摘自:https://www.cnblogs.com/leeego-123/p/10450339.html
首先科普一波:
RSA的1024位是指公鑰及私鑰分別是1024bit,也就是1024/8=128 Bytes
RSA算法密鑰長度的選擇是安全性和程序性能平衡的結果,密鑰長度越長,安全性越好,加密解密所需時間越長。
RSA的1024位是指公鑰及私鑰分別是1024bit,也就是1024/8=128 Bytes
1. 非對稱加密算法中1024 bit密鑰的強度相當於對稱加密算法80bit密鑰的強度。有資料上說以當前的軟硬件水平,破解1024bit的RSA加密密文,需要一套10億美金的系 統使用若干 十年的時間,所以2015年前,1024bit的還無需太擔心暴力破解的危險。
2. 密鑰長度增長一倍,公鑰操作所需時間增加約4倍,私鑰操作所需時間增加約8倍,公私鑰生成時間約增長16倍。
3. 一次能加密的密文長度與密鑰長度成正比, len_in_byte(raw_data) = len_in_bit(key)/8 -11,如1024bit的密鑰,一次能加密的內容長度為 1024/8 -11 = 117 byte。所以非對稱加密 一般都用於加密對稱加密算法的密鑰,而不是直接加密內容。
4. 加密后密文的長度為密鑰的長度,如密鑰長度為1024b(128Byte),最后生成的密文固定為 1024b(128ByteRSA的1024位是指公鑰及私鑰分別是1024bit,也就是1024/8=128 Bytes
package com.handsight.platform.fras.util; import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.IOUtils; import javax.crypto.Cipher; import java.io.ByteArrayOutputStream; import java.security.*; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; public class RSAUtils { public static final String CHARSET = "UTF-8"; public static final String RSA_ALGORITHM = "RSA"; public static Map<String, String> createKeys(int keySize){ //為RSA算法創建一個KeyPairGenerator對象 KeyPairGenerator kpg; try{ kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM); }catch(NoSuchAlgorithmException e){ throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]"); } //初始化KeyPairGenerator對象,密鑰長度 kpg.initialize(keySize); //keySize 可以為1024 //生成密匙對 KeyPair keyPair = kpg.generateKeyPair(); //得到公鑰 Key publicKey = keyPair.getPublic(); String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded()); //得到私鑰 Key privateKey = keyPair.getPrivate(); String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded()); Map<String, String> keyPairMap = new HashMap<String, String>(); keyPairMap.put("publicKey", publicKeyStr); keyPairMap.put("privateKey", privateKeyStr); return keyPairMap; } /** * 得到公鑰 * @param publicKey 密鑰字符串(經過base64編碼) * @throws Exception */ public static RSAPublicKey getPublicKey(String publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException { //通過X509編碼的Key指令獲得公鑰對象 KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey)); RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec); return key; } /** * 得到私鑰 * @param privateKey 密鑰字符串(經過base64編碼) * @throws Exception */ public static RSAPrivateKey getPrivateKey(String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException { //通過PKCS#8編碼的Key指令獲得私鑰對象 KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey)); RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec); return key; } /** * 公鑰加密 * @param data * @param publicKey * @return */ public static String publicEncrypt(String data, RSAPublicKey publicKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength())); }catch(Exception e){ throw new RuntimeException("加密字符串[" + data + "]時遇到異常", e); } } /** * 私鑰解密 * @param data * @param privateKey * @return */ public static String privateDecrypt(String data, RSAPrivateKey privateKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, privateKey); return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), privateKey.getModulus().bitLength()), CHARSET); }catch(Exception e){ throw new RuntimeException("解密字符串[" + data + "]時遇到異常", e); } } /** * 私鑰加密 * @param data * @param privateKey * @return */ public static String privateEncrypt(String data, RSAPrivateKey privateKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), privateKey.getModulus().bitLength())); }catch(Exception e){ throw new RuntimeException("加密字符串[" + data + "]時遇到異常", e); } } /** * 公鑰解密 * @param data * @param publicKey * @return */ public static String publicDecrypt(String data, RSAPublicKey publicKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, publicKey); return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET); }catch(Exception e){ throw new RuntimeException("解密字符串[" + data + "]時遇到異常", e); } } private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){ int maxBlock = 0; if(opmode == Cipher.DECRYPT_MODE){ maxBlock = keySize / 8; }else{ maxBlock = keySize / 8 - 11; } ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] buff; int i = 0; try{ while(datas.length > offSet){ if(datas.length-offSet > maxBlock){ buff = cipher.doFinal(datas, offSet, maxBlock); }else{ buff = cipher.doFinal(datas, offSet, datas.length-offSet); } out.write(buff, 0, buff.length); i++; offSet = i * maxBlock; } }catch(Exception e){ throw new RuntimeException("加解密閥值為["+maxBlock+"]的數據時發生異常", e); } byte[] resultDatas = out.toByteArray(); IOUtils.closeQuietly(out); return resultDatas; } }
測試:
公鑰加密-----------私鑰解密
package com.handsight.platform.fras.aapp; import com.handsight.platform.fras.util.RSAUtils; import java.util.Map; public class TestRsa { public static void main (String[] args) throws Exception { Map<String, String> keyMap = RSAUtils.createKeys(1024); String publicKey = keyMap.get("publicKey"); String privateKey = keyMap.get("privateKey"); System.out.println("公鑰: \n\r" + publicKey); System.out.println("私鑰: \n\r" + privateKey); System.out.println("公鑰加密——私鑰解密"); String str = "站在大明門前守衛的禁衛軍,事先沒有接到\n" + "有關的命令,但看到大批盛裝的官員來臨,也就\n" + "以為確系舉行大典,因而未加詢問。進大明門即\n" + "為皇城。文武百官看到端門午門之前氣氛平靜,\n" + "城樓上下也無朝會的跡象,既無幾案,站隊點名\n" + "的御史和御前侍衛“大漢將軍”也不見蹤影,不免\n" + "心中揣測,互相詢問:所謂午朝是否訛傳?"; System.out.println("\r明文:\r\n" + str); System.out.println("\r明文大小:\r\n" + str.getBytes().length); //公鑰加密 String encodedData = RSAUtils.publicEncrypt(str, RSAUtils.getPublicKey(publicKey)); System.out.println("密文:\r\n" + encodedData); //私鑰解密 String decodedData = RSAUtils.privateDecrypt(encodedData, RSAUtils.getPrivateKey(privateKey)); System.out.println("解密后文字: \r\n" + decodedData); } }
// 單元測試 - 私鑰加密 --- 公鑰解密 @Test public void test2() throws NoSuchAlgorithmException, InvalidKeySpecException { Map<String, String> keyMap = RSA1024Util.createKeys(1024); String publicKey = keyMap.get("publicKey"); String privateKey = keyMap.get("privateKey"); System.out.println("公鑰:("+ Base64.decodeBase64(publicKey).length +"個字節)\n" + publicKey); System.out.println("私鑰:("+ Base64.decodeBase64(privateKey).length +"個字節)\n" + privateKey); System.out.println("私鑰加密 --- 公鑰解密"); String str = "china"; System.out.println("明文:" + str); System.out.println("明文大小:" + str.getBytes().length); //私鑰加密 String encodedData = RSA1024Util.privateEncrypt(str, RSA1024Util.getPrivateKey(privateKey)); System.out.println("密文("+ Base64.decodeBase64(encodedData).length +"個字節)\n" + encodedData); //公鑰解密 String decodedData = RSA1024Util.publicDecrypt(encodedData, RSA1024Util.getPublicKey(publicKey)); System.out.println("解密后文字:" + decodedData); }
公鑰:(162個字節) MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD1q0F_6K3HV7ZREy9Ab6lroYC6JYP4MMMurdkx-Gra5CbE2Vxb54IDD8IlAgC1YxrnRrqhScEtDh8YIUjBCqli0k3ub92yrdFuyZWl04rineRoC94XjdweWipzAIRtlJSP7_tIcdn2DTZtAsoI2MnXhQqGcjj0YxyOlXmMNA3BwIDAQAB 私鑰:(633個字節) MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAIPWrQX_orcdXtlETL0BvqWuhgLolg_gwwy6t2TH4atrkJsTZXFvnggMPwiUCALVjGudGuqFJwS0OHxghSMEKqWLSTe5v3bKt0W7JlaXTiuKd5GgL3heN3B5aKnMAhG2UlI_v-0hx2fYNNm0CygjYydeFCoZyOPRjHI6VeYw0DcHAgMBAAECgYBG8YRV0AP9SX66p3gr1P6EJW_TrNjjXm1XMjpxruWO2ukLqdpSul9tsTlSImZVMBjJ59aOEGy4qUokE8RQ3XMcsCCq7AyUvykWjHxs5u7pf9coXSIZ5i4nnZBsqiJjhPS9Ff1nFWizIvdm_W2qEmmQENRPhxkiOY_DQVEELnovIQJBALsYa0lTQMhVvOCvpeZWf1M_IWdtfsDwKStScFoP2DRZGjRmomzhlRHhTiSjNwL_Zh6ZfRpp90pfvsB2h9Qa7jkCQQC0ZJPXhTDqT5tPI7zKJLg7OQSCQple9z2yLNtOCPK8b8KOuIJVqOLoKhiOI2A754TVslYJoWD5RgPTn02kDE8_AkAakGADPC_RgeLcX_QFHTjcv_TlM3WwvSiLPxw2nVNMM252DDB5lxnMPRoUN5xC77I3HAHYMz1qMOfreajVY7F5AkAhGhuu_rfdJ0J-oTYxec98vpe_N21hackeevC7PxUb0v5GpkD0awtIQwFCg-dS1scfV5xGJCDhXSGyoZbjtYaNAkBD0eWTmKRkBMzSAaD4M7n7MdDbfB0olDlFLVo7A6Q9fqejFe83wl5rbJVJOo_YLux-RnrCpxmiosLFTwrQJmgf 私鑰加密 --- 公鑰解密 明文:china 明文大小:5 密文(128個字節) KdeTut-HqwPKjg85a5T5YstlGdrcR05MnfFoILZh4ngrZ6QEiWWuZHpJymxIaFBeqsRGf7HS4mSnuHsgLFsHr6DKDQ89RuLdLdNds8wVhD14ThOciTlKwO4-FiOc9ScklMsdFJNI1hPnT1c7ViPrvSxGNLFD3jZu2e9DZ7a30E0 解密后文字:china
公鑰:(162個字節) MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4PiKoYTUY36hb4zzyoPVM4zSFbFJituXzven8j7THzAkybgZLriGwsABPY03gzjmp0ZZRUDUyxtVdfJPyBPjL1JTuBYD6ismtj-3e-NvYGxaV2f4nCCqZ8wGL0YcaIRXmyJvyMcAeSQUuzd7PtqlaoPd2yxliUbg6rvwQjjNflwIDAQAB 私鑰:(637個字節) MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALg-IqhhNRjfqFvjPPKg9UzjNIVsUmK25fO96fyPtMfMCTJuBkuuIbCwAE9jTeDOOanRllFQNTLG1V18k_IE-MvUlO4FgPqKya2P7d7429gbFpXZ_icIKpnzAYvRhxohFebIm_IxwB5JBS7N3s-2qVqg93bLGWJRuDqu_BCOM1-XAgMBAAECgYEAm4Lu0_sAy1b1D2I1roIHqvdX_Ipa27GPVPXnC2Ps7nudA7D0pWp8S1uzV071jBvldh5O56Fw1cQYkkk1wyFJMawWhnPOeRUQpN6lVulNQjE3438Z0mSVJicpVBydq9_mjLEJHVwlsCK2hXRmeQYhBjxUQcQzzUzsygc6TzPwcpkCQQDgDD71xLq9NqFAUMiqWVwcHoU0xrYrFWv47NTuvUlU4fMLav8fa4pRriJPZFGdf9UIxMNUJqJjVluWO0d__DCdAkEA0oSlVQdg7UWfxH1T_kVX34ud5bfnWDIMqyxoaB0cRDAUmU2OouVH7tl3UdCy2A_LOB8DfNidIq51Vfpuytg4wwJBANEF279CmM1qKCpus6dp0utQ9gl00gOD6sXDfix1X_LXEf63Bel0VQk7IjtbZmFAH6ocl_bsTFfM-4k_KMeYqmkCQQCUexphrqKet8zIOd1UKnSgJ0lnDR8PBb4JvXimdmHJdmARALLqEe16ece-3QRHgFxFaRp8pAuwunvn-IrMZ1UhAkEAivAbSAkTp6xucwk7Dkezd8fhLGfcCzd7OWJEfAAJLOgpFqHX-tu0m-OjjC0qhVJ67U6VNC5fszrxKgNj-teiMQ 私鑰加密 --- 公鑰解密 明文:china 明文大小:5 密文(128個字節) QFs_7an9gg6IDbzyvMI--UHHBaLztcFFi39OLDtDK8IQMoO6Ts1nG4MAA98hN7F0YvJS9RiU-rlZwYJPAKNomOcCIB6mY4FtoKupiPYDB-7PaXmPv0K65NxKojSy-LYliu0pO8WxeIHBjqvBK7l-5-_hadmsQsxQkENuX4Gw2ZU 解密后文字:china