如果您想了解C#和JAVA的RSA密钥、公钥转换的相关知识,那么本文是一篇不可错过的文章,我们将对java使用rsa公钥私钥加密解密进行全面详尽的解释,并且为您提供关于.Netc#RSAxml公钥密钥
如果您想了解C#和JAVA的RSA密钥、公钥转换的相关知识,那么本文是一篇不可错过的文章,我们将对java使用rsa公钥私钥加密解密进行全面详尽的解释,并且为您提供关于.Net c# RSA xml公钥密钥转pem格式、.NET Core RSA密钥的xml、pkcs1、pkcs8格式转换和JavaScript、Java等语言进行对接、Java & PHP RSA 互通密钥、签名、验签、加密、解密、java / android中的数字签名(RSA密钥)的有价值的信息。
本文目录一览:- C#和JAVA的RSA密钥、公钥转换(java使用rsa公钥私钥加密解密)
- .Net c# RSA xml公钥密钥转pem格式
- .NET Core RSA密钥的xml、pkcs1、pkcs8格式转换和JavaScript、Java等语言进行对接
- Java & PHP RSA 互通密钥、签名、验签、加密、解密
- java / android中的数字签名(RSA密钥)
C#和JAVA的RSA密钥、公钥转换(java使用rsa公钥私钥加密解密)
C#的秘钥跟JAVA的密钥区别
RSA对于程序本身是没有区别的,其格式都是相同的。对于不同的程序来说,存储使用的语法(包装的类)会有所不同。
RSA语法和语法标准有很多,大的类型大概分为ASN.1、PKCS、X.509。
RSA语法介绍
ASN.1、PKCS是最初的,也是最主要的RSA公钥和私钥的语法标准,被RSA Lab所维护。
ASN.1、PKCS#1都定义了公钥和私钥的类型——序列化的数字。为了下一个层次的抽象(适当的包装),现在一般使用的组合是:PKCS#8的私钥,X.509的公钥 。
PKCS语法主要用于私钥,其内部标准目前有10种。目前JAVA普遍使用的是PKCS#8,用作私钥格式。
X.509语法主要用于公钥,广泛使用于web浏览器和SLL。
3种语法标准的公私钥可以实现相互转化,其核心为ASN1语法中的整数值(modulus,PublicExponent,privateExponent ),其余的数值都可以经过计算后得出。
.NET使用的是标准的RSA格式,然后将其中的数字base64编码后,生成XML进行存储。
java中使用的是PKCS#8,、X.509的公私钥语法,存储的都是相应的JAVA类自动生成的base64字符串。
由于存储格式的区别,在相互转换、读取的时候,需要理解RSA相关的知识,才能正确使用类来转换。
密钥格式
java密钥:
[java]
view plain
copy
- 私钥:
- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKSZSSEdPhv77O5ocnLNGXeQ21qJDArC1+yId+9/pY5bXkZk5vCB49EpfMwNukLv6AJqofThZPNOs1t015fdEYIUnkIc2QVxRwa0xTeFP
- 6N8D4WQXRWs4fNG27JK5kP45s+9KlJtx5hs7G97aMczehIWpHaO6j9inOmjlU8l62KZAgMBAAECgYEAmK3TRtMwRJb33OGnn9OeFumYfy92qxi3X6Hq1o6qDBW2qkd4bImfv+ni6AinyOVuaadt2Y+lq4
- dKGcCVJzoZvPm1VKxD2y7xKa8/vEbPRiRTt0qnPq9T7UJkpDsiXf/zOMfWdjc3uA1bPnQ65RWHSJ7zAE+Gd7xnyCE5MEyijLECQQDVYqQWDqOVLZ5lJUuIfUIrhv26GvuoTX8v60+opCz4/Mdfh6JlefI
- CVD6SAaYvufXBHVFY26JicNlR62ZOiBoNAkEAxXhsuEnNJNQcQHEVTPZoulbMbTV1VZIDQ1zjG8fvu8sv6IBYcR5+EsC8n3/6RkW8/iCJDzxE++VHzhoSQSoDvQJBAM6/63J/rpndAIrJ7vyJOPLJsc9/U
- 3SH2gMJAT7KC9UXvuldlsixtf3xuEpplKbLjEUXbfklnZm586a+6XqPvoUCQDFotltOLARBBmihYuEE7qNhQHk63QbyJ9rdDP5Qgo2Mg4o7QuXa6VSr4QZPsUGQBX/YiDLFs8ULU3IgV9zyNEkCQADAYR8
- DctYzg0eBGdcOrDA5Szc62pYrS2wk89wUxyL4FyDL3omkVMKvtu5tccy7Xht2ikJZRqefZ3dS7ASm8/4=
- 公钥:
- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkmUkhHT4b++zuaHJyzRl3kNtaiQwKwtfsiHfvf6WOW15GZObwgePRKXzMDbpC7+gCaqH04WTzTrNbdNeX3RGCFJ5CHNkFcUcGtMU3hT+jfA+FkF0VrO
- HzRtuySuZD+ObPvSpSbceYbOxve2jHM3oSFqR2juo/Ypzpo5VPJetimQIDAQAB
c#密钥:
[csharp]
view plain
copy
- 私钥:
- <RSAKeyValue>
- <Modulus>pJlJIR0+G/vs7mhycs0Zd5DbWokMCsLX7Ih373+ljlteRmTm8IHj0Sl8zA26Qu/oAmqh9OFk806zW3TXl90RghSeQhzZBXFHBrTFN4U/o3wPhZBdFazh80bbskrmQ/jmz70qUm3HmGzsb3tox
- zN6Ehakdo7qP2Kc6aOVTyXrYpk=</Modulus>
- <Exponent>AQAB</Exponent>
- <P>1WKkFg6jlS2eZSVLiH1CK4b9uhr7qE1/L+tPqKQs+PzHX4eiZXnyAlQ+kgGmL7n1wR1RWNuiYnDZUetmTogaDQ==</P>
- <Q>xXhsuEnNJNQcQHEVTPZoulbMbTV1VZIDQ1zjG8fvu8sv6IBYcR5+EsC8n3/6RkW8/iCJDzxE++VHzhoSQSoDvQ==</Q>
- <DP>zr/rcn+umd0Aisnu/Ik48smxz39TdIfaAwkBPsoL1Re+6V2WyLG1/fG4SmmUpsuMRRdt+SWdmbnzpr7peo++hQ==</DP>
- <DQ>MWi2W04sBEEGaKFi4QTuo2FAeTrdBvIn2t0M/lCCjYyDijtC5drpVKvhBk+xQZAFf9iIMsWzxQtTciBX3PI0SQ==</DQ>
- <InverseQ>wGEfA3LWM4NHgRnXDqwwOUs3OtqWK0tsJPPcFMci+Bcgy96JpFTCr7bubXHMu14bdopCWUann2d3UuwEpvP+</InverseQ>
- <D>mK3TRtMwRJb33OGnn9OeFumYfy92qxi3X6Hq1o6qDBW2qkd4bImfv+ni6AinyOVuaadt2Y+lq4dKGcCVJzoZvPm1VKxD2y7xKa8/vEbPRiRTt0qnPq9T7UJkpDsiXf/zOMfWdjc3uA1bPnQ65RWHS
- J7zAE+Gd7xnyCE5MEyijLE=</D>
- </RSAKeyValue>
- 公钥:
- <RSAKeyValue>
- <Modulus>pJlJIR0+G/vs7mhycs0Zd5DbWokMCsLX7Ih373+ljlteRmTm8IHj0Sl8zA26Qu/oAmqh9OFk806zW3TXl90RghSeQhzZBXFHBrTFN4U/o3wPhZBdFazh80bbskrmQ/jmz70qUm3HmGzsb3tox
- zN6Ehakdo7qP2Kc6aOVTyXrYpk=</Modulus>
- <Exponent>AQAB</Exponent>
- </RSAKeyValue>
C#转JAVA(C#代码)
C#中的公私钥使用XML字符串进行存储,读取时直接读入字符串即可。
由于C#使用的是标准的RSA格式,因此JAVA的RSAPublicKeySpec、RSAPrivateKeySpec配置类的核心参数(modulus,PublicExponent,privateExponent )都可以从对应XML中的节点值(Modulus-modulus 、Exponent-PublicExponent 、D-privateExponent )base64解码后获取。然后将其传入JAVA配置类中,然后根据配置类生成相应的RSA公私钥。
手动转换
[csharp]
view plain
copy
- void Convert()
- {
- //公钥
- byte[] m = Base64.decodeBase64("mX/9zl8rflH5pLaP5P1Qd/9wXwNBSx7OpLlYDnGr7wD0njiDfPSUkgf9oF5NcvZwl24qdJ1SLmrgUtnr+yeXBNZNKaan1xXKISHdlHvbW5G8nJCJW6CuaHMkVw3Y7kwaIIlUdv09vxfjj0AoabttjbtF1kqETzbQ6fK3EN6sY5U=");
- byte[] e = Base64.decodeBase64("AQAB");
- BigInteger b1 = new BigInteger(1, m);
- BigInteger b2 = new BigInteger(1, e);
- //私钥
- byte[] m1 = Base64.decodeBase64("3RgqP5YOYUXft8YOlDphyaCoof27MSfTD2eVCFVXB5hatrls1fSUcmUuWuGV970sS6KQZZtyWHQ5970sCzKFlq82He8Uoe0JM3axBvd6PbSGjulUJr62qNW5hgkIEfxSRYl8AQsbbusFtks4obfepsfE02cLmmZepnZAdIOWifE=");
- byte[] e1 = Base64.decodeBase64("QcSZdLbHakolxX4GAjPnuNmwsBdRIsss7o0qeQMh02GPwoEgDfkmW20bv+8Q9FPypEEkYQU/m25ffAFq453QvLegYYi8OvWN+dvgchQRdeb22d+s6xYGGN9DRcPFRE48INde8FBHf/lzVgToV75h1H7g+jB4hLmLeuIuHsB43/0=");
- BigInteger b11 = new BigInteger(1, m1);
- BigInteger b21 = new BigInteger(1, e1);
- //公钥
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- RSAPublicKeySpec keySpec = new RSAPublicKeySpec(b1, b2);
- RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
- //私钥
- RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(b11, b21);
- RSAPrivateKey priKey = (RSAPrivateKey) keyFactory.generatePrivate(priKeySpec);
- }
BouncyCastle Crypto转换
格式转换要用到一个开源加密库Bouncy Castle Crypto APIs,
官网地址:http://www.bouncycastle.org/csharp/
具体实现代码如下:
[csharp]
view plain
copy
- using System;
- using System.Xml;
- using Org.BouncyCastle.Asn1.Pkcs;
- using Org.BouncyCastle.Asn1.X509;
- using Org.BouncyCastle.Crypto.Parameters;
- using Org.BouncyCastle.Math;
- using Org.BouncyCastle.Pkcs;
- using Org.BouncyCastle.Security;
- using Org.BouncyCastle.X509;
- /// <summary>
- /// RSA密钥格式转换
- /// </summary>
- public class RSAKeyConvert
- {
- /// <summary>
- /// RSA私钥格式转换,java->.net
- /// </summary>
- /// <param name="privateKey">java生成的RSA私钥</param>
- /// <returns></returns>
- public static string RSAPrivateKeyJava2DotNet(string privateKey)
- {
- RsaPrivateCrtKeyParameters privateKeyParam = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKey));
- return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent><P>{2}</P><Q>{3}</Q><DP>{4}</DP><DQ>{5}</DQ><InverseQ>{6}</InverseQ><D>{7}</D></RSAKeyValue>",
- Convert.ToBase64String(privateKeyParam.Modulus.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.PublicExponent.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.P.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.Q.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.DP.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.DQ.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.QInv.ToByteArrayUnsigned()),
- Convert.ToBase64String(privateKeyParam.Exponent.ToByteArrayUnsigned()));
- }
- /// <summary>
- /// RSA私钥格式转换,.net->java
- /// </summary>
- /// <param name="privateKey">.net生成的私钥</param>
- /// <returns></returns>
- public static string RSAPrivateKeyDotNet2Java(string privateKey)
- {
- XmlDocument doc = new XmlDocument();
- doc.LoadXml(privateKey);
- BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
- BigInteger exp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
- BigInteger d = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("D")[0].InnerText));
- BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("P")[0].InnerText));
- BigInteger q = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Q")[0].InnerText));
- BigInteger dp = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DP")[0].InnerText));
- BigInteger dq = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("DQ")[0].InnerText));
- BigInteger qinv = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("InverseQ")[0].InnerText));
- RsaPrivateCrtKeyParameters privateKeyParam = new RsaPrivateCrtKeyParameters(m, exp, d, p, q, dp, dq, qinv);
- PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParam);
- byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetEncoded();
- return Convert.ToBase64String(serializedPrivateBytes);
- }
- /// <summary>
- /// RSA公钥格式转换,java->.net
- /// </summary>
- /// <param name="publicKey">java生成的公钥</param>
- /// <returns></returns>
- public static string RSAPublicKeyJava2DotNet(string publicKey)
- {
- RsaKeyParameters publicKeyParam = (RsaKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKey));
- return string.Format("<RSAKeyValue><Modulus>{0}</Modulus><Exponent>{1}</Exponent></RSAKeyValue>",
- Convert.ToBase64String(publicKeyParam.Modulus.ToByteArrayUnsigned()),
- Convert.ToBase64String(publicKeyParam.Exponent.ToByteArrayUnsigned()));
- }
- /// <summary>
- /// RSA公钥格式转换,.net->java
- /// </summary>
- /// <param name="publicKey">.net生成的公钥</param>
- /// <returns></returns>
- public static string RSAPublicKeyDotNet2Java(string publicKey)
- {
- XmlDocument doc = new XmlDocument();
- doc.LoadXml(publicKey);
- BigInteger m = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Modulus")[0].InnerText));
- BigInteger p = new BigInteger(1, Convert.FromBase64String(doc.DocumentElement.GetElementsByTagName("Exponent")[0].InnerText));
- RsaKeyParameters pub = new RsaKeyParameters(false, m, p);
- SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pub);
- byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded();
- return Convert.ToBase64String(serializedPublicBytes);
- }
- }
JAVA转C#(java代码)
JAVA中的公私钥使用base64进行存储,解码成字节数组后,首先需要生成相应的配置对象(PKCS#8,、X.509 ),根据配置对象生成RSA公私钥。
私钥
C#使用的是标准的RSA格式,PKCS#1语法中包含了标准RSA格式私钥中的所有整数值。配置对象需要生成PKCS#1语法的RSA对象(RSAPrivateCrtKey),获取对象属性,自行构造私钥XML。
就算不会JAVA的新手都可以转换的,只需要把以下的代码添加进eclipse中就可以了,具体的怎么建java工程就自己去查一下。
把一对密钥转成C#中格式的密钥在JAVA中的转换代码如下:
[java]
view plain
copy
- package com;
- import java.security.KeyFactory;
- import java.security.PublicKey;
- import java.security.interfaces.RSAPrivateCrtKey;
- import java.security.interfaces.RSAPublicKey;
- import java.security.spec.PKCS8EncodedKeySpec;
- import java.security.spec.X509EncodedKeySpec;
- import com.sun.org.apache.xerces.internal.impl.dv.util.Base64;
- public class test {
- public static void main(String[] args) {
- String tes = "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAL8z2QlXCL6w7rvY0Gbl8ARtQSXY+pEW5hlUHlmspqHt4k8/SkoF796gDqk4yyOcoWhkZWLPPugK35Mn7V+m5Jyfu8C0gVKOfWOA8A0T4hxV2ThAoMUq7QtB2K6s9AoumrxDfAkMBbsXEHYwfD/hxr/3DQ3lUvSFB6BnhiHEOyzpAgMBAAECgYEAol/9qRjorEjF9XEjSr9rHddKxEGIST8RGeF+BNnCiTHkRziQdlykYIO876jzmsKhsG3STB+EZLsXM3ls9RZefcsPF5mLOCSOCow3DikfCtAy4hntsU9JwpuYE0V4A+Sgfd24fatqbu+JxE2nvpSbAPczDOgBFPNfYBkhMiuZ/iECQQDzUeq7lFcIE4uWhRGveVFjNAGuSsW+q9GOwO7tS5YwuAIQ2M+XgYGRFo8xMC6V/9SfqJtmSU1zk72pMlYufIqHAkEAySqkcKbWuobq5I9KSQISq2qCuGKtj/iUFho4PCD1YxhnQ7gcHA4OpS1dRFjtXJYQPTX9be+mmypsCFIyofE5DwJBAPGZ20wahTh9v9Lbmq3z9n5ce3bGxAcJsHDg3d09eooxi8uSnL5BV5frII+k2f0TI9rMnlE4Y/FpN5+zXaOXAi0CQQCs3Aqfjo23jJWtPv/LSo+2YnjfblPMAgNmFrO532xc8axSgZMN/HpTL28UewHD7GMZ5hnWbPcSIFrir5c4luq7AkEAi90WdnZVPxtSTqkkLYbnh4Ro2WhdwRjkfyBxBZZx8hfaM6MfLPi3A0rw9DPOSB4M/BMchtEh3bXuI7bue2tG+A==";
- byte[] temp = b64decode(tes);
- String ver = getRSAPrivateKeyAsNetFormat(temp);// 转换私钥
- String tes1 = "MIGfMA0GCSqGSIb4DQEBAQUAA4GNADCBiQKBgQC/M9kJVwi+sO672NBm5fAEbUEl2PqRFuYZVB5ZrKah7eJPP0pKBe/eoA6pOMsjnKFoZGVizz7oCt+TJ+1fpuScn7vAtIFSjn1jgPANE+IcVdk4QKDFKu0LQdiurPQKLpq8Q3wJDAW7FxB2MHw/4ca/9w0N5VL0hQegZ4YhxDss6QIDAQAB";
- byte[] temp1 = b64decode(tes1);
- String ver1 = getRSAPublicKeyAsNetFormat(temp1);// 转换公钥
- System.out.println(ver);
- System.out.println(ver1);
- }
- private static String getRSAPrivateKeyAsNetFormat(byte[] encodedPrivkey) {
- try {
- StringBuffer buff = new StringBuffer(1024);
- PKCS8EncodedKeySpec pvkKeySpec = new PKCS8EncodedKeySpec(
- encodedPrivkey);
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- RSAPrivateCrtKey pvkKey = (RSAPrivateCrtKey) keyFactory
- .generatePrivate(pvkKeySpec);
- buff.append("<RSAKeyValue>");
- buff.append("<Modulus>"
- + b64encode(removeMSZero(pvkKey.getModulus()
- .toByteArray())) + "</Modulus>");
- buff.append("<Exponent>"
- + b64encode(removeMSZero(pvkKey.getPublicExponent()
- .toByteArray())) + "</Exponent>");
- buff.append("<P>"
- + b64encode(removeMSZero(pvkKey.getPrimeP().toByteArray()))
- + "</P>");
- buff.append("<Q>"
- + b64encode(removeMSZero(pvkKey.getPrimeQ().toByteArray()))
- + "</Q>");
- buff.append("<DP>"
- + b64encode(removeMSZero(pvkKey.getPrimeExponentP()
- .toByteArray())) + "</DP>");
- buff.append("<DQ>"
- + b64encode(removeMSZero(pvkKey.getPrimeExponentQ()
- .toByteArray())) + "</DQ>");
- buff.append("<InverseQ>"
- + b64encode(removeMSZero(pvkKey.getCrtCoefficient()
- .toByteArray())) + "</InverseQ>");
- buff.append("<D>"
- + b64encode(removeMSZero(pvkKey.getPrivateExponent()
- .toByteArray())) + "</D>");
- buff.append("</RSAKeyValue>");
- return buff.toString().replaceAll("[ \t\n\r]", "");
- } catch (Exception e) {
- System.err.println(e);
- return null;
- }
- }
- private static String getRSAPublicKeyAsNetFormat(byte[] encodedPrivkey) {
- try {
- StringBuffer buff = new StringBuffer(1024);
- PKCS8EncodedKeySpec pvkKeySpec = new PKCS8EncodedKeySpec(
- encodedPrivkey);
- KeyFactory keyFactory = KeyFactory.getInstance("RSA");
- RSAPublicKey pukKey = (RSAPublicKey) keyFactory
- .generatePublic(new X509EncodedKeySpec(encodedPrivkey));
- buff.append("<RSAKeyValue>");
- buff.append("<Modulus>"
- + b64encode(removeMSZero(pukKey.getModulus()
- .toByteArray())) + "</Modulus>");
- buff.append("<Exponent>"
- + b64encode(removeMSZero(pukKey.getPublicExponent()
- .toByteArray())) + "</Exponent>");
- buff.append("</RSAKeyValue>");
- return buff.toString().replaceAll("[ \t\n\r]", "");
- } catch (Exception e) {
- System.err.println(e);
- return null;
- }
- }
- public static String encodePublicKeyToXml(PublicKey key) {
- if (!RSAPublicKey.class.isInstance(key)) {
- return null;
- }
- RSAPublicKey pubKey = (RSAPublicKey) key;
- StringBuilder sb = new StringBuilder();
- sb.append("<RSAKeyValue>");
- sb.append("<Modulus>").append(
- Base64.encode(pubKey.getModulus().toByteArray())).append(
- "</Modulus>");
- sb.append("<Exponent>").append(
- Base64.encode(pubKey.getPublicExponent().toByteArray()))
- .append("</Exponent>");
- sb.append("</RSAKeyValue>");
- return sb.toString();
- }
- private static byte[] removeMSZero(byte[] data) {
- byte[] data1;
- int len = data.length;
- if (data[0] == 0) {
- data1 = new byte[data.length - 1];
- System.arraycopy(data, 1, data1, 0, len - 1);
- } else
- data1 = data;
- return data1;
- }
- private static String b64encode(byte[] data) {
- String b64str = new String(Base64.encode(data));
- return b64str;
- }
- private static byte[] b64decode(String data) {
- byte[] decodeData = Base64.decode(data);
- return decodeData;
- }
- }
.Net c# RSA xml公钥密钥转pem格式
.net使用的虽然是标准rsa流程,但其他语言一般使用pem格式的公钥和密钥而非Exponent 和 Modulus。
在JS或object-c使用的时候需要将C#的xml参数转为如下格式:
-----BEGIN PUBLIC KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PUBLIC KEY-----
参考:
https://www.jianshu.com/p/faefcc58c79b
在线转
https://superdry.apphb.com/tools/online-rsa-key-converter
一个JS的RSA库 jsEncrypt:
jsEncrypt使用方法 https://www.cnblogs.com/zaxxm/p/5144267.html
下载地址 http://travistidwell.com/jsencrypt/
.NET Core RSA密钥的xml、pkcs1、pkcs8格式转换和JavaScript、Java等语言进行对接
众所周知在.NET下的RSA类所生成的密钥为Xml格式,而其他语言比如java一般使用pkcs8格式的密钥,JavaScript一般使用pkcs1格式。我们在开发过程中很可能遇到需要与其他语言开发的api进行对接,如果遇到RSA加密解密,我们肯定需要保证key是相同的,才能保证数据的正确处理,我们肯定需要对密钥进行转换,下面我将我自己的使用经验分享给大家。
pkcs1和pkcs8的操作借助了开源项目bouncycastle
RSAUtil 项目
RSAUtil 项目是.NET Core下RSA算法使用帮助工具,支持使用RSA算法对数据进行加密,解密,签名和验证签名,支持xml,pkcs1,pkcs8三种密钥格式,支持这三种格式的密钥相互转换。最后还支持pem格式化。
使用
生成密钥
使用“RsaKeyGenerator”类。返回的结果是一个有两个元素的字符串的列表,元素1是私钥,元素2是公钥。
格式:XML
var keyList = RsaKeyGenerator.XmlKey(2048);
var privateKey = keyList [0];
var publicKey = keyList [1];
格式:Pkcs1
var keyList = RsaKeyGenerator.Pkcs1Key(2048);
var privateKey = keyList [0];
var publicKey = keyList [1];
格式:Pkcs8
var keyList = RsaKeyGenerator.Pkcs8Key(2048);
var privateKey = keyList [0];
var publicKey = keyList [1];
RSA密钥转换
使用“RsaKeyConvert”类。它支持这三种格式的密钥转换,即:xml,pkcs1,pkcs8。
XML-> Pkcs1:
- 私钥:
RsaKeyConvert.PrivateKeyXmlToPkcs1() - 公钥:
RsaKeyConvert.PublicKeyXmlToPem()
XML-> Pkcs8:
- 私钥:
RsaKeyConvert.PrivateKeyXmlToPkcs8() - 公钥:
RsaKeyConvert.PublicKeyXmlToPem()
Pkcs1-> XML:
- 私钥:
RsaKeyConvert.PrivateKeyPkcs1ToXml() - 公钥:
RsaKeyConvert.PublicKeyPemToXml()
Pkcs1-> Pkcs8:
- 私钥:
RsaKeyConvert.PrivateKeyPkcs1ToPkcs8() - 公钥:不需要转换
Pkcs8-> XML:
- 私钥:
RsaKeyConvert.PrivateKeyPkcs8ToXml() - 公钥:
RsaKeyConvert.PublicKeyPemToXml()
Pkcs8-> Pkcs1:
- 私钥:
RsaKeyConvert.PrivateKeyPkcs8ToPkcs1() - 公钥:不需要转换
加密,解密,签名和验证签名
XML,Pkcs1,Pkcs8分别对应类:
RsaXmlUtil,RsaPkcs1Util,RsaPkcs8Util。它们继承自抽象类RSAUtilBase
- 加密:
RSAUtilBase.Encrypt() - 解密:
RSAUtilBase.Decrypt() - Sign:
RSAUtilBase.SignData() - 验证:
RSAUtilBase.VerifyData()
PEM格式化
使用类“RsaPemFormatHelper”。
- 格式化Pkcs1格式私钥:
RsaPemFormatHelper.Pkcs1PrivateKeyFormat() - 删除Pkcs1格式私钥格式:
RsaPemFormatHelper.Pkcs1PrivateKeyFormatRemove() - 格式化Pkcs8格式私钥:
RsaPemFormatHelper.Pkcs8PrivateKeyFormat() - 删除Pkcs8格式的私钥格式:
RsaPemFormatHelper.Pkcs8PrivateKeyFormatRemove()
其他说明
本项目已开源,如果对您有帮助,欢迎来个star:https://github.com/stulzq/RSAUtil
为了方便使用已经上传Nuget:https://www.nuget.org/packages/XC.RSAUtil/
直接使用命令安装:
Install-Package XC.RSAUtil
Java & PHP RSA 互通密钥、签名、验签、加密、解密
RSA加密算法是一种非对称加密算法。在公开密钥加密和电子商业中RSA被广泛使用。RSA是1977年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的。当时他们三人都在麻省理工学院工作。RSA就是他们三人姓氏开头字母拼在一起组成的。
RSA是第一个比较完善的公开密钥算法,它既能用于加密,也能用于数字签名。这个算法经受住了多年深入的密码分析,虽然密码分析者既不能证明也不能否定RSA的安全性,但这恰恰说明该算法有一定的可信性,目前它已经成为最流行的公开密钥算法。
RSA的安全基于大数分解的难度。其公钥和私钥是一对大素数(100到200位十进制数或更大)的函数。从一个公钥和密文恢复出明文的难度,等价于分解两个大素数之积(这是公认的数学难题)。
RSA的公钥、私钥的组成,以及加密、解密的公式可见于下表:
本文 Java 部分的代码为我项目对接的第三方公司提供的 RSA Demo(不知道在哪扒的工具类)稍微有些乱,相关示例代码我会单独贴出来,文末会给出完整文件代码供大家参考。
版本
| 语言 | 版本 |
|---|---|
| PHP | 7.2.19 |
| Java | 1.8.0_231 |
密钥生成
PHP
- RSAUtils::resetGenKeyPair
public static function resetGenKeyPair()
{
$config = array(
"private_key_bits" => self::PRIVATE_KEY_BITS,
"private_key_type" => self::KEY_ALGORITHM,
);
$openssl = openssl_pkey_new($config);
openssl_pkey_export($openssl, $privateKey);
$publicKey = openssl_pkey_get_details($openssl);
$publicKey = $publicKey["key"];
self::setGenKeyPair($publicKey, $privateKey);
}
Java
- RSAUtils.genKeyPair
public static Map<String, Object> genKeyPair() throws Exception {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
签名
私钥加签。
有时签名可能会因为数据编码不同而导致不一致,所以要求 PHP 和 Java 都对数据进行编码处理。
PHP
- RSAUtils::sign
public static function sign($dataStr)
{
$dataStr = self::str2utf8($dataStr);
$privateKeyId = openssl_get_privatekey(self::$PRIVATE_KEY);
openssl_sign($dataStr, $sign, $privateKeyId, self::SIGNATURE_ALGORITHM);
openssl_free_key($privateKeyId);
return base64_encode($sign);
}
Java
- RSAUtils.sign
public static String sign(byte[] data, String privateKey) throws Exception {
byte[] keyBytes = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateK);
signature.update(data);
return Base64.encodeToString(signature.sign());
}
验签
公钥验签。
PHP
- RSAUtils::verifySign
public static function verifySign($dataStr, $sign)
{
$dataStr = self::str2utf8($dataStr);
$publicKeyId = openssl_get_publickey(self::$PUBLIC_KEY);
return (boolean) openssl_verify($dataStr, base64_decode($sign), $publicKeyId, self::SIGNATURE_ALGORITHM);
}
Java
- RSAUtils.verify
public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {
try {
byte[] keyBytes = Base64.decode(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicK = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicK);
signature.update(data);
return signature.verify(Base64.decode(sign));
} catch (Exception e) {
throw e;
}
}
加密
公钥加密
PHP
- RSAUtils::encryptByPublicKey
public static function encryptByPublicKey($dataStr)
{
$dataStr = self::str2utf8($dataStr);
$publicKeyId = openssl_get_publickey(self::$PUBLIC_KEY);
$data = "";
$dataArray = str_split($dataStr, self::PRIVATE_KEY_BITS / 8 - 11);
foreach ($dataArray as $value) {
openssl_public_encrypt($value,$encryptedTemp, $publicKeyId,self::EN_DE_ALGORITHM);
$data .= $encryptedTemp;
}
openssl_free_key($publicKeyId);
return base64_encode($data);
}
Java
- RSASignCryptor.encrypt
public static String encrypt(String encryptKey, String plainText) {
try {
RSAPublicKey publicKey = (RSAPublicKey) getPublicKey(encryptKey);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] plainData = plainText.getBytes(ENCODING);
int MAX_ENCRYPT_BLOCK = publicKey.getModulus().bitLength() / 8 - 11;
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] cache;
for (int i = 0, offset = 0, len = plainData.length; offset < len;) {
if (len - offset > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(plainData, offset, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(plainData, offset, len - offset);
}
out.write(cache, 0, cache.length);
offset = (++i) * MAX_ENCRYPT_BLOCK;
}
byte[] enBytes = out.toByteArray();
out.close();
return new String(Base64.encodeBase64(enBytes), ENCODING);
} catch (Exception e) {
}
return null;
}
私钥加密
PHP
- RSAUtils::encryptByPrivateKey
public static function encryptByPrivateKey($dataStr)
{
$dataStr = self::str2utf8($dataStr);
$privateKeyId = openssl_get_privatekey(self::$PRIVATE_KEY);
$data = "";
$dataArray = str_split($dataStr, self::PRIVATE_KEY_BITS / 8 - 11);
foreach ($dataArray as $value) {
openssl_private_encrypt($value,$encryptedTemp, $privateKeyId,self::EN_DE_ALGORITHM);
$data .= $encryptedTemp;
}
openssl_free_key($privateKeyId);
return base64_encode($data);
}
解密
公钥解密
PHP
- RSAUtils::decryptByPublicKey
public static function decryptByPublicKey($encryptData) {
$decrypted = "";
$decodeStr = base64_decode($encryptData);
$publicKeyId = openssl_get_publickey(self::$PUBLIC_KEY);
$enArray = str_split($decodeStr, self::PRIVATE_KEY_BITS / 8);
foreach ($enArray as $value) {
openssl_public_decrypt($value,$decryptedTemp, $publicKeyId,self::EN_DE_ALGORITHM);
$decrypted .= $decryptedTemp;
}
openssl_free_key($publicKeyId);
return $decrypted;
}
私钥解密
PHP
- RSAUtils::decryptByPrivateKey
public static function decryptByPrivateKey($encryptData) {
$decrypted = "";
$decodeStr = base64_decode($encryptData);
$privateKeyId = openssl_get_privatekey(self::$PRIVATE_KEY);
$enArray = str_split($decodeStr, self::PRIVATE_KEY_BITS / 8);
foreach ($enArray as $value) {
openssl_private_decrypt($value,$decryptedTemp, $privateKeyId,self::EN_DE_ALGORITHM);
$decrypted .= $decryptedTemp;
}
openssl_free_key($privateKeyId);
return $decrypted;
}
Java
- RSASignCryptor.decrypt
public static String decrypt(String decryptKey, String encryptText) throws Exception {
try {
RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(decryptKey);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] enData = Base64.decodeBase64(encryptText.getBytes(ENCODING));
int MAX_DECRYPT_BLOCK = privateKey.getModulus().bitLength() / 8;
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] cache;
for (int i = 0, offset = 0, len = enData.length; offset < len;) {
if (len - offset > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(enData, offset, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(enData, offset, len - offset);
}
out.write(cache, 0, cache.length);
offset = (++i) * MAX_DECRYPT_BLOCK;
}
byte[] deBytes = out.toByteArray();
out.close();
return new String(deBytes, ENCODING);
} catch (Exception e) {
throw e;
}
}
Demo
PHP
RSAUtils.php
<?php
/**
* RSA工具类
* Class RSAUtils
* @author dbn
*/
class RSAUtils
{
/**
* 签名算法
*/
const KEY_ALGORITHM = OPENSSL_KEYTYPE_RSA;
const SIGNATURE_ALGORITHM = OPENSSL_ALGO_MD5;
const EN_DE_ALGORITHM = OPENSSL_PKCS1_PADDING;
/**
* 字节数
*/
const PRIVATE_KEY_BITS = 1024;
/**
* 公私钥
*/
public static $PUBLIC_KEY;
public static $PRIVATE_KEY;
public static $PUBLIC_KEY_STR;
public static $PRIVATE_KEY_STR;
/**
* 设置密钥对
* @param string $publicKey 公钥
* @param string $privateKey 私钥
*/
public static function setGenKeyPair($publicKey, $privateKey)
{
self::$PUBLIC_KEY = $publicKey;
self::$PRIVATE_KEY = $privateKey;
self::$PUBLIC_KEY_STR = self::key2str(self::$PUBLIC_KEY);
self::$PRIVATE_KEY_STR = self::key2str(self::$PRIVATE_KEY);
}
/**
* 重新生成密钥对
*/
public static function resetGenKeyPair()
{
$config = array(
"private_key_bits" => self::PRIVATE_KEY_BITS,
"private_key_type" => self::KEY_ALGORITHM,
);
$openssl = openssl_pkey_new($config);
openssl_pkey_export($openssl, $privateKey);
$publicKey = openssl_pkey_get_details($openssl);
$publicKey = $publicKey["key"];
self::setGenKeyPair($publicKey, $privateKey);
}
/**
* 加签
* @param string $dataStr 数据字符串
* @return string
*/
public static function sign($dataStr)
{
$dataStr = self::str2utf8($dataStr);
$privateKeyId = openssl_get_privatekey(self::$PRIVATE_KEY);
openssl_sign($dataStr, $sign, $privateKeyId, self::SIGNATURE_ALGORITHM);
openssl_free_key($privateKeyId);
return base64_encode($sign);
}
/**
* 验签
* @param string $dataStr 加签原数据字符串
* @param string $sign 签名
* @return bool
*/
public static function verifySign($dataStr, $sign)
{
$dataStr = self::str2utf8($dataStr);
$publicKeyId = openssl_get_publickey(self::$PUBLIC_KEY);
return (boolean) openssl_verify($dataStr, base64_decode($sign), $publicKeyId, self::SIGNATURE_ALGORITHM);
}
/**
* 公钥加密
* @param string $dataStr 加签原数据字符串
* @return string
*/
public static function encryptByPublicKey($dataStr)
{
$dataStr = self::str2utf8($dataStr);
$publicKeyId = openssl_get_publickey(self::$PUBLIC_KEY);
$data = "";
$dataArray = str_split($dataStr, self::PRIVATE_KEY_BITS / 8 - 11);
foreach ($dataArray as $value) {
openssl_public_encrypt($value,$encryptedTemp, $publicKeyId,self::EN_DE_ALGORITHM);
$data .= $encryptedTemp;
}
openssl_free_key($publicKeyId);
return base64_encode($data);
}
/**
* 私钥加密
* @param string $dataStr 加签原数据字符串
* @return string
*/
public static function encryptByPrivateKey($dataStr)
{
$dataStr = self::str2utf8($dataStr);
$privateKeyId = openssl_get_privatekey(self::$PRIVATE_KEY);
$data = "";
$dataArray = str_split($dataStr, self::PRIVATE_KEY_BITS / 8 - 11);
foreach ($dataArray as $value) {
openssl_private_encrypt($value,$encryptedTemp, $privateKeyId,self::EN_DE_ALGORITHM);
$data .= $encryptedTemp;
}
openssl_free_key($privateKeyId);
return base64_encode($data);
}
/**
* 公钥解密
* @param string $encryptData 加密数据字符串
* @return string
*/
public static function decryptByPublicKey($encryptData) {
$decrypted = "";
$decodeStr = base64_decode($encryptData);
$publicKeyId = openssl_get_publickey(self::$PUBLIC_KEY);
$enArray = str_split($decodeStr, self::PRIVATE_KEY_BITS / 8);
foreach ($enArray as $value) {
openssl_public_decrypt($value,$decryptedTemp, $publicKeyId,self::EN_DE_ALGORITHM);
$decrypted .= $decryptedTemp;
}
openssl_free_key($publicKeyId);
return $decrypted;
}
/**
* 私钥解密
* @param string $encryptData 加密数据字符串
* @return string
*/
public static function decryptByPrivateKey($encryptData) {
$decrypted = "";
$decodeStr = base64_decode($encryptData);
$privateKeyId = openssl_get_privatekey(self::$PRIVATE_KEY);
$enArray = str_split($decodeStr, self::PRIVATE_KEY_BITS / 8);
foreach ($enArray as $value) {
openssl_private_decrypt($value,$decryptedTemp, $privateKeyId,self::EN_DE_ALGORITHM);
$decrypted .= $decryptedTemp;
}
openssl_free_key($privateKeyId);
return $decrypted;
}
/**
* 公私钥转为字符串格式
* @param $key
* @return string
*/
private static function key2str($key)
{
$key = preg_replace(''/-----.*-----/'','''', $key);
$key = preg_replace(''/[\n\s]/'','''', $key);
return is_string($key) ? $key : '''';
}
/**
* 将字符串编码转为 utf8
* @param $str
* @return string
*/
private static function str2utf8($str)
{
$encode = mb_detect_encoding($str, array(''ASCII'', ''UTF-8'', ''GB2312'', ''GBK'', ''BIG5''));
$str = $str ? $str : mb_convert_encoding($str, ''UTF-8'', $encode);
$str = is_string($str) ? $str : '''';
return $str;
}
}
Test.php
<?php
require_once dirname(__FILE__) . ''/RSAUtils.php'';
RSAUtils::resetGenKeyPair();
echo "生成公钥:" . RSAUtils::$PUBLIC_KEY_STR . PHP_EOL;
echo "生成私钥:" . RSAUtils::$PRIVATE_KEY_STR . PHP_EOL;
echo str_repeat("==", 100) . PHP_EOL;
$publicKey = <<<EOF
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyJn4YYj+Ng/xjOPvGrt3MVLZ+
xk3yjqBUu5U5tO1xC1Q/Wae8gWpIC3ipS9UVMCNUOKm2GHdQFI1EXaAu0bRQhBb4
aE5IdXrT9Xoo4Zeuv/ut9UvKEpjBB7Geiy6OvAoA0ROBRLA9/j9W8jZraWiirXRA
xI7ZyqgZSr5lHgJWdwIDAQAB
-----END PUBLIC KEY-----
EOF;
$privateKey = <<<EOF
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALImfhhiP42D/GM4
+8au3cxUtn7GTfKOoFS7lTm07XELVD9Zp7yBakgLeKlL1RUwI1Q4qbYYd1AUjURd
oC7RtFCEFvhoTkh1etP1eijhl66/+631S8oSmMEHsZ6LLo68CgDRE4FEsD3+P1by
NmtpaKKtdEDEjtnKqBlKvmUeAlZ3AgMBAAECgYB0/En5gSrypyVpktXjFpmXwFlG
zroI+hfXDIdlqaXygdoE777yTpmYTdAifCWlEENi3wKzDUXsVFKf/ktd819QF4gH
Cby8Hlk39Gj1itUJ90V7XZVWgJJYMaudGg4rKa3w+VYhw2fut5EXJ9R6o7rQtp9M
9mlq6NuQIK30GYZEoQJBAN0hh3YYhPmeKLDwGsh/Ys+SbVWsSPkVnu6O9wcMk3JH
4bs/n2+hIPvPTYTHixcO/iMwILKdVWSdn5XtKnXR3zMCQQDOPfM7VJbyZVoe0f8i
AJfRAZ0d0oq/qTL30ypx3P7VltkcfszQH6M1+gapcZ8mCXpeV510V2U3AlsU+vun
S3utAkAE2GM7dzYSsiB6IAi2M/RaT/8NTYUb0Bl3aLKI+QGSE3kivTYlIAa0/cnZ
CvZFPxLaeod84m2okruYcWXoxvx5AkEAqM5J7FDjL8lHBxzoj2Me38JLYCJ40EDj
57Yd8o5owleyosEiUGLkyoQ3ua63DYIKd3eM97GktW6nMDfxjE+bDQJBANcwDRf4
CRW646Y/7kizjVOM4MUiJqAoBC4IEawrk25wfo0gBpBbcl24IOTERLUVtMZvqoc6
mbNoMUny2LuWvVI=
-----END PRIVATE KEY-----
EOF;
RSAUtils::setGenKeyPair($publicKey, $privateKey);
echo "自定义公钥:" . RSAUtils::$PUBLIC_KEY_STR . PHP_EOL;
echo "自定义私钥:" . RSAUtils::$PRIVATE_KEY_STR . PHP_EOL;
echo str_repeat("==", 100) . PHP_EOL;
$data = "{\r\n" . " \"tenantryId\":\"1548226942116\",\r\n" . " \"waybillCode\":\"T19000100152750\",\r\n" . " \"billDate\":\"2019-01-25 16:00:00\",\r\n"
. " \"driverContractCode\":\"\",\r\n" . " \"planStartTime\":\"2019-01-25 16:00:00\",\r\n" . " \"planEndTime\":\"2019-01-26 16:00:01\",\r\n"
. " \"shipperCorporationName\":\"江苏省常隆化工有限公司\",\r\n" . " \"loadingAddress\":\"发货详细地址\",\r\n" . " \"loadingLongitude\":\"456456\",\r\n" . " \"loadingLatitude\":\"123\",\r\n"
. " \"shipperPerson\":\"李四\",\r\n" . " \"shipperPhone\":\"18983746362\",\r\n" . " \"receiveCorporationName\":\"江苏省智联云物流科技有限公司\",\r\n"
. " \"unloadAddress\":\"收货详细地址\",\r\n" . " \"unloadLongitude\":\"2342\",\r\n" . " \"unloadLatitude\":\"234\",\r\n" . " \"receivePerson\":\"唐唐\",\r\n"
. " \"receivePhone\":\"18387473723\",\r\n" . " \"goodsCategory\":\"JXSBDQ\",\r\n" . " \"goodsName\":\"机床\",\r\n" . " \"goodsAmount\":\"1\",\r\n"
. " \"goodsPacking\":\"MX\",\r\n" . " \"goodsWeight\":\"1\",\r\n" . " \"goodsVolume\":\"0\",\r\n" . " \"plateNo\":\"苏D269ZP\",\r\n" . " \"truckTonnage\":\"1\",\r\n"
. " \"truckLength\":\"1\",\r\n" . " \"truckBox\":\"GL\",\r\n" . " \"owner\":\"赵六\",\r\n" . " \"driverName\":\"王五\",\r\n" . " \"driverPhone\":\"1234123\",\r\n"
. " \"driverLicense\":\"320483198209933456\",\r\n" . " \"receiptName\":\"张三\",\r\n" . " \"receiptCard\":\"6230202013315354\",\r\n"
. " \"receiptIdentity\":\"320483198209933874\",\r\n" . " \"receiptPhone\":\"1231231\",\r\n" . " \"feePrice\":\"50000\",\r\n" . " \"feeAmount\":\"1.2\",\r\n"
. " \"feeUnit\":\"2\",\r\n" . " \"payFare\":\"50000\",\r\n" . " \"isPolicy\":\"\",\r\n" . " \"isLocate\":\"\"\r\n" . "}";
$signData = RSAUtils::sign($data);
echo "签名:" . $signData . PHP_EOL;
$verify = RSAUtils::verifySign($data, $signData);
echo "验签:" . ($verify ? ''true'' : ''false'') . PHP_EOL;
echo str_repeat("==", 100) . PHP_EOL;
$str = "{\"env\":{\"server_name\":\"loc.test.net\",\"request_uri\":\"\/Test\/test\",\"client_ip\":\"172.18.0.1\",\"request_time\":1573192923,\"request_date\":\"2019-11-08 14:02:03\"},\"params\":{\"app_token\":\"123456789\",\"money\":\"123\",\"bankCard\":\"123123\",\"PHPSESSID\":\"eqc6h0dtg971s8488glelhedsb\"},\"result\":{\"code\":\"201\",\"msg\":\"\u53c2\u6570\u9a8c\u8bc1\u9519\u8bef\",\"result\":{}}}";
echo "加密文字:" . $str . PHP_EOL;
echo str_repeat("==", 100) . PHP_EOL;
$encrypt = RSAUtils::encryptByPublicKey($str);
echo "公钥加密:" . $encrypt . PHP_EOL;
$decrypt = RSAUtils::decryptByPrivateKey($encrypt);
echo "私钥解密:" . $decrypt . PHP_EOL;
echo str_repeat("==", 100) . PHP_EOL;
$encrypt = RSAUtils::encryptByPrivateKey($str);
echo "私钥加密:" . $encrypt . PHP_EOL;
$decrypt = RSAUtils::decryptByPublicKey($encrypt);
echo "公钥解密:" . $decrypt . PHP_EOL;
运行结果:
生成公钥:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvhG5CuPcyEROKrZyxlTJDP1iFsGALoZlepcWMkuKbxT2mS5PT11vCIc2tBBF5fTADLaUGguzTRPquXjFgTLTnAYmmjPYXwFKmFyS51Mf0sI3NMwRBwwhjQ4drLG4YH5uypDfq6h3hqj75ER+2/VUBqFdaJI/7m+ht4v+lqTT4oQIDAQAB
生成私钥:MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAK+EbkK49zIRE4qtnLGVMkM/WIWwYAuhmV6lxYyS4pvFPaZLk9PXW8Ihza0EEXl9MAMtpQaC7NNE+q5eMWBMtOcBiaaM9hfAUqYXJLnUx/Swjc0zBEHDCGNDh2ssbhgfm7KkN+rqHeGqPvkRH7b9VQGoV1okj/ub6G3i/6WpNPihAgMBAAECgYEAop6PzlAz8HZz5axfnwV+EWJysUMuafhq8o+jDlDVlr/UE+y4ZbGGecL6HpDDZA3CW1+CJBtQM5sYrE/nbbMEc+4pI7mKf9Vct2GULj0lfhhZVc8pPH8I/wsZOS9cbdHojZc2XGnVI/+UoAtKH9SKtR8tcQNP2Sc4sxAhxkftL1UCQQDlaYNmTFusfWlw6YJhVDjBV/6qaOK1nFUWGhNMOG6OdhGZOoqp/nNPX2bU/Qw7eG9rgIEZkwvLYk7XEsgor8Q7AkEAw9vlxYVocwt9UlSZBDFfiYF1RTFcfxM3JNrYJ1ojc0MrI56uj9uUVGdBqLN3FltDep0uNiKc/agn57Xg3Qr00wJBAI38uhjslaiyjjoWLF309JOl1La/5+Ejev4M8XixTKvbo5TEyOHh3Jh5oXmdjJ6aMcvFYyHjAt/EXqt6smuMLdUCQHWT2hFEsFp4KEi3jpCMz0yuEedy5ZNHxs/yLNca7rMwPIKKrUKhUB+HSUxsSG58ZTsDhw1qpBJG04Xvksk/3Y8CQQCV359laYTqNdnVa5RO2335TyEZyPJNt065XoU+8ruDIsJ+D4Ep54idv/ZRObnu8qt7/sU3l7cQRnQm+WzvKDNE
========================================================================================================================================================================================================
自定义公钥:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyJn4YYj+Ng/xjOPvGrt3MVLZ+xk3yjqBUu5U5tO1xC1Q/Wae8gWpIC3ipS9UVMCNUOKm2GHdQFI1EXaAu0bRQhBb4aE5IdXrT9Xoo4Zeuv/ut9UvKEpjBB7Geiy6OvAoA0ROBRLA9/j9W8jZraWiirXRAxI7ZyqgZSr5lHgJWdwIDAQAB
自定义私钥:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALImfhhiP42D/GM4+8au3cxUtn7GTfKOoFS7lTm07XELVD9Zp7yBakgLeKlL1RUwI1Q4qbYYd1AUjURdoC7RtFCEFvhoTkh1etP1eijhl66/+631S8oSmMEHsZ6LLo68CgDRE4FEsD3+P1byNmtpaKKtdEDEjtnKqBlKvmUeAlZ3AgMBAAECgYB0/En5gSrypyVpktXjFpmXwFlGzroI+hfXDIdlqaXygdoE777yTpmYTdAifCWlEENi3wKzDUXsVFKf/ktd819QF4gHCby8Hlk39Gj1itUJ90V7XZVWgJJYMaudGg4rKa3w+VYhw2fut5EXJ9R6o7rQtp9M9mlq6NuQIK30GYZEoQJBAN0hh3YYhPmeKLDwGsh/Ys+SbVWsSPkVnu6O9wcMk3JH4bs/n2+hIPvPTYTHixcO/iMwILKdVWSdn5XtKnXR3zMCQQDOPfM7VJbyZVoe0f8iAJfRAZ0d0oq/qTL30ypx3P7VltkcfszQH6M1+gapcZ8mCXpeV510V2U3AlsU+vunS3utAkAE2GM7dzYSsiB6IAi2M/RaT/8NTYUb0Bl3aLKI+QGSE3kivTYlIAa0/cnZCvZFPxLaeod84m2okruYcWXoxvx5AkEAqM5J7FDjL8lHBxzoj2Me38JLYCJ40EDj57Yd8o5owleyosEiUGLkyoQ3ua63DYIKd3eM97GktW6nMDfxjE+bDQJBANcwDRf4CRW646Y/7kizjVOM4MUiJqAoBC4IEawrk25wfo0gBpBbcl24IOTERLUVtMZvqoc6mbNoMUny2LuWvVI=
========================================================================================================================================================================================================
签名:FibUiFnO6bGKwua5bV2k1AQPIFTms6REYSybBsTEUlXyo2Tc79UZ0ett1pNUU3qhhsCOeBTCdKlI5j/aygpzkYANv7Ff2eT/Jd1gRG3X+XGX1bQpRm/6CNesVV99EPLfUMXWmulGX2FxMY/7XY49H7jtJcbUnyZjjHR2MEWGbHQ=
验签:true
========================================================================================================================================================================================================
加密文字:{"env":{"server_name":"loc.test.net","request_uri":"\/Test\/test","client_ip":"172.18.0.1","request_time":1573192923,"request_date":"2019-11-08 14:02:03"},"params":{"app_token":"123456789","money":"123","bankCard":"123123","PHPSESSID":"eqc6h0dtg971s8488glelhedsb"},"result":{"code":"201","msg":"\u53c2\u6570\u9a8c\u8bc1\u9519\u8bef","result":{}}}
========================================================================================================================================================================================================
公钥加密:BLF/zEOuHoLHDFM9aNXu0I5kke1L6AiBAyBjFycFpQPiPctGXzP2m0/xWTq7H6jqbTvpvw5QvvJK04u2PMhvxaprmXEQtE7dsOj4D/K2UoSgD6zaPcxEaS6ToDvJeOvtRAQCyAeXQhFIdeM8roziVr8O/dKQ0HxG/Yah2Ap+9Ctvofu2HlSmxjsHVCFg+WrA1bbSR20Ukm4NEu3gYI2eWRkv0LkXbSFkAsWs8/naA/P/VCMtU/0MShYd6cXEEhknKev1WLB97LMl/840MJEaapZa25+APO/HAfjTUMsCW+yZz8944JCUXdjVJ43NsR4m6Ja/t2cPqE5iaKFmrMkg+nSTwp17IHOcWCtImgMtt0CtyPixa5tylLFf56Uy+GUkYLSwST+RyvecFzCLYnnJwo2po82B8Cs6LGUCMKjs0SOwNsGVqD2MnOuAn2UbzRstS8866O/B+YuYKQdDjoIFY25f7mW1Vl+BtxwPL0GbdptRJVMtZxBvBxMJigXuOEo4
私钥解密:{"env":{"server_name":"loc.test.net","request_uri":"\/Test\/test","client_ip":"172.18.0.1","request_time":1573192923,"request_date":"2019-11-08 14:02:03"},"params":{"app_token":"123456789","money":"123","bankCard":"123123","PHPSESSID":"eqc6h0dtg971s8488glelhedsb"},"result":{"code":"201","msg":"\u53c2\u6570\u9a8c\u8bc1\u9519\u8bef","result":{}}}
========================================================================================================================================================================================================
私钥加密:Mwjypj/tbtfjLz+qbUKgs5cOOutmvHdwXQnAuYovGyx6yFE3mcBUeqB+Z+uMJUaNuH/qZGevaxAvkGesotnIIL6YmobxtA0apxMCfKGX+BV+7n/6t4G68gj0Yy9ng54c5CdjEZmxull7iKl5zmsUO5PIxDBiWKYblpgItwnuuz0xMKe2opPrmP0BBDFXGyBmGBjBFyORSEJ5brX0+w6EU/mbFGnAjaEOsQDLFrO7O0Uh0l4WUvz7NKxxcHV62a2HWgW/wXOyKxmf9Z6bdTIQFXXYBynG+D5JR6EY/rIHj/dMZIvPLG+b4UZNwjLU4QhM2VL1TDUNV8hJDQQdxbeQrKzUq3Z089H/3VWff/hHtq2hh5rtIIG0Buo54P7Gjqs3MO5ursDWq54NBltVnuSJpi+4+zAkWTbMMmJLjtRuFJ6sc5gFjKW0ovLDG/4RcKZ0a1wj3nfLoL/HU5JIV5XYUQLX8dEkM9XpakzsU7UbLrbBRszHDgOg6laUlVLIWe/A
公钥解密:{"env":{"server_name":"loc.test.net","request_uri":"\/Test\/test","client_ip":"172.18.0.1","request_time":1573192923,"request_date":"2019-11-08 14:02:03"},"params":{"app_token":"123456789","money":"123","bankCard":"123123","PHPSESSID":"eqc6h0dtg971s8488glelhedsb"},"result":{"code":"201","msg":"\u53c2\u6570\u9a8c\u8bc1\u9519\u8bef","result":{}}}
Java
RSAUtils.java
package com.localhost;
import java.io.ByteArrayOutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.apache.shiro.codec.Base64;
/**
* @Title RSAUtils.java
* @Description RSA工具类
* @Create DateTime: 2018年10月11日 下午14:00:00
*
* @author wangxiaohui
*
*/
public class RSAUtils {
/**
* 加密算法RSA
*/
/**
* 签名算法
*/
public static final String KEY_ALGORITHM = "RSA";
public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
/**
* 获取公钥的key
*/
private static final String PUBLIC_KEY = "RSAPublicKey";
/**
* 获取私钥的key
*/
private static final String PRIVATE_KEY = "RSAPrivateKey";
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* <p>
* 生成密钥对(公钥和私钥)
* </p>
*
* @return
* @throws Exception
*/
public static Map<String, Object> genKeyPair() throws Exception {
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(1024);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
/**
* <p>
* 用私钥对信息生成数字签名
* </p>
*
* @param data
* 已加密数据
* @param privateKey
* 私钥(BASE64编码)
*
* @return
* @throws Exception
*/
public static String sign(byte[] data, String privateKey) throws Exception {
byte[] keyBytes = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateK);
signature.update(data);
return Base64.encodeToString(signature.sign());
}
/** */
/**
* <p>
* 校验数字签名
* </p>
*
* @param data
* 已加密数据
* @param publicKey
* 公钥(BASE64编码)
* @param sign
* 数字签名
*
* @return
* @throws Exception
*
*/
public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {
try {
byte[] keyBytes = Base64.decode(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicK = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicK);
signature.update(data);
return signature.verify(Base64.decode(sign));
} catch (Exception e) {
throw e;
}
}
/** */
/**
* <P>
* 私钥解密
* </p>
*
* @param encryptedData
* 已加密数据
* @param privateKey
* 私钥(BASE64编码)
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] encryptedData, String privateKey) throws Exception {
byte[] keyBytes = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateK);
int inputLen = encryptedData.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
}
/** */
/**
* <p>
* 公钥解密
* </p>
*
* @param encryptedData
* 已加密数据
* @param publicKey
* 公钥(BASE64编码)
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] encryptedData, String publicKey) throws Exception {
byte[] keyBytes = Base64.decode(publicKey);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicK);
int inputLen = encryptedData.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
}
public static String encryptByPublicKey(String str, String publicKey) throws Exception {
return new String((encryptByPublicKey(str.getBytes(), publicKey)), "utf-8");
}
public static String decryptByPrivateKey(String str, String privateKey) throws Exception {
return new String(decryptByPrivateKey(str.getBytes(), privateKey), "utf-8");
}
/**
* <p>
* 公钥加密
* </p>
*
* @param data
* 源数据
* @param publicKey
* 公钥(BASE64编码)
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String publicKey) throws Exception {
byte[] keyBytes = Base64.decode(publicKey);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);
// 对数据加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
* <p>
* 私钥加密
* </p>
*
* @param data
* 源数据
* @param privateKey
* 私钥(BASE64编码)
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String privateKey) throws Exception {
byte[] keyBytes = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
* <p>
* 获取私钥
* </p>
*
* @param keyMap
* 密钥对
* @return
* @throws Exception
*/
public static String getPrivateKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return Base64.encodeToString(key.getEncoded());
}
/**
* <p>
* 获取公钥
* </p>
*
* @param keyMap
* 密钥对
* @return
* @throws Exception
*/
public static String getPublicKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return Base64.encodeToString(key.getEncoded());
}
}
RsaSignCryptor.java
package com.localhost;
import java.io.ByteArrayOutputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Map;
import java.util.TreeMap;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* @Title RSASignCryptor.java
* @Description RSA加密工具类
* @Create DateTime: 2018年10月11日 下午14:00:00
*
* @author wangxiaohui
*
*/
public class RSASignCryptor {
public static final String KEY_ALGORITHM = "RSA";
public static final String SIGNATURE_ALGORITHM = "SHA1WithRSA";
public static final String ENCODING = "utf-8";
public static final String X509 = "X.509";
// private static final int MAX_ENCRYPT_BLOCK = 117; //RSA最大加密明文大小
// private static final int MAX_DECRYPT_BLOCK = 128; //RSA最大解密密文大小
public static PrivateKey getPrivateKey(String key) throws Exception {
byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING));
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
return privateKey;
}
public static PublicKey getPublicKey(String key) throws Exception {
byte[] keyBytes = Base64.decodeBase64(key.getBytes(ENCODING));
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(keyBytes));
return pubKey;
}
public String getSignData(Map<String, String> params, String sep) {
if (params instanceof TreeMap) {
StringBuilder builder = new StringBuilder();
boolean isFirst = true;
for (Map.Entry<String, String> entry : params.entrySet()) {
if (StringUtils.isEmpty(entry.getKey()) || StringUtils.isEmpty(entry.getValue())) {
continue;
}
if (!isFirst) {
builder.append(sep);
}
builder.append(entry.getKey()).append("=").append(entry.getValue());
isFirst = false;
}
return builder.toString();
} else {
Map<String, String> sortedMap = new TreeMap<String, String>();
for (Map.Entry<String, String> entry : params.entrySet()) {
sortedMap.put(entry.getKey(), entry.getValue());
}
return getSignData(sortedMap, sep);
}
}
public static String sign(String signData, String signKey) {
String ret = null;
try {
PrivateKey priKey = getPrivateKey(signKey);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(priKey);
signature.update(signData.getBytes(ENCODING));
byte[] signed = signature.sign();
// ret = new String(UrlBase64.encode(signed), ENCODING);
ret = new String(Base64.encodeBase64(signed), ENCODING);
} catch (Exception e) {
}
return ret;
}
public static boolean verifySign(String signData, String signKey, String sign) {
try {
PublicKey pubKey = getPublicKey(signKey);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pubKey);
signature.update(signData.getBytes(ENCODING));
return signature.verify(Base64.decodeBase64(sign.getBytes(ENCODING)));
} catch (Exception e) {
}
return false;
}
public static String encrypt(String encryptKey, String plainText) {
try {
RSAPublicKey publicKey = (RSAPublicKey) getPublicKey(encryptKey);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] plainData = plainText.getBytes(ENCODING);
int MAX_ENCRYPT_BLOCK = publicKey.getModulus().bitLength() / 8 - 11;
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] cache;
for (int i = 0, offset = 0, len = plainData.length; offset < len;) {
if (len - offset > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(plainData, offset, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(plainData, offset, len - offset);
}
out.write(cache, 0, cache.length);
offset = (++i) * MAX_ENCRYPT_BLOCK;
}
byte[] enBytes = out.toByteArray();
out.close();
return new String(Base64.encodeBase64(enBytes), ENCODING);
} catch (Exception e) {
}
return null;
}
public static String decrypt(String decryptKey, String encryptText) throws Exception {
try {
RSAPrivateKey privateKey = (RSAPrivateKey) getPrivateKey(decryptKey);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] enData = Base64.decodeBase64(encryptText.getBytes(ENCODING));
int MAX_DECRYPT_BLOCK = privateKey.getModulus().bitLength() / 8;
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] cache;
for (int i = 0, offset = 0, len = enData.length; offset < len;) {
if (len - offset > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(enData, offset, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(enData, offset, len - offset);
}
out.write(cache, 0, cache.length);
offset = (++i) * MAX_DECRYPT_BLOCK;
}
byte[] deBytes = out.toByteArray();
out.close();
return new String(deBytes, ENCODING);
} catch (Exception e) {
throw e;
}
}
}
java / android中的数字签名(RSA密钥)
我想在我的java / android项目中使用存储在DB中的私钥(RSA)生成数字签名.
我的2个密钥是使用以下代码生成的(项目正在生产中,我无法更改):
// Get keys pair (RSA)
KeyPair rsaKyePair = createKeyPair();
// Get private/ public keys and store them in DB
String pri = getPrivateKeyBase64Str(rsaKyePair);
String pub = getPublicKeyBase64Str(rsaKyePair));
public static KeyPair createKeyPair() {
KeyPair keyPair = null;
try {
KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
keygen.initialize(KEY_LENGTH);
keyPair = keygen.generateKeyPair();
} catch (NoSuchAlgorithmException e) {
e.printstacktrace();
return null;
}
return keyPair;
}
public static String getPrivateKeyBase64Str(KeyPair keyPair){
if (keyPair == null) return null;
return getBase64StrFromByte(keyPair.getPrivate().getEncoded());
}
public static String getPublicKeyBase64Str(KeyPair keyPair){
if (keyPair == null) return null;
return getBase64StrFromByte(keyPair.getPublic().getEncoded());
}
public static String getBase64StrFromByte(byte[] key){
if (key == null || key.length == 0) return null;
return new String(Base64.encode(key));
}
基于不同的站点(here和here),我将尝试编写用于生成签名的代码:
String mySignature = getDigitalSignature("my_string_", "my_private_string" );
/*
* Generated a signed String
* @param text : string to sign
* @param strPrivateKey : private key (String format)
*/
public String getDigitalSignature(String text, String strPrivateKey) {
try {
// Get private key from String
PrivateKey pk = loadPrivateKey(strPrivateKey);
// text to bytes
byte[] data = text.getBytes("UTF8");
// signature
Signature sig = Signature.getInstance("MD5WithRSA");
sig.initSign(pk);
sig.update(data);
byte[] signatureBytes = sig.sign();
return javax.xml.bind.DatatypeConverter.printBase64Binary(signatureBytes);
}catch(Exception e){
return null;
}
}
private PrivateKey loadPrivateKey(String key64) throws GeneralSecurityException {
byte[] clear = Base64.decode(key64, Base64.DEFAULT);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(clear);
KeyFactory fact = KeyFactory.getInstance("RSA");
PrivateKey priv = fact.generatePrivate(keySpec);
Arrays.fill(clear, (byte) 0);
return priv;
}
为验证签名,我在我的java API中使用此代码:
/*
* Verify signature of a string
* @param signature : signature
* @param origina: original string to verify
* @param publicKey: user public key
*/
public static boolean verfiySignature(String signature, String original, String publicKey){
try{
// Get private key from String
PublicKey pk = loadPublicKey(publicKey);
// text to bytes
byte[] originalBytes = original.getBytes("UTF8");
//signature to bytes
//byte[] signatureBytes = signature.getBytes("UTF8");
byte[] signatureBytes =javax.xml.bind.DatatypeConverter.parseBase64Binary(signature);
Signature sig = Signature.getInstance("MD5WithRSA");
sig.initVerify(pk);
sig.update(originalBytes);
return sig.verify(signatureBytes);
}catch(Exception e){
e.printstacktrace();
Logger log = Logger.getLogger(RsaCipher.class);
log.error("error for signature:" + e.getMessage());
return false;
}
}
/*
* Generate a PublicKey object from a string
* @ key64 : public key in string format (BASE 64)
*/
private static PublicKey loadPublicKey(String key64) throws GeneralSecurityException {
byte[] data = javax.xml.bind.DatatypeConverter.parseBase64Binary(key64);
X509EncodedKeySpec spec = new X509EncodedKeySpec(data);
KeyFactory fact = KeyFactory.getInstance("RSA");
return fact.generatePublic(spec);
}
我用真实数据运行此代码,但“verifySignature”始终返回“False”.
我是加密世界的新手,原谅我的脏代码.
—编辑
调用verify方法时出现异常:
java.security.SignatureException: Signature encoding error
解决方法:
签名时,您返回了签名base64编码:
return Base64.encodetoString(signatureBytes, Base64.DEFAULT);
因此,在验证时您必须对签名字符串进行base64解码.但你做的是:
byte[] signatureBytes = signature.getBytes("UTF8");
因此,您尝试验证的signatureBytes与签名后签名的signatureBytes完全不同.
你签字使用
Signature sig = Signature.getInstance("RSA");
但你验证使用
Signature sig = Signature.getInstance("MD5WithRSA");
显然你应该在两种情况下都使用相同的算法.
今天关于C#和JAVA的RSA密钥、公钥转换和java使用rsa公钥私钥加密解密的介绍到此结束,谢谢您的阅读,有关.Net c# RSA xml公钥密钥转pem格式、.NET Core RSA密钥的xml、pkcs1、pkcs8格式转换和JavaScript、Java等语言进行对接、Java & PHP RSA 互通密钥、签名、验签、加密、解密、java / android中的数字签名(RSA密钥)等更多相关知识的信息可以在本站进行查询。
本文标签:
