取对象KeyPair
KeyPair keyPair = keyPairGen.generateKeyPair();
//通过对象 KeyPair 获取RSA公私钥对象RSAPublicKey RSAPrivateKey
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
//公私钥对象存入map中
Map keyMap = new HashMap<>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
public static PublicKey getPublicKey(String key) throws Exception {
byte[] keyBytes = base64.decodebase64(key);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePublic(keySpec);
}
public static PrivateKey getPrivateKey(String key) throws Exception {
byte[] keyBytes = base64.decodebase64(key.getBytes(StandardCharsets.UTF_8));
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePrivate(keySpec);
}
public static String signByPrivateKey(String content, String privateKey) {
try {
PrivateKey priKey = getPrivateKey(privateKey);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(priKey);
signature.update(content.getBytes(StandardCharsets.UTF_8));
byte[] signed = signature.sign();
return new String(base64.encodebase64URLSafe(signed), StandardCharsets.UTF_8);
} catch (Exception e) {
log.warn("sign error, content: {}, priKey: {}", content, privateKey);
log.error("sign error, message is {}", e.getMessage());
}
return null;
}
public static boolean verifySignByPublicKey(String content, String sign, String publicKey) {
try {
PublicKey pubKey = getPublicKey(publicKey);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pubKey);
signature.update(content.getBytes(StandardCharsets.UTF_8));
return signature.verify(base64.decodebase64(sign.getBytes(StandardCharsets.UTF_8)));
} catch (Exception e) {
log.warn("sign error, content: {}, sign: {}, pubKey: {}", content, sign, publicKey);
log.error("sign error", e);
}
return false;
}
public static String encryptByPublicKey(String plainText, String publicKey) {
try {
PublicKey pubKey = getPublicKey(publicKey);
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] enBytes = cipher.doFinal(plainText.getBytes(StandardCharsets.UTF_8));
return base64.encodebase64String(enBytes);
} catch (Exception e) {
log.error("encrypt error", e);
}
return null;
}
public static String decryptByPrivateKey(String enStr, String privateKey) {
try {
PrivateKey priKey = getPrivateKey(privateKey);
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, priKey);
byte[] deBytes = cipher.doFinal(base64.decodebase64(enStr));
return new String(deBytes);
} catch (Exception e) {
log.error("decrypt error", e);
}
return null;
}
public static void main(String[] args) {
String encryptionContent = "待加密数据";
// 第一步,生成一对公私钥
Map keys = new HashMap<>(2);
try {
keys = RSAUtil.initKey();
}catch (Exception e){
log.error("init RSA key error,message is {}", e.getMessage());
System.exit(-1);
}
// 获得公钥
Key publicKey = keys.get(PUBLIC_KEY);
String base64PublicKeyStr = base64.encodebase64String(publicKey.getEncoded());
log.info("base64 publicKey String is:{}", base64PublicKeyStr);
// 加密
String encryptionString = RSAUtil.encryptByPublicKey(encryptionContent, base64PublicKeyStr);
log.info("encryptionString by publicKey ,encryptionString is: {}", encryptionString);
// 解密
// 获得私钥
Key privateKey = keys.get(PRIVATE_KEY);
// 私钥base64编码字符串
String base64PrivateKeyStr = base64.encodebase64String(privateKey.getEncoded());
log.info("base64 privateKey String is:{}", base64PrivateKeyStr);
String decryptionString = RSAUtil.decryptByPrivateKey(encryptionString, base64PrivateKeyStr);
log.info("decryptionString by privateKey ,decryptionString is: {}", decryptionString);
}
}
2、程序运行结果
18:30:52.140 [main] INFO cn.zlc.des.rsa.RSAUtil - base64 publicKey String is:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCU9l+2w68GDlSxNZQK5BaU+DvcKAAOfHLTJE3KYSOA+vucvoEGgmZ8rsULoI/s0nrsqtI/s/D0VS0vDTLpv/EFWAwAZquhrB6RNyAxjgzgugNbC9oxThEyOAD5VztM0p4XmR8ynK7OeD/BkNjSPVAeZLRfxZKsBGx846OhepX8swIDAQAB 18:30:52.331 [main] INFO cn.zlc.des.rsa.RSAUtil - encryptionString by publicKey ,encryptionString is: icurdQyGP2JpI2q+BRf6MgnEk4or1Fdlpxyjr7/yTXVLNHgM7fcNKFcSO/s7EORJEwN1Z96sYOi7kU74fITSo92jsyem4yUajeHzbElJ7dy/fIAkyFwJibxfyaalY897NtJToFrT5eqk8LKkoUwSjfRo/SM/APkO4a1+oIs0zWA= 18:30:52.331 [main] INFO cn.zlc.des.rsa.RSAUtil - base64 privateKey String is:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAJT2X7bDrwYOVLE1lArkFpT4O9woAA58ctMkTcphI4D6+5y+gQaCZnyuxQugj+zSeuyq0j+z8PRVLS8NMum/8QVYDABmq6GsHpE3IDGODOC6A1sL2jFOETI4APlXO0zSnheZHzKcrs54P8GQ2NI9UB5ktF/FkqwEbHzjo6F6lfyzAgMBAAECgYAtyLfMZcKyus7fFJem7UnfiZhkZ0r1KNzl9n+OV2LhLsMM/ySLCqNTaSgZFcWGxX6QpUQv3i+N+WwEzSq724nJXkiWRHF/jxs9/qI8AtTzlTHUnXAQ4XriLYKBbPbQdATzXhn3tZbVvCZTZmsm1uJ0A/9i4dWtelgkgowzeuVVCQJBAPdXKnccO+AWBc3h4YFk1WS3sxx65AFqE9517iqpIoRB2gEnwxsReAdDGCXOye0C7+q5eutopoTGTJOQiEgqhVUCQQCaLXn43b/YoXJjbrNr2SjnzRaTy1nWHiTW0jCvfBJM+EqEpPfrRXmvGIAhIOsYTSUKY4edfxEnEkTeDU1+aPnnAkEA8H6NqNEIGwPu0tf9911+6/Z+LoQDLKji9tx+HnbkO+r3uUXbPHeI2K7RTPm7dzvy4a1Fqp3Pw6w4iwburBTEHQJAYzaSf+hKtR+nWX76LJOQ9CGQvsij5dp+AFNACxz/NdKtOVBjTV3m4RsWELt7LacvB9Fmip4jLo5eDLpovMjWzwJBANfFFdGxzZfH4D5dL9LDhSKslmIew7h2RHT16jUZPDbiOEIvMGXYE1BE5HuiliLt7fNFj3hcFqACTqTtbLoKHOw= 18:30:52.336 [main] INFO cn.zlc.des.rsa.RSAUtil - decryptionString by privateKey ,decryptionString is: 待加密数据
