由于rsa加密需要公钥长度大于消息长度,消息太长时经常会报错Message too long for RSA
采用分块的方法,将消息分成更小的块,解决这个问题
package xrsa
import ("encoding/pem""encoding/base64""crypto/x509""crypto/rsa""crypto/rand""errors""crypto""io""bytes""encoding/asn1"
)
const (CHAR_SET = "UTF-8"BASE_64_FORMAT = "UrlSafeNoPadding"RSA_ALGORITHM_KEY_TYPE = "PKCS8"RSA_ALGORITHM_SIGN = crypto.SHA256
)
type XRsa struct {publicKey *rsa.PublicKeyprivateKey *rsa.PrivateKey
}
// 生成密钥对
func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error {// 生成私钥文件privateKey, err := rsa.GenerateKey(rand.Reader, keyLength)if err != nil {return err}derStream := MarshalPKCS8PrivateKey(privateKey)block := &pem.Block{Type: "PRIVATE KEY",Bytes: derStream,}err = pem.Encode(privateKeyWriter, block)if err != nil {return err}// 生成公钥文件publicKey := &privateKey.PublicKeyderPkix, err := x509.MarshalPKIXPublicKey(publicKey)if err != nil {return err}block = &pem.Block{Type: "PUBLIC KEY",Bytes: derPkix,}err = pem.Encode(publicKeyWriter, block)if err != nil {return err}return nil
}
func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) {block, _ := pem.Decode(publicKey)if block == nil {return nil, errors.New("public key error")}pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)if err != nil {return nil, err}pub := pubInterface.(*rsa.PublicKey)block, _ = pem.Decode(privateKey)if block == nil {return nil, errors.New("private key error!")}priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)if err != nil {return nil, err}pri, ok := priv.(*rsa.PrivateKey)if ok {return &XRsa {publicKey: pub,privateKey: pri,}, nil} else {return nil, errors.New("private key not supported")}
}
// 公钥加密
func (r *XRsa) PublicEncrypt(data string) (string, error) {partLen := r.publicKey.N.BitLen() / 8 - 11chunks := split([]byte(data), partLen)buffer := bytes.NewBufferString("")for _, chunk := range chunks {bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk)if err != nil {return "", err}buffer.Write(bytes)}return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil
}
// 私钥解密
func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) {partLen := r.publicKey.N.BitLen() / 8raw, err := base64.RawURLEncoding.DecodeString(encrypted)chunks := split([]byte(raw), partLen)buffer := bytes.NewBufferString("")for _, chunk := range chunks {decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk)if err != nil {return "", err}buffer.Write(decrypted)}return buffer.String(), err
}
// 数据加签
func (r *XRsa) Sign(data string) (string, error) {h := RSA_ALGORITHM_SIGN.New()h.Write([]byte(data))hashed := h.Sum(nil)sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed)if err != nil {return "", err}return base64.RawURLEncoding.EncodeToString(sign), err
}
// 数据验签
func (r *XRsa) Verify(data string, sign string) error {h := RSA_ALGORITHM_SIGN.New()h.Write([]byte(data))hashed := h.Sum(nil)decodedSign, err := base64.RawURLEncoding.DecodeString(sign)if err != nil {return err}return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)
}
func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte {info := struct {Version intPrivateKeyAlgorithm []asn1.ObjectIdentifierPrivateKey []byte}{}info.Version = 0info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1)info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}info.PrivateKey = x509.MarshalPKCS1PrivateKey(key)k, _ := asn1.Marshal(info)return k
}
func split(buf []byte, lim int) [][]byte {var chunk []bytechunks := make([][]byte, 0, len(buf)/lim+1)for len(buf) >= lim {chunk, buf = buf[:lim], buf[lim:]chunks = append(chunks, chunk)}if len(buf) > 0 {chunks = append(chunks, buf[:len(buf)])}return chunks
}