本文主要介紹使用Lua腳本對采用RSA加密后的字符串進行解密的過程。
使用第三方類庫lua-resty-rsa,參考地址:https://github.com/spacewander/lua-resty-rsa
下載並安裝第三方依賴庫
# Redis集群連接庫依賴RSA加解密第三方依賴庫[lua-resty-rsa],因此需要提前安裝此第三方依賴庫
# 對應第三方類庫下載地址如下:
https://github.com/spacewander/lua-resty-rsa
# 進入系統第三方包目錄
cd /usr/local/lib
# 將解壓后的文件上傳至該目錄
# 目錄名稱:lua-resty-rsa-master
# 包文件路徑
cd /usr/local/lib/lua-resty-rsa-master/lib/resty
在nginx配置文件中添加依賴
# 進入目錄
cd /root/data/program/nginx/conf/
# 修改配置文件
vim nginx.conf
# 修改內容如下,具體視需求而定
# 在http節點下添加下面配置,將包路徑追加在lua_package_path參數內,需要追加的字符串為:
##################
/usr/local/lib/lua-resty-rsa-master/lib/?.lua;;
##################
# 由於之前添加了Redis相關的第三方依賴包,最終添加后如下所示(注意用分號進行分割):
lua_package_path "/usr/local/lib/lua-resty-redis-master/lib/?.lua;;;/usr/local/lib/lua-resty-lock/lib/?.lua;;;/usr/local/lib/resty-redis-cluster-master/lib/?.lua;;;/usr/local/lib/resty-redis-cluster-master/lib/resty/?.lua;;;/usr/local/lib/lua-resty-rsa-master/lib/?.lua;;";
##################
# 添加跳轉的location信息
##################
location /testLuaDecrypt {
default_type 'text/html';
lua_code_cache off;
content_by_lua_file /root/data/program/nginx/conf/test.oa.conf/testLuaDecrypt.lua;
}
##################
# 驗證配置文件
nginx -t
# 重新加載配置文件
nginx -s reload
編寫解密腳本文件
# 進入腳本文件目錄
cd /root/data/program/nginx/conf/test.oa.conf
# 修改腳本
vim testLuaDecrypt.lua
# 腳本內容如下所示:
local resty_rsa = require "resty.rsa"
local rsa_priv_key = [[-----BEGIN RSA PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvOYPxu3MJAd0bHgnOS+VnLAlBm6fvcgivRVPwN1aEm9XXxnkJiH+FK9b+8d5XT2jfbVq/CQtyiq89bH9Ng//TwIDAQABAkBnrs+SHQwj6oOY1gqRdPDl5DkuYqIDhUqsBnqUHetGmi0L+N1V//q371YJF8gj2BkvoK4tyJPjmn6bx97YASmBAiEA42mWKLUGxkPC//TKStp42/P4HUAvv4QZ7gcOPH6EWx8CIQDUpQ3tm6eNnXDqEo/ceQgJ5UZUNQDqakliWC0V3IYF0QIhAIueS556Zcpb1+ClPX1vXDxOMMpkmewPAoxssITbeA8pAiBtSiOdcnmsNDX7Z+zegKocA+Wgk9lToarzy6Pob33GcQIhAIVrwYq2IX5+t6AJtkv3McU*********/UNcQSch
-----END RSA PRIVATE KEY-----]]
--明文:/2020/01/02/
local encrypted = "Z3SRkON2NEmvIjUg1Oqn7pfOvAh8vf5SqnmUTLviJX6Ku2N1blXPz1Zl325FL5uFzftlbKkS1VJJyQueDDw6hQ=="
local priv, err = resty_rsa:new({ private_key = rsa_priv_key })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local decrypted = priv:decrypt(ngx.decode_base64(encrypted))
ngx.say(decrypted)
請求測試
http://XXXXXX.net/testLuaDecrypt
其他加解密參考
local resty_rsa = require "resty.rsa"
--生成公鑰和私鑰
--[[
local rsa_public_key1, rsa_priv_key1, err = resty_rsa:generate_rsa_keys(512)
if not rsa_public_key1 then
ngx.say('generate rsa keys err: ', err)
end
ngx.say(rsa_public_key1)
ngx.say(rsa_priv_key1)
]]
--私鑰
local rsa_priv_key = [[-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAKjMyC+BImsChQlNXeBMTjXDIQbzVFEzc0q2GUUGs5fL/VIO9Bwv
YDUQr/5ocKx3l86qN2/jHtRmGjLw5nkakdECAwEAAQJBAIZEBUOMAvV9Vpa0nGRK
Lbej00R1Dm9cbmtR9z2pe/bT87jyvprMQlS1y3gkB70McvVMneoYf1YQv9oIr98k
m7UCIQDyajM7ps1PaDpPHmRYWjGnJN9Yt3ElZu9nLcJNEzLhwwIhALJCd4aYdlZQ
YooT6XBzr54aP8XVX45tH9h7SpJ299DbAiEA006dgCbjGo/JHARrBdUBKShsA+JL
n4W9s5vgndzZYo8CIHyAedTS9YvRdxFzWM7Grfjh4nq9TZE/XEepzOrBFtKTAiAn
DzJu8xpGMYoYLIh***************==
-----END RSA PRIVATE KEY-----]]
--公鑰
local rsa_public_key = [[-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjMyC+BImsChQlNXeBMTjXDIQbzVFEz
c0q2GUUGs5fL/VIO9BwvYDUQr/5ocKx3l86qN2/jHtRmGjLw5nkakdECAwEAAQ==
-----END PUBLIC KEY-----]]
--[[ 加密
local pub, err = resty_rsa:new({ public_key = rsa_public_key })
if not pub then
ngx.say("new rsa err: ", err)
return
end
local encrypted, err = pub:encrypt("測試字符串")
if not encrypted then
ngx.say("failed to encrypt: ", err)
return
end
ngx.say("encrypted length: ", ngx.encode_base64(encrypted))
]]
--解密
local encrypted = "Nx2IW62S4ZCjn46CjL00HQcckFTNWVqs2jxQRnw+M1AMihZbagBjyx2249Kqzz6wpMO8/PL2qogWsILzLr/wHQ=="
--解密
local priv, err = resty_rsa:new({ private_key = rsa_priv_key })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local decrypted = priv:decrypt(ngx.decode_base64(encrypted))
ngx.say(decrypted)