RSA加密解密

RSAUtil.java

package com.soc.cloud.util;

import com.soc.cloud.exception.CommonError;
import com.soc.cloud.param.BaseErrResult;
import com.soc.cloud.util.redis.RedisParam;
import org.springframework.data.redis.core.RedisTemplate;

import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;

import javax.crypto.Cipher;



/**
 * https://blog.csdn.net/sunansheng/article/details/48155823
 * RSA 工具类。提供加密,解密,生成密钥对等方法。
 * 需要到http://www.bouncycastle.org下载bcprov-jdk14-123.jar。
 *
 */
public class RSAUtil {

    private static final KeyPair keyPair = generateKeyPair();

    /**
     * 生成密钥对
     * @return
     * @throws Exception
     */
    public static KeyPair generateKeyPair()  {
        try {
            KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA",
                    new org.bouncycastle.jce.provider.BouncyCastleProvider());
            final int KEY_SIZE = 1024;// 没什么好说的了,这个值关系到块加密的大小,可以更改,但是不要太大,否则效率会低
            keyPairGen.initialize(KEY_SIZE, new SecureRandom());
            KeyPair keyPair = keyPairGen.generateKeyPair();
            return keyPair;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /**
     * 生成公钥
     * @param modulus
     * @param publicExponent
     * @return
     * @throws Exception
     */
    public static RSAPublicKey generateRSAPublicKey(byte[] modulus,
                                                    byte[] publicExponent) throws Exception {
        KeyFactory keyFac = null;
        try {
            keyFac = KeyFactory.getInstance("RSA",
                    new org.bouncycastle.jce.provider.BouncyCastleProvider());
        } catch (NoSuchAlgorithmException ex) {
            throw new Exception(ex.getMessage());
        }

        RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(
                modulus), new BigInteger(publicExponent));
        try {
            return (RSAPublicKey) keyFac.generatePublic(pubKeySpec);
        } catch (InvalidKeySpecException ex) {
            throw new Exception(ex.getMessage());
        }
    }

    /**
     * 生成私钥
     * @param modulus
     * @param privateExponent
     * @return
     * @throws Exception
     */
    public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus,
                                                      byte[] privateExponent) throws Exception {
        KeyFactory keyFac = null;
        try {
            keyFac = KeyFactory.getInstance("RSA",
                    new org.bouncycastle.jce.provider.BouncyCastleProvider());
        } catch (NoSuchAlgorithmException ex) {
            throw new Exception(ex.getMessage());
        }

        RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(new BigInteger(
                modulus), new BigInteger(privateExponent));
        try {
            return (RSAPrivateKey) keyFac.generatePrivate(priKeySpec);
        } catch (InvalidKeySpecException ex) {
            throw new Exception(ex.getMessage());
        }
    }

    /**
     * * 加密 *
     *
     * @param pk
     *            加密的密钥 *
     * @param data
     *            待加密的明文数据 *
     * @return 加密后的数据 *
     * @throws Exception
     */
    public static byte[] encrypt(PublicKey pk, byte[] data) throws Exception {
        try {
            Cipher cipher = Cipher.getInstance("RSA",
                    new org.bouncycastle.jce.provider.BouncyCastleProvider());
            cipher.init(Cipher.ENCRYPT_MODE, pk);
            int blockSize = cipher.getBlockSize();// 获得加密块大小,如:加密前数据为128个byte,而key_size=1024
            // 加密块大小为127
            // byte,加密后为128个byte;因此共有2个加密块,第一个127
            // byte第二个为1个byte
            int outputSize = cipher.getOutputSize(data.length);// 获得加密块加密后块大小
            int leavedSize = data.length % blockSize;
            int blocksSize = leavedSize != 0 ? data.length / blockSize + 1
                    : data.length / blockSize;
            byte[] raw = new byte[outputSize * blocksSize];
            int i = 0;
            while (data.length - i * blockSize > 0) {
                if (data.length - i * blockSize > blockSize)
                    cipher.doFinal(data, i * blockSize, blockSize, raw, i
                            * outputSize);
                else
                    cipher.doFinal(data, i * blockSize, data.length - i
                            * blockSize, raw, i * outputSize);
                // 这里面doUpdate方法不可用,查看源代码后发现每次doUpdate后并没有什么实际动作除了把byte[]放到
                // ByteArrayOutputStream中,而最后doFinal的时候才将所有的byte[]进行加密,可是到了此时加密块大小很可能已经超出了
                // OutputSize所以只好用dofinal方法。

                i++;
            }
            return raw;
        } catch (Exception e) {
            throw new Exception(e.getMessage());
        }
    }

    /**
     * * 解密 *
     *
     * @param pk
     *            解密的密钥 *
     * @param raw
     *            已经加密的数据 *
     * @return 解密后的明文 *
     * @throws Exception
     */
    public static byte[] decrypt(PrivateKey pk, byte[] raw) throws Exception {
        try {
            Cipher cipher = Cipher.getInstance("RSA",
                    new org.bouncycastle.jce.provider.BouncyCastleProvider());
            cipher.init(cipher.DECRYPT_MODE, pk);
            int blockSize = cipher.getBlockSize();
            ByteArrayOutputStream bout = new ByteArrayOutputStream(64);
            int j = 0;

            while (raw.length - j * blockSize > 0) {
                bout.write(cipher.doFinal(raw, j * blockSize, blockSize));
                j++;
            }
            return bout.toByteArray();
        } catch (Exception e) {
            throw new Exception(e.getMessage());
        }
    }

    /**
     * RSA 公用加密,用秘钥解密,然后base64加密返回
     * @param password
     * @param keyPair
     * @return
     * @throws Exception
     */
    public static String passwordEncrypt(String password, KeyPair keyPair ) throws Exception {
        return  passwordEncrypt(true,password,keyPair);
    }

    /**
     * RSA 公用加密,用秘钥解密,然后base64加密返回
     * @return
     */
    public static String passwordEncrypt(boolean passwordVerify,String password, KeyPair keyPair ) throws Exception {
//        byte[] en_result = new BigInteger(password, 16).toByteArray();
        byte[] en_result = hexStringToBytes(password ) ;
        byte[] de_result = RSAUtil.decrypt(keyPair.getPrivate(),en_result);
        StringBuffer sb = new StringBuffer();
        sb.append(new String(de_result));
        String rsaPsaaword = sb.reverse().toString();
//        if (passwordVerify){
//            boolean psaawordBl = StringUtil.validateKey(rsaPsaaword);
//            if (psaawordBl){
//                CommonError.CommonErr(new BaseErrResult("11001", "键盘上连续排序的密码,连续不得超过3位"));
//            }
//        }

        String psaaword = EncryptUtils.encodeMD5String(
                EncryptUtils.encodeBase64String(rsaPsaaword));
        return psaaword;
    }

    /**
     * RSA 公用加密,用秘钥解密, 返回真实密码
     * @return
     */
    public static String originalPasswordEncrypt(String password, KeyPair keyPair ) throws Exception {
        byte[] en_result = hexStringToBytes(password ) ;
        byte[] de_result = RSAUtil.decrypt(keyPair.getPrivate(),en_result);
        StringBuffer sb = new StringBuffer();
        sb.append(new String(de_result));
        String rsaPsaaword = sb.reverse().toString();
        return rsaPsaaword;
    }

    /**
     * 16进制 To byte[]
     * @param hexString
     * @return byte[]
     */
    public static byte[] hexStringToBytes(String hexString) {
        if (hexString == null || hexString.equals("")) {
            return null;
        }
        hexString = hexString.toUpperCase();
        int length = hexString.length() / 2;
        char[] hexChars = hexString.toCharArray();
        byte[] d = new byte[length];
        for (int i = 0; i < length; i++) {
            int pos = i * 2;
            d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
        }
        return d;
    }
    /**
     * Convert char to byte
     * @param c char
     * @return byte
     */
    private static byte charToByte(char c) {
        return (byte) "0123456789ABCDEF".indexOf(c);
    }

}

  获取RSA公钥,将 秘钥对 存redis里

@Autowired
	RedisTemplate redisRsa;
public static final String RSA_KEY_PAIR= "RSA_KEY_PAIR_";//每次RSA加密对应的秘钥

/**
	 *
	 */
	@RequestMapping(value = "/getRsaPublicKey", method = { RequestMethod.GET })
	@ResponseBody
	@SystemControllerLog(description = "获取RSA公钥", moduleName = "获取RSA公钥")
	public BaseResult getRsaPublicKey() throws Exception {

		KeyPair keyPair = RSAUtil.generateKeyPair();-- 获取秘钥对
		redisRsa.opsForValue().set(RedisParam.RSA_KEY_PAIR, keyPair);

		Map map = new HashMap(2);
		RSAPublicKey rsap = (RSAPublicKey) keyPair.getPublic();
		map.put("modulus", rsap.getModulus().toString(16));
		map.put("e", rsap.getPublicExponent().toString(16));
		return new BaseResult("0", "成功", map);
	}

  公钥加密

@Autowired
	RedisTemplate redisRsa;

	@Override
	public User login(String loginId, String password) throws Exception {

		User user = userMapper.getUserByLoginId(loginId);

		KeyPair keyPair  = (KeyPair) redisRsa.opsForValue().get(RedisParam.RSA_KEY_PAIR); -- redis里获取秘钥对
		//rsa加密登陆密码 做对比
		String nUserPassWord = RSAUtil.passwordEncrypt(false,password,keyPair);
		
		if(user==null||!user.getUserPassword().equals(nUserPassWord)){
			// 登陆失败
			CommonError.CommonErr(AdminResultParam.USER_PASSUSER_ERR.getErrResult());
		}

		return user;
	}

  解密同理

java

相关

JavaWeb的三大作用域

java中常用数组copy方法

6.Java方法

Java web开发:从零到 Run 一个现有的 Spring Boot 前后端分离项目(前端Vue)

javascript基础知识(29) 实现继承的方式

java 正则表达式

JAVA List<Object[]>取值问题

初次接触Java感受

99乘法表 java for循环

基于java.net.socket包的对象传递

Idea Java项目文件夹后面提示百分数怎么去掉

Java8新特性

标签