之前写过一篇java实现AES对称加密解密
在对密码加密传输的场景下 RSA非对称加密解密可能会更加适合。
原理就是后台生成一对公钥和私钥,公钥给前端用来加密,后台用私钥去解密,保证了传输过程中就算被截获也避免密码泄露。
下面是代码:
package com.zhaohy.app.utils;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
public class RSAUtil {
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 获取密钥对
*
* @return 密钥对
*/
public static KeyPair getKeyPair() throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
return generator.generateKeyPair();
}
/**
* 获取私钥
*
* @param privateKey 私钥字符串
* @return
*/
public static PrivateKey getPrivateKey(String privateKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] decodedKey = Base64.decodeBase64(privateKey.getBytes());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey);
return keyFactory.generatePrivate(keySpec);
}
/**
* 获取公钥
*
* @param publicKey 公钥字符串
* @return
*/
public static PublicKey getPublicKey(String publicKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] decodedKey = Base64.decodeBase64(publicKey.getBytes());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
return keyFactory.generatePublic(keySpec);
}
/**
* RSA加密
*
* @param data 待加密数据
* @param publicKey 公钥
* @return
*/
public static String encrypt(String data, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
int inputLen = data.getBytes().length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offset = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offset > 0) {
if (inputLen - offset > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data.getBytes(), offset, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data.getBytes(), offset, inputLen - offset);
}
out.write(cache, 0, cache.length);
i++;
offset = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
// 获取加密内容使用base64进行编码,并以UTF-8为标准转化成字符串
// 加密后的字符串
return new String(Base64.encodeBase64String(encryptedData));
}
/**
* RSA解密
*
* @param data 待解密数据
* @param privateKey 私钥
* @return
*/
public static String decrypt(String data, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] dataBytes = Base64.decodeBase64(data);
int inputLen = dataBytes.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offset = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offset > 0) {
if (inputLen - offset > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(dataBytes, offset, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(dataBytes, offset, inputLen - offset);
}
out.write(cache, 0, cache.length);
i++;
offset = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
// 解密后的内容
return new String(decryptedData, "UTF-8");
}
/**
* 签名
*
* @param data 待签名数据
* @param privateKey 私钥
* @return 签名
*/
public static String sign(String data, PrivateKey privateKey) throws Exception {
byte[] keyBytes = privateKey.getEncoded();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey key = keyFactory.generatePrivate(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(key);
signature.update(data.getBytes());
return new String(Base64.encodeBase64(signature.sign()));
}
/**
* 验签
*
* @param srcData 原始字符串
* @param publicKey 公钥
* @param sign 签名
* @return 是否验签通过
*/
public static boolean verify(String srcData, PublicKey publicKey, String sign) throws Exception {
byte[] keyBytes = publicKey.getEncoded();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey key = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initVerify(key);
signature.update(srcData.getBytes());
return signature.verify(Base64.decodeBase64(sign.getBytes()));
}
/**
* 文件解密
*
* @param publicKeyStr
* @param srcFileName
* @param destFileName
*/
public static void decryptFileBig(String publicKeyStr, String srcFileName, String destFileName) {
Cipher cipher = null;
InputStream is = null;
OutputStream out = null;
try {
X509EncodedKeySpec encodedKey = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyStr));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyf.generatePublic(encodedKey);
cipher = Cipher.getInstance("RSA", new BouncyCastleProvider());
cipher.init(Cipher.DECRYPT_MODE, pubKey);
File f = new File(srcFileName);
is = new FileInputStream(f);
out = new FileOutputStream(destFileName);
int blockSize = cipher.getBlockSize();
int size = Integer.valueOf(String.valueOf(f.length()));
byte[] decryptByte = new byte[size];
is.read(decryptByte);
//分别对各块数据进行解密
int j = 0;
while ((decryptByte.length - j * blockSize) > 0) {
out.write(cipher.doFinal(decryptByte, j * blockSize, blockSize));
j++;
}
} catch (Exception e) {
System.out.println(e);
} finally {
if (null != out) {
try {
out.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != is) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
/**
* 加密大文件
* @param privateKeyStr
* @param srcFileName
* @param destFileName
*/
public static void encryptFileBig(String privateKeyStr, String srcFileName, String destFileName) {
if (privateKeyStr == null) {
new Exception("加密私钥为空, 请设置");
}
Cipher cipher = null;
InputStream is = null;
OutputStream out = null;
CipherInputStream cis = null;
try {
// 使用默认RSA
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(
Base64.decodeBase64(privateKeyStr));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
cipher = Cipher.getInstance("RSA", new BouncyCastleProvider());
cipher.init(Cipher.ENCRYPT_MODE, priKey);
int blockSize = cipher.getBlockSize();
is = new FileInputStream(srcFileName);
File f = new File(srcFileName);
int size = Integer.valueOf(String.valueOf(f.length()));
byte[] encryptByte = new byte[size];
is.read(encryptByte);
out = new FileOutputStream(destFileName);
int outputBlockSize = cipher.getOutputSize(encryptByte.length);
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize : encryptByte.length / blockSize + 1;
byte[] cipherData = new byte[blocksNum * outputBlockSize];
for (int i = 0; i < blocksNum; i++) {
if ((encryptByte.length - i * blockSize) > blockSize) {
cipher.doFinal(encryptByte, i * blockSize, blockSize, cipherData,i * outputBlockSize);
} else {
cipher.doFinal(encryptByte, i * blockSize, encryptByte.length - i * blockSize,cipherData, i * outputBlockSize);
}
}
out.write(cipherData);
} catch (Exception e) {
System.out.println(e);
} finally {
if (null != cis) {
try {
cis.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != is) {
try {
is.close();
} catch (IOException e) {
e.printStackTrace();
}
}
if (null != out) {
try {
out.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
}
/**
* RSA文件签名
*
* @param filePath
* @param privateKey
* @param encode
* @return
*/
public static String signFile(String filePath, String privateKey, String encode) {
FileInputStream fis = null;
InputStreamReader isr = null;
BufferedReader bfr = null;
try {
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));
KeyFactory keyf = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
java.security.Signature signature = java.security.Signature.getInstance("SHA1WithRSA");
signature.initSign(priKey);
fis = new FileInputStream(new File(filePath));
isr = new InputStreamReader(fis, encode);
bfr = new BufferedReader(isr);
String lineTxt = "";
while (!AppFrameworkUtil.isBlank(lineTxt = bfr.readLine())) {
signature.update(lineTxt.getBytes(encode));
}
byte[] signed = signature.sign();
String ret = new String(Base64.encodeBase64(signed));
System.out.println("signed:" + ret);
return ret;
} catch (Exception e) {
System.out.println(e);
} finally {
if (bfr != null) {
try {
bfr.close();
} catch (IOException e) {
}
}
if (isr != null) {
try {
isr.close();
} catch (IOException e) {
}
}
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
}
}
}
return null;
}
/**
* RSA文件验签名检查
* @param content 待签名数据
* @param sign 签名值
* @param publicKey 分配给开发商公钥
* @param encode 字符集编码
* @return 布尔值
*/
public static boolean doCheckFile(String filePath, String sign, String publicKey, String encode) {
FileInputStream fis = null;
InputStreamReader isr = null;
BufferedReader bfr = null;
try {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] encodedKey = Base64.decodeBase64(publicKey);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
java.security.Signature signature = java.security.Signature.getInstance("SHA1WithRSA");
signature.initVerify(pubKey);
fis = new FileInputStream(new File(filePath));
isr = new InputStreamReader(fis, "UTF-8");
bfr = new BufferedReader(isr);
String lineTxt = "";
while (!AppFrameworkUtil.isBlank(lineTxt = bfr.readLine())) {
signature.update(lineTxt.getBytes(encode));
}
boolean bverify = signature.verify(Base64.decodeBase64(sign));
return bverify;
} catch (Exception e) {
System.out.println(e);
} finally {
if (bfr != null) {
try {
bfr.close();
} catch (IOException e) {
}
}
if (isr != null) {
try {
isr.close();
} catch (IOException e) {
}
}
if (fis != null) {
try {
fis.close();
} catch (IOException e) {
}
}
}
return false;
}
public static void main(String[] args) {
try {
// 生成密钥对
KeyPair keyPair = getKeyPair();
String privateKey = new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()));
String publicKey = new String(Base64.encodeBase64(keyPair.getPublic().getEncoded()));
System.out.println("私钥:" + privateKey);
System.out.println("公钥:" + publicKey);
// RSA加密
String data = "123秘密啊";
String encryptData = encrypt(data, getPublicKey(publicKey));
System.out.println("加密后内容:" + encryptData);
// RSA解密
String decryptData = decrypt(encryptData, getPrivateKey(privateKey));
System.out.println("解密后内容:" + decryptData);
// RSA签名
String sign = sign(data, getPrivateKey(privateKey));
System.out.println("sign==" + sign);
// RSA验签
boolean result = verify(data, getPublicKey(publicKey), sign);
System.out.println("验签结果:" + result);
/****大文件加签验签****/
//加签验签
String fileSign = signFile("/home/zhaohy/Documents/test.doc", privateKey, "UTF-8");
System.out.println("fileSign==" + fileSign);
boolean checkFileBoolean = doCheckFile("/home/zhaohy/Documents/test.doc", fileSign, publicKey, "UTF-8");
System.out.println("大文件校验签名结果:" + checkFileBoolean);
//加密解密
encryptFileBig(privateKey, "/home/zhaohy/Documents/test.txt", "/home/zhaohy/Documents/test.dat");
decryptFileBig(publicKey, "/home/zhaohy/Documents/test.dat", "/home/zhaohy/Documents/test1.txt");
} catch (Exception e) {
e.printStackTrace();
System.out.print("加解密异常");
}
}
}
运行结果:
私钥:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALpLjdbsu172ftiv3eUC/JghSSzNRlp8p9Ilr8XlK/gl3gaPFFo1BAHWWyb9MhoTdE5BvES6E/eW5gVKby8olLa6ILbh9UYif0SKWca7pTt2nqn2Cd8v29/94ZF9i+yMoime3wuS7QxJEHG7qCqps7KVNtP/4/628lq1jB6B3DrPAgMBAAECgYBUtCGrxTt0dBM8psn3ZKJA8XF6A2OnpOIRNL109zxEucL3rHqOgWhvBW2wjpMHNC0/n7fgb9LAUkYHxc5D3OmwXAhvgRzDmMTeoaikrLeJpxX9NQ4TU3CFcL9YabQ+rjB6yMgfbmmA0B/odxpzIZd6ypHq91ogI/rfP4McaX7NwQJBAO9Qm4SoOn/0SzfOE+PjnIyLkDqW2kFRJv+c/4Z0H/yPOIjytHhe6hQQ8KHT2azOP+SeAWbjb152a5Rp/E8da/8CQQDHSKDBSGZuN/Qyk1eGJ80T9+GSQI0oYQfZcHYNUkAKrWceHISL5jMrUXWHSlKjFC5E7RsqQKMn72xisrlLcXExAkEA7YAB11VdOT8opulNtAxfgNvA92RelhQDsAoPTVBRrkQ0xzSXBh6sD93/8ZpdnLHTlv94RLPSAt1jRpcoXxvD4QJBALtv00uYVkdqt3NuZE8ZVmlmp7KQpnQJN4HLpi2HZBbm2+tVdVHEVfJzbrCuNiWO0KohvYAzRYJFTlNSuLd93rECQDcgPHh0qBOW22ggxiqpfbLIURvPAT9urp8NuTM0K0rW3mC2me55yPSDQ7jL1t9vwYkfahc0GUl1V1Cq/449AHU=
公钥:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6S43W7Lte9n7Yr93lAvyYIUkszUZafKfSJa/F5Sv4Jd4GjxRaNQQB1lsm/TIaE3ROQbxEuhP3luYFSm8vKJS2uiC24fVGIn9EilnGu6U7dp6p9gnfL9vf/eGRfYvsjKIpnt8Lku0MSRBxu6gqqbOylTbT/+P+tvJatYwegdw6zwIDAQAB
加密后内容:R7GqGE2r51PmJAt3wtKhsbqfFzeobvzqFlAp8Tv0+3HkevsUF2a+/ZO7Sn53cKGwXIkOkDQN0S/pk/Eacd8Wk1wXKTKx57eSaQJFv/HQ5nDUfvtMWIg0IcHNmHyNBfDPVe/MiMkKf23/a/EyEfCQEzsCQyHLyHoTg34a1SNXTLs=
解密后内容:123秘密啊
sign==p8JR0aserak6iPltfAJx/mlvlp5Ox5NcpvRo7R1rxDItekMhyF82RVizgMqsmEBpWzW9Qkxm6AWzjzEr+XhR7u4KhxEO7euTHC9NGJ0TAtDKqtAsfFaZi8ZyY4MkHnSCFZVMcWMR3GhZ8ALJGe/lSstNSEp8H9lQE8u2o2oYiiw=
验签结果:true
signed:aavuNSCwaT2jZ6XrlAbSJNLBDalkWZ1t0tnQnveUw+3exlpcvRu0xotAlrW0V4voLLeRydLgIjwCwq1YxqFyKcYlOuORzorlmihjSXBZf0GZoJIlTIaUZ8/TJV+CRFObFnnEQ+8QAbRs4b7AB6nv1A2bxMeKulS0OTPxSkSFTdM=
fileSign==aavuNSCwaT2jZ6XrlAbSJNLBDalkWZ1t0tnQnveUw+3exlpcvRu0xotAlrW0V4voLLeRydLgIjwCwq1YxqFyKcYlOuORzorlmihjSXBZf0GZoJIlTIaUZ8/TJV+CRFObFnnEQ+8QAbRs4b7AB6nv1A2bxMeKulS0OTPxSkSFTdM=
大文件校验签名结果:true
可以看到加密解密成功,里面最后加密解密文件自测只对txt或html等文本文件有效,doc或者excel加密文件后解密出来的东西乱码。
,会出现跨域问题,直接用form表单提交就不会有问题了(new FormData())...)
