java、php中RSA产生公钥和私钥、校验 、加密 、解密的几种方法
今天主要给大家讲一下在java和php中如何利用开发语言直接生成RSA公钥与私钥,并进行加密解密和校验
JAVA
主要通过KeyPairGenerator进行生成公钥私钥及加密解密校验
1、第一种
import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; import java.security.*; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; /** * Created by lake on 17-4-12. */ public class RSACoder { public static final String KEY_ALGORITHM = "RSA"; public static final String SIGNATURE_ALGORITHM = "MD5withRSA"; private static final String PUBLIC_KEY = "RSAPublicKey"; private static final String PRIVATE_KEY = "RSAPrivateKey"; public static byte[] decryptBASE64(String key) { return Base64.decodeBase64(key); } public static String encryptBASE64(byte[] bytes) { return Base64.encodeBase64String(bytes); } /** * 用私钥对信息生成数字签名 * * @param data 加密数据 * @param privateKey 私钥 * @return * @throws Exception */ public static String sign(byte[] data, String privateKey) throws Exception { // 解密由base64编码的私钥 byte[] keyBytes = decryptBASE64(privateKey); // 构造PKCS8EncodedKeySpec对象 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取私钥匙对象 PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); // 用私钥对信息生成数字签名 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); return encryptBASE64(signature.sign()); } /** * 校验数字签名 * * @param data 加密数据 * @param publicKey 公钥 * @param sign 数字签名 * @return 校验成功返回true 失败返回false * @throws Exception */ public static boolean verify(byte[] data, String publicKey, String sign) throws Exception { // 解密由base64编码的公钥 byte[] keyBytes = decryptBASE64(publicKey); // 构造X509EncodedKeySpec对象 X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取公钥匙对象 PublicKey pubKey = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data); // 验证签名是否正常 return signature.verify(decryptBASE64(sign)); } public static byte[] decryptByPrivateKey(byte[] data, String key) throws Exception{ // 对密钥解密 byte[] keyBytes = decryptBASE64(key); // 取得私钥 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 对数据解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } /** * 解密<br> * 用私钥解密 * * @param data * @param key * @return * @throws Exception */ public static byte[] decryptByPrivateKey(String data, String key) throws Exception { return decryptByPrivateKey(decryptBASE64(data),key); } /** * 解密<br> * 用公钥解密 * * @param data * @param key * @return * @throws Exception */ public static byte[] decryptByPublicKey(byte[] data, String key) throws Exception { // 对密钥解密 byte[] keyBytes = decryptBASE64(key); // 取得公钥 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 对数据解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } /** * 加密<br> * 用公钥加密 * * @param data * @param key * @return * @throws Exception */ public static byte[] encryptByPublicKey(String data, String key) throws Exception { // 对公钥解密 byte[] keyBytes = decryptBASE64(key); // 取得公钥 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 对数据加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data.getBytes()); } /** * 加密<br> * 用私钥加密 * * @param data * @param key * @return * @throws Exception */ public static byte[] encryptByPrivateKey(byte[] data, String key) throws Exception { // 对密钥解密 byte[] keyBytes = decryptBASE64(key); // 取得私钥 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 对数据加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } /** * 取得私钥 * * @param keyMap * @return * @throws Exception */ public static String getPrivateKey(Map<String, Key> keyMap) throws Exception { Key key = (Key) keyMap.get(PRIVATE_KEY); return encryptBASE64(key.getEncoded()); } /** * 取得公钥 * * @param keyMap * @return * @throws Exception */ public static String getPublicKey(Map<String, Key> keyMap) throws Exception { Key key = keyMap.get(PUBLIC_KEY); return encryptBASE64(key.getEncoded()); } /** * 初始化密钥 * * @return * @throws Exception */ public static Map<String, Key> initKey() throws Exception { KeyPairGenerator keyPairGen = KeyPairGenerator .getInstance(KEY_ALGORITHM); keyPairGen.initialize(1024); KeyPair keyPair = keyPairGen.generateKeyPair(); Map<String, Key> keyMap = new HashMap(2); keyMap.put(PUBLIC_KEY, keyPair.getPublic());// 公钥 keyMap.put(PRIVATE_KEY, keyPair.getPrivate());// 私钥 return keyMap; } }使用示例
import org.junit.Before; import org.junit.Test; import java.security.Key; import java.util.Map; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; /** * Created by lake on 17-4-12. */ public class RSACoderTest { private String publicKey; private String privateKey; @Before public void setUp() throws Exception { Map<String, Key> keyMap = RSACoder.initKey(); publicKey = RSACoder.getPublicKey(keyMap); privateKey = RSACoder.getPrivateKey(keyMap); System.err.println("公钥: \n\r" + publicKey); System.err.println("私钥: \n\r" + privateKey); } @Test public void test() throws Exception { System.err.println("公钥加密——私钥解密"); String inputStr = "dounine"; byte[] encodedData = RSACoder.encryptByPublicKey(inputStr, publicKey); byte[] decodedData = RSACoder.decryptByPrivateKey(encodedData, privateKey); String outputStr = new String(decodedData); System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr); assertEquals(inputStr, outputStr); } @Test public void testSign() throws Exception { System.err.println("私钥加密——公钥解密"); String inputStr = "dounine"; byte[] data = inputStr.getBytes(); byte[] encodedData = RSACoder.encryptByPrivateKey(data, privateKey); byte[] decodedData = RSACoder.decryptByPublicKey(encodedData, publicKey); String outputStr = new String(decodedData); System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr); assertEquals(inputStr, outputStr); System.err.println("私钥签名——公钥验证签名"); // 产生签名 String sign = RSACoder.sign(encodedData, privateKey); System.err.println("签名:" + sign); // 验证签名 boolean status = RSACoder.verify(encodedData, publicKey, sign); System.err.println("状态:" + status); assertTrue(status); } }第二种
package com.zzzmh.api.utils; import java.util.Base64; import javax.crypto.Cipher; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; /** * Java RSA 加密工具类 * 参考: https://blog.csdn.net/qy20115549/article/details/83105736 */ public class RSAUtils { /** * 密钥长度 于原文长度对应 以及越长速度越慢 */ private final static int KEY_SIZE = 1024; /** * 用于封装随机产生的公钥与私钥 */ private static Map<Integer, String> keyMap = new HashMap<Integer, String>(); /** * 随机生成密钥对 */ public static void genKeyPair() throws NoSuchAlgorithmException { // KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); // 初始化密钥对生成器 keyPairGen.initialize(KEY_SIZE, new SecureRandom()); // 生成一个密钥对,保存在keyPair中 KeyPair keyPair = keyPairGen.generateKeyPair(); // 得到私钥 RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到公钥 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); String publicKeyString = Base64.getEncoder().encodeToString(publicKey.getEncoded()); // 得到私钥字符串 String privateKeyString = Base64.getEncoder().encodeToString(privateKey.getEncoded()); // 将公钥和私钥保存到Map //0表示公钥 keyMap.put(0, publicKeyString); //1表示私钥 keyMap.put(1, privateKeyString); } /** * RSA公钥加密 * * @param str 加密字符串 * @param publicKey 公钥 * @return 密文 * @throws Exception 加密过程中的异常信息 */ public static String encrypt(String str, String publicKey) throws Exception { //base64编码的公钥 byte[] decoded = Base64.getDecoder().decode(publicKey); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded)); //RSA加密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, pubKey); String outStr = Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes("UTF-8"))); return outStr; } /** * RSA私钥解密 * * @param str 加密字符串 * @param privateKey 私钥 * @return 明文 * @throws Exception 解密过程中的异常信息 */ public static String decrypt(String str, String privateKey) throws Exception { //64位解码加密后的字符串 byte[] inputByte = Base64.getDecoder().decode(str); //base64编码的私钥 byte[] decoded = Base64.getDecoder().decode(privateKey); RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); //RSA解密 Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, priKey); String outStr = new String(cipher.doFinal(inputByte)); return outStr; } public static void main(String[] args) throws Exception { long temp = System.currentTimeMillis(); //生成公钥和私钥 genKeyPair(); //加密字符串 System.out.println("公钥:" + keyMap.get(0)); System.out.println("私钥:" + keyMap.get(1)); System.out.println("生成密钥消耗时间:" + (System.currentTimeMillis() - temp) / 1000.0 + "秒"); String message = "RSA测试ABCD~!@#$"; System.out.println("原文:" + message); temp = System.currentTimeMillis(); String messageEn = encrypt(message, keyMap.get(0)); System.out.println("密文:" + messageEn); System.out.println("加密消耗时间:" + (System.currentTimeMillis() - temp) / 1000.0 + "秒"); temp = System.currentTimeMillis(); String messageDe = decrypt(messageEn, keyMap.get(1)); System.out.println("解密:" + messageDe); System.out.println("解密消耗时间:" + (System.currentTimeMillis() - temp) / 1000.0 + "秒"); } }PHP
主要通过openssl提供的相关方法进行创建和加密解密及校验
$config = array( "private_key_bits" => 1024, //字节数 512 1024 2048 4096 等 "private_key_type" => OPENSSL_KEYTYPE_RSA, //加密类型 "config" => "D:/phpStudy/PHPTutorial/Apache/conf/openssl.cnf" ); $privkeypass = '123456789'; //私钥密码 $numberofdays = 365; //有效时长 $cerpath = "./test.cer"; //生成证书路径 $pfxpath = "./test.pfx"; //密钥文件路径 $dn = array( "countryName" => "UK", //所在国家 "stateOrProvinceName" => "Somerset", //所在省份 "localityName" => "Glastonbury", //所在城市 "organizationName" => "The Brain Room Limited", //注册人姓名 "organizationalUnitName" => "PHP Documentation Team", //组织名称 "commonName" => "Wez Furlong", //公共名称 "emailAddress" => "wez@example.com" //邮箱 ); // 生成公钥私钥资源 $res = openssl_pkey_new($config); // 导出私钥 $priKey openssl_pkey_export($res, $priKey,null,$config); // 导出公钥 $pubKey $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey["key"]; //print_r($priKey); 私钥 //print_r($pubKey); 公钥 //直接测试私钥 公钥 echo '-------------------公私钥加解密-START---------------------','<br>'; $data = '测试公私钥加解密成功!'; // 公钥加密 openssl_public_encrypt($data, $encrypted, $pubKey); // 私钥解密 openssl_private_decrypt($encrypted, $decrypted, $priKey); echo '公钥加密:',base64_encode($encrypted),'私钥解密:','<br>',$decrypted,'<br>'; echo '-------------------公私钥加解密-END---------------------','<br>'; //生成文件 $csr = openssl_csr_new($dn, $priKey,$config); //基于$dn生成新的 CSR (证书签名请求) $sscert = openssl_csr_sign($csr, null, $priKey, 365,$config);//根据配置自己对证书进行签名 openssl_x509_export($sscert, $csrkey); //将公钥证书存储到一个变量 $csrkey,由 PEM 编码格式命名。 openssl_pkcs12_export($sscert, $privatekey, $priKey, $privkeypass); //将私钥存储到名为的出 PKCS12 文件格式的字符串。 导出密钥$privatekey //生成证书文件 $fp = fopen($cerpath, "w"); fwrite($fp, $csrkey); fclose($fp); //生成密钥文件 $fp = fopen($pfxpath, "w"); fwrite($fp, $privatekey); fclose($fp); echo '<br>','<br>','<br>','<br>'; echo '----------------------自签名验证-START----------------------','<br>'; // 测试私钥 秘钥 $privkeypass = '123456789'; //私钥密码 $pfxpath = "./test.pfx"; //密钥文件路径 $priv_key = file_get_contents($pfxpath); //获取密钥文件内容 $data = "测试数据!"; //加密数据测试test //私钥加密 openssl_pkcs12_read($priv_key, $certs, $privkeypass); //读取公钥、私钥 $prikeyid = $certs['pkey']; //私钥 openssl_sign($data, $signMsg, $prikeyid,OPENSSL_ALGO_SHA1); //注册生成加密信息 $signMsg = base64_encode($signMsg); //base64转码加密信息 //公钥解密 $unsignMsg=base64_decode($signMsg);//base64解码加密信息 openssl_pkcs12_read($priv_key, $certs, $privkeypass); //读取公钥、私钥 $pubkeyid = $certs['cert']; //公钥 $res = openssl_verify($data, $unsignMsg, $pubkeyid); //验证 echo $res?'证书测试成功!':'证书测试失败!';echo '<br>'; //输出验证结果,1:验证成功,0:验证失败 echo '-----------------------签名验证-END------------------------','<br>';
网友评论0