參考的優秀文章
簡單的介紹
RSA是有名的非對稱加密算法。
RSA有兩個密鑰,一個是公開的,稱為公開密鑰;一個是私密的,稱為私密密鑰。
特點:
- 公開密鑰是對大眾公開的,私密密鑰是服務器私有的,兩者不能互推得出。
- 用公開密鑰對數據進行加密,私密密鑰可解密;私密密鑰對數據加密,公開密鑰可解密。
- 速度較對稱加密慢。
RSA是一個支持加密、簽名的算法。
加密:
一般來說,我們通過公開密鑰對信息加密,然后發送給服務端,服務端再用私密密鑰解密,獲取保密的信息。(而RSA中通過私密密鑰加密,然后通過公開密鑰正確地解密獲取信息,但這個過程對於加密來說沒有意義,因為公開密鑰是公開的,也就是說大家都可以解密。所以私密密鑰加密、公開密鑰解密用於簽名功能)
簽名:
簽名的目的在於證明給大伙看這份信息是本人所發,並且發送過程中沒被篡改。
服務端對於將要發送的信息進行摘要操作(比如MD5),然后對其摘要值用私密密鑰加密,形成簽名值,將發送的信息與簽名值發送出去。客戶端收到信息和簽名值后,用公開密鑰將簽名值解密,然后將信息進行摘要操作,再比對兩者的摘要值,就可知該信息是否服務端所發,發送過程是否有篡改。
疑問與解答
為什么叫RSA呢?
答:看一下它的發明者們的名字就知道了:Ron Rivest、Adi Shamir、Leonard Adleman。
非對稱加密算法是什么呢?
答:比如,信息通過公開密鑰加密,然后不能通過公開密鑰解密,只能通過私密密鑰去解密。同樣的,信息通過私密密鑰加密,只能由公開密鑰解密。當然,公開密鑰與私密密鑰之間無法通過計算互推。
RSA運用在哪里呢?
答:比如HTTPS。
簡單的RSA使用演示
import sun.misc.BASE64Decoder; import sun.misc.BASE64Encoder; public class Base64Util { /** * Base64加密 */ public static String encryptBASE64(byte[] key) throws Exception { return (new BASE64Encoder()).encodeBuffer(key); } /** * Base64解密 */ public static byte[] decryptBASE64(String key) throws Exception { return (new BASE64Decoder()).decodeBuffer(key); } }
import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; import javax.crypto.Cipher; public class RSAUtil { public static final String ENCRYPTION_ALGORITHM = "RSA"; public static final String SIGNATURE_ALGORITHM = "MD5withRSA"; /** * 生成密鑰 */ public static Map<String, Object> initKey() throws Exception { /* 初始化密鑰生成器 */ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ENCRYPTION_ALGORITHM); keyPairGenerator.initialize(1024); /* 生成密鑰 */ KeyPair keyPair = keyPairGenerator.generateKeyPair(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); Map<String, Object> keyMap = new HashMap<String, Object>(2); keyMap.put("PublicKey", publicKey); keyMap.put("PrivateKey", privateKey); return keyMap; } /** * 取得公鑰 */ public static String getPublicKey(Map<String, Object> keyMap) throws Exception { Key key = (Key) keyMap.get("PublicKey"); return Base64Util.encryptBASE64(key.getEncoded()); } /** * 取得私鑰 */ public static String getPrivateKey(Map<String, Object> keyMap) throws Exception { Key key = (Key) keyMap.get("PrivateKey"); return Base64Util.encryptBASE64(key.getEncoded()); } /** * 加密 */ public static byte[] encrypt(byte[] data, String keyString, boolean isPublic) throws Exception { Map<String, Object> keyAndFactoryMap = RSAUtil.generateKeyAndFactory(keyString, isPublic); KeyFactory keyFactory = RSAUtil.getKeyFactory(keyAndFactoryMap); Key key = RSAUtil.getKey(keyAndFactoryMap); // 對數據加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, key); return cipher.doFinal(data); } /** * 解密 */ public static byte[] decrypt(byte[] data, String keyString, boolean isPublic) throws Exception { Map<String, Object> keyAndFactoryMap = RSAUtil.generateKeyAndFactory(keyString, isPublic); KeyFactory keyFactory = RSAUtil.getKeyFactory(keyAndFactoryMap); Key key = RSAUtil.getKey(keyAndFactoryMap); // 對數據加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, key); return cipher.doFinal(data); } /** * 生成鑰匙 */ public static Map<String, Object> generateKeyAndFactory(String keyString, boolean isPublic) throws Exception { byte[] keyBytes = Base64Util.decryptBASE64(keyString); KeyFactory keyFactory = KeyFactory.getInstance(ENCRYPTION_ALGORITHM); Key key = null; if (isPublic) { X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); key = keyFactory.generatePublic(x509KeySpec); } else { PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); key = keyFactory.generatePrivate(pkcs8KeySpec); } Map<String, Object> keyAndFactoryMap = new HashMap<String, Object>(2); keyAndFactoryMap.put("key", key); keyAndFactoryMap.put("keyFactory", keyFactory); return keyAndFactoryMap; } /** * 從指定對象中獲取鑰匙 */ public static Key getKey(Map<String, Object> map) { if (map.get("key") == null) { return null; } return (Key)map.get("key"); } /** * 從指定對象中獲取鑰匙工廠 */ public static KeyFactory getKeyFactory(Map<String, Object> map) { if (map.get("keyFactory") == null) { return null; } return (KeyFactory)map.get("keyFactory"); } /** * 對信息生成數字簽名(用私鑰) */ public static String sign(byte[] data, String keyString) throws Exception { Map<String, Object> keyAndFactoryMap = RSAUtil.generateKeyAndFactory(keyString, false); Key key = RSAUtil.getKey(keyAndFactoryMap); PrivateKey privateKey = (PrivateKey)key; // 用私鑰對信息生成數字簽名 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(privateKey); signature.update(data); return Base64Util.encryptBASE64(signature.sign()); } /** * 校驗數字簽名(用公鑰) */ public static boolean verify(byte[] data, String keyString, String sign) throws Exception { Map<String, Object> keyAndFactoryMap = RSAUtil.generateKeyAndFactory(keyString, true); Key key = RSAUtil.getKey(keyAndFactoryMap); PublicKey publicKey = (PublicKey)key; // 取公鑰匙對象 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(publicKey); signature.update(data); // 驗證簽名是否正常 return signature.verify(Base64Util.decryptBASE64(sign)); } }
import static org.junit.Assert.*; import org.junit.Before; import org.junit.Test; import java.util.Map; public class HowToUse { private String publicKey = null; private String privateKey = null; @Before public void setUp() throws Exception { Map<String, Object> keyMap = RSAUtil.initKey(); publicKey = RSAUtil.getPublicKey(keyMap); privateKey = RSAUtil.getPrivateKey(keyMap); System.out.println("公鑰 -> " + publicKey); System.out.println("私鑰 -> " + privateKey); } @Test public void test() throws Exception { System.out.println("公鑰加密,私鑰解密"); String sourceString = "hi, RSA"; byte[] encodedData = RSAUtil.encrypt(sourceString.getBytes(), publicKey, true); byte[] decodedData = RSAUtil.decrypt(encodedData, privateKey, false); String targetString = new String(decodedData); System.out.println("加密前: " + sourceString + ",解密后: " + targetString); assertEquals(sourceString, targetString); } @Test public void test2() throws Exception { System.out.println("私鑰簽名,公鑰驗證簽名"); String sourceString = "hello, RSA sign"; byte[] data = sourceString.getBytes(); // 產生簽名 String sign = RSAUtil.sign(data, privateKey); System.out.println("簽名 -> " + sign); // 驗證簽名 boolean status = RSAUtil.verify(data, publicKey, sign); System.out.println("狀態 -> " + status); assertTrue(status); } @Test public void test3() throws Exception { System.out.println("私鑰加密,公鑰解密"); String sourceString = "hello, reRSA"; byte[] data = sourceString.getBytes(); byte[] encodedData = RSAUtil.encrypt(data, privateKey, false); byte[] decodedData = RSAUtil.decrypt(encodedData, publicKey, true); String targetString = new String(decodedData); System.out.println("加密前: " + sourceString + ",解密后: " + targetString); assertEquals(sourceString, targetString); } }