RSA加解密、加验签、生成公私钥代码如下:
package util;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import javax.crypto.Cipher;
/**
* RSA使用X509EncodedKeySpec、PKCS8EncodedKeySpec生成公钥和私钥
* 加密数据大小不能超过127 bytes
* @Description:加签、验签、加密、解密、生成公钥、私钥
* @date:2018年2月24日
*/
public class RSAUtil
{
public static void main(String[] args) throws Exception
{
//生成公私钥文件
//RSAUtil.getKeyPair("E:/");
String publicKey = RSAUtil.readKeyFromFile("E:/publicKey.keystore");
String privateKey = RSAUtil.readKeyFromFile("E:/privateKey.keystore");
System.out.println("publicKey:"+publicKey);
System.out.println("privateKey:"+privateKey);
System.out.println("---------------------------------------------");
String sign = RSAUtil.signByPrivateKey("测试加签", privateKey);
System.out.println("sign:"+sign);
System.out.println("验签:"+RSAUtil.verifySignByPublicKey("测试加签", publicKey, sign));
System.out.println("---------------------------------------------");
String cipherText = RSAUtil.encryptByPublicKey("测试加密明文数据", RSAUtil.readPublicKeyFromString(publicKey));
System.out.println("cipherText:"+cipherText);
String plainText = RSAUtil.decryptByPrivateKey(cipherText, RSAUtil.readPrivateKeyFromString(privateKey));
System.out.println("plainText:"+plainText);
}
/**
* 生成公私钥对
* @param filePath 生成文件路径
*/
@SuppressWarnings("static-access")
public static void getKeyPair(String filePath)
{
KeyPairGenerator keyPairGenerator = null;
try
{
keyPairGenerator = keyPairGenerator.getInstance("RSA");
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
String publicKeyString = Base64.encode(publicKey.getEncoded());
String privateKeyString = Base64.encode(privateKey.getEncoded());
try
{
BufferedWriter publicbw = new BufferedWriter(new FileWriter(new File(filePath+"/publicKey.keystore")));
BufferedWriter privatebw = new BufferedWriter(new FileWriter(new File(filePath+"/privateKey.keystore")));
publicbw.write(publicKeyString);
privatebw.write(privateKeyString);
publicbw.flush();
publicbw.close();
privatebw.flush();
privatebw.close();
}
catch (IOException e)
{
e.printStackTrace();
}
}
/**
* 从文件中读取公钥或私钥
* @param filePath 文件路径
* @return 公钥或私钥
*/
public static String readKeyFromFile(String filePath)
{
try
{
BufferedReader br = new BufferedReader(new FileReader(new File(filePath)));
String readLine = null;
StringBuilder sb = new StringBuilder();
while((readLine = br.readLine()) != null)
{
sb.append(readLine);
}
br.close();
return sb.toString();
}
catch (IOException e)
{
e.printStackTrace();
}
return null;
}
/**
* 从字符串中加载公钥
* @return 公钥
*/
public static RSAPublicKey readPublicKeyFromString(String publicKeyStr)
{
try
{
byte[] bt = Base64.decode(publicKeyStr);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bt);
return (RSAPublicKey) keyFactory.generatePublic(x509EncodedKeySpec);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (InvalidKeySpecException e)
{
e.printStackTrace();
}
return null;
}
/**
* 从字符串中加载私钥
* @return 私钥
*/
public static RSAPrivateKey readPrivateKeyFromString(String privateKeyStr)
{
try
{
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(privateKeyStr));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return (RSAPrivateKey) keyFactory.generatePrivate(pkcs8EncodedKeySpec);
}
catch (NoSuchAlgorithmException e)
{
e.printStackTrace();
}
catch (InvalidKeySpecException e)
{
e.printStackTrace();
}
return null;
}
/**
* 私钥加签
* @param content 报文
* @param privateKey 私钥
* @return 签名值
*/
public static String signByPrivateKey(String content,String privateKey)
{
try
{
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey priKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance("SHA256withRSA");//MD5withRSA
signature.initSign(priKey);
signature.update(content.getBytes());
byte[] sign = signature.sign();
return Base64.encode(sign);
}
catch (Exception e)
{
e.printStackTrace();
}
return null;
}
/**
* 公钥验签
* @param content 报文
* @param publicKey 公钥
* @param sign 签名值
* @return 验签是否通过
*/
public static boolean verifySignByPublicKey(String content,String publicKey,String sign)
{
try
{
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decode(publicKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(x509EncodedKeySpec);
Signature signature = Signature.getInstance("SHA256withRSA");//MD5withRSA
signature.initVerify(pubKey);
signature.update(content.getBytes());
return signature.verify(Base64.decode(sign));
}
catch (Exception e)
{
e.printStackTrace();
}
return false;
}
/**
* 公钥加密
* @param plainText 明文
* @param publicKey 公钥
* @return 密文
* @throws Exception
*/
public static String encryptByPublicKey(String plainText,RSAPublicKey publicKey) throws Exception
{
if(publicKey == null)
{
throw new Exception("公钥为空!");
}
Cipher cipher = null;
try
{
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] output = cipher.doFinal(plainText.getBytes());
return Base64.encode(output);
}
catch(Exception e)
{
e.printStackTrace();
}
return null;
}
/**
* 私钥解密
* @param cipherText 密文
* @param privateKey 私钥
* @return 明文
* @throws Exception
*/
public static String decryptByPrivateKey(String cipherText,RSAPrivateKey privateKey) throws Exception
{
if(privateKey == null)
{
throw new Exception("私钥为空!");
}
Cipher cipher = null;
try
{
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] output = cipher.doFinal(Base64.decode(cipherText));
return new String(output);
}
catch (Exception e)
{
e.printStackTrace();
}
return null;
}
}
package util;
public final class Base64
{
static private final int BASELENGTH = 128;
static private final int LOOKUPLENGTH = 64;
static private final int TWENTYFOURBITGROUP = 24;
static private final int EIGHTBIT = 8;
static private final int SIXTEENBIT = 16;
static private final int FOURBYTE = 4;
static private final int SIGN = -128;
static private final char PAD = '=';
static private final boolean fDebug = false;
static final private byte[] base64Alphabet = new byte[BASELENGTH];
static final private char[] lookUpBase64Alphabet = new char[LOOKUPLENGTH];
static
{
for (int i = 0; i < BASELENGTH; ++i)
{
base64Alphabet[i] = -1;
}
for (int i = 'Z'; i >= 'A'; i--)
{
base64Alphabet[i] = (byte) (i - 'A');
}
for (int i = 'z'; i >= 'a'; i--)
{
base64Alphabet[i] = (byte) (i - 'a' + 26);
}
for (int i = '9'; i >= '0'; i--)
{
base64Alphabet[i] = (byte) (i - '0' + 52);
}
base64Alphabet['+'] = 62;
base64Alphabet['/'] = 63;
for (int i = 0; i <= 25; i++)
{
lookUpBase64Alphabet[i] = (char) ('A' + i);
}
for (int i = 26, j = 0; i <= 51; i++, j++)
{
lookUpBase64Alphabet[i] = (char) ('a' + j);
}
for (int i = 52, j = 0; i <= 61; i++, j++)
{
lookUpBase64Alphabet[i] = (char) ('0' + j);
}
lookUpBase64Alphabet[62] = (char) '+';
lookUpBase64Alphabet[63] = (char) '/';
}
private static boolean isWhiteSpace(char octect)
{
return (octect == 0x20 || octect == 0xd || octect == 0xa || octect == 0x9);
}
private static boolean isPad(char octect)
{
return (octect == PAD);
}
private static boolean isData(char octect)
{
return (octect < BASELENGTH && base64Alphabet[octect] != -1);
}
/**
* Encodes hex octects into Base64
*
* @param binaryData
* Array containing binaryData
* @return Encoded Base64 array
*/
public static String encode(byte[] binaryData)
{
if (binaryData == null)
{
return null;
}
int lengthDataBits = binaryData.length * EIGHTBIT;
if (lengthDataBits == 0)
{
return "";
}
int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;
int numberQuartet = fewerThan24bits != 0 ? numberTriplets + 1
: numberTriplets;
char encodedData[] = null;
encodedData = new char[numberQuartet * 4];
byte k = 0, l = 0, b1 = 0, b2 = 0, b3 = 0;
int encodedIndex = 0;
int dataIndex = 0;
if (fDebug)
{
System.out.println("number of triplets = " + numberTriplets);
}
for (int i = 0; i < numberTriplets; i++)
{
b1 = binaryData[dataIndex++];
b2 = binaryData[dataIndex++];
b3 = binaryData[dataIndex++];
if (fDebug)
{
System.out.println("b1= " + b1 + ", b2= " + b2 + ", b3= " + b3);
}
l = (byte) (b2 & 0x0f);
k = (byte) (b1 & 0x03);
byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2)
: (byte) ((b1) >> 2 ^ 0xc0);
byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4)
: (byte) ((b2) >> 4 ^ 0xf0);
byte val3 = ((b3 & SIGN) == 0) ? (byte) (b3 >> 6)
: (byte) ((b3) >> 6 ^ 0xfc);
if (fDebug)
{
System.out.println("val2 = " + val2);
System.out.println("k4 = " + (k << 4));
System.out.println("vak = " + (val2 | (k << 4)));
}
encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
encodedData[encodedIndex++] = lookUpBase64Alphabet[(l << 2) | val3];
encodedData[encodedIndex++] = lookUpBase64Alphabet[b3 & 0x3f];
}
// form integral number of 6-bit groups
if (fewerThan24bits == EIGHTBIT)
{
b1 = binaryData[dataIndex];
k = (byte) (b1 & 0x03);
if (fDebug)
{
System.out.println("b1=" + b1);
System.out.println("b1<<2 = " + (b1 >> 2));
}
byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2)
: (byte) ((b1) >> 2 ^ 0xc0);
encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
encodedData[encodedIndex++] = lookUpBase64Alphabet[k << 4];
encodedData[encodedIndex++] = PAD;
encodedData[encodedIndex++] = PAD;
}
else if (fewerThan24bits == SIXTEENBIT)
{
b1 = binaryData[dataIndex];
b2 = binaryData[dataIndex + 1];
l = (byte) (b2 & 0x0f);
k = (byte) (b1 & 0x03);
byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2)
: (byte) ((b1) >> 2 ^ 0xc0);
byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4)
: (byte) ((b2) >> 4 ^ 0xf0);
encodedData[encodedIndex++] = lookUpBase64Alphabet[val1];
encodedData[encodedIndex++] = lookUpBase64Alphabet[val2 | (k << 4)];
encodedData[encodedIndex++] = lookUpBase64Alphabet[l << 2];
encodedData[encodedIndex++] = PAD;
}
return new String(encodedData);
}
/**
* Decodes Base64 data into octects
*
* @param encoded
* string containing Base64 data
* @return Array containind decoded data.
*/
public static byte[] decode(String encoded)
{
if (encoded == null)
{
return null;
}
char[] base64Data = encoded.toCharArray();
// remove white spaces
int len = removeWhiteSpace(base64Data);
if (len % FOURBYTE != 0)
{
return null;// should be divisible by four
}
int numberQuadruple = (len / FOURBYTE);
if (numberQuadruple == 0)
{
return new byte[0];
}
byte decodedData[] = null;
byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
char d1 = 0, d2 = 0, d3 = 0, d4 = 0;
int i = 0;
int encodedIndex = 0;
int dataIndex = 0;
decodedData = new byte[(numberQuadruple) * 3];
for (; i < numberQuadruple - 1; i++)
{
if (!isData((d1 = base64Data[dataIndex++]))
|| !isData((d2 = base64Data[dataIndex++]))
|| !isData((d3 = base64Data[dataIndex++]))
|| !isData((d4 = base64Data[dataIndex++])))
{
return null;
}// if found "no data" just return null
b1 = base64Alphabet[d1];
b2 = base64Alphabet[d2];
b3 = base64Alphabet[d3];
b4 = base64Alphabet[d4];
decodedData[encodedIndex++] = (byte) (b1 << 2 | b2 >> 4);
decodedData[encodedIndex++] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
decodedData[encodedIndex++] = (byte) (b3 << 6 | b4);
}
if (!isData((d1 = base64Data[dataIndex++]))
|| !isData((d2 = base64Data[dataIndex++])))
{
return null;// if found "no data" just return null
}
b1 = base64Alphabet[d1];
b2 = base64Alphabet[d2];
d3 = base64Data[dataIndex++];
d4 = base64Data[dataIndex++];
if (!isData((d3)) || !isData((d4)))
{
// Check if they are PAD characters
if (isPad(d3) && isPad(d4))
{
if ((b2 & 0xf) != 0)// last 4 bits should be zero
{
return null;
}
byte[] tmp = new byte[i * 3 + 1];
System.arraycopy(decodedData, 0, tmp, 0, i * 3);
tmp[encodedIndex] = (byte) (b1 << 2 | b2 >> 4);
return tmp;
}
else if (!isPad(d3) && isPad(d4))
{
b3 = base64Alphabet[d3];
if ((b3 & 0x3) != 0)// last 2 bits should be zero
{
return null;
}
byte[] tmp = new byte[i * 3 + 2];
System.arraycopy(decodedData, 0, tmp, 0, i * 3);
tmp[encodedIndex++] = (byte) (b1 << 2 | b2 >> 4);
tmp[encodedIndex] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
return tmp;
}
else
{
return null;
}
}
else
{ // No PAD e.g 3cQl
b3 = base64Alphabet[d3];
b4 = base64Alphabet[d4];
decodedData[encodedIndex++] = (byte) (b1 << 2 | b2 >> 4);
decodedData[encodedIndex++] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
decodedData[encodedIndex++] = (byte) (b3 << 6 | b4);
}
return decodedData;
}
/**
* remove WhiteSpace from MIME containing encoded Base64 data.
*
* @param data
* the byte array of base64 data (with WS)
* @return the new length
*/
private static int removeWhiteSpace(char[] data)
{
if (data == null)
{
return 0;
}
// count characters that's not whitespace
int newSize = 0;
int len = data.length;
for (int i = 0; i < len; i++)
{
if (!isWhiteSpace(data[i]))
{
data[newSize++] = data[i];
}
}
return newSize;
}
}
运行结果如下:
publicKey:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCMLDV2a6Ci7hC9MTARF6S4MWyktZmqGcOFuW53pf3YZW1C7PmCIlesIrsloRRzs9eqh17/oCBNacnuXwlpukVG+tUJUU3T5uVI3+kQvP8p9fM+0kW+IOyOWOoIincVaFzDpBUOIuEnuKeaDB2COToQfSrz+U+g2/CQ2N/yJD+BDwIDAQAB
privateKey:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIwsNXZroKLuEL0xMBEXpLgxbKS1maoZw4W5bnel/dhlbULs+YIiV6wiuyWhFHOz16qHXv+gIE1pye5fCWm6RUb61QlRTdPm5Ujf6RC8/yn18z7SRb4g7I5Y6giKdxVoXMOkFQ4i4Se4p5oMHYI5OhB9KvP5T6Db8JDY3/IkP4EPAgMBAAECgYArLcMaQ3UsO2F0ph5EZaAcDT2GT1qSh3UvUDuzJ7LWYggSQaVqbOHM6LX1lXUTXybkJOcin1TUA+5sO2JO605DYmxjlWq91Gva95diiDofW+V0/uC4Z/DWLlGtGKOaaBecC9FkW3gM7wMQym9QMhugiBGSCQvACm8Ke0DxiGCCQQJBAPYv46JbCgs1yJ0Qie+Dq2lZvneWYk04iA75tJT3u91rh4Ku03/bxJiSJwnxKoivX5/2/P/QwAOSPdosZcMw62kCQQCRwoqMh1DK3/MOA1xaLiWOHGgas4bu7QKyvBcpyMIjSgypKsd79YF4PZ/hJq3MsgTDnKF5CrVZA56YGHpBE1G3AkEAvcHt8M/BbyCWsFH2MBLKhdqx0BWvUZw4a2qXgZduS949RkKhLVVlNMC6rJQiV9btmyxSmI/74QTQ/iDok0pauQJAdyM62Zg0qk4YPSj0EGXNnnWLhd+dd6bT4MGqcSW9wNhittbXjHNjqqM8Dezue/Q5vqVEuknNZn913r2LF6uxywJBAKYzODskLij8M9aAOKhjgRuEun0r328WXTveIwXFYRyUlu9oUumgb35+hCjtpblg3oi6EW8BZ9I14ZGERda978Y=
---------------------------------------------
sign:VOyW13g3yg/mu+v2hvYI4ri7oewZamp6jiXt0y0PW1PREhWxTbgCcF6TMBFtKxayPt1QcwTpSUPSR0lpAkXoQPms+WMtZQvSfNPBvz+aNrTq9LtDWvCBAdMZA/7ZlnzwcvRRkFfcSya1jjPwY/7Qx3tbJ5PWgUKKLYV93zA6PaA=
验签:true
---------------------------------------------
cipherText:TCYWTSqJyetaS/g67CN9Ik8qBrADAXMGt0cSB2lJ3yHIQrE7LVDwkYZ+XHTr2EYufPPRONvSwcNc/hcNaOhgKruWVKUaOn2qGrLLsmTU8xDDGJf/zsQKrcKPVYfruHdmfXdIhwhWh+bNYVrcr5bGvDjtgJYjzYL485PKJUcPD88=
plainText:测试加密明文数据
写一个Socket通信测试加签、加密传输:
package util;
import java.io.IOException;
import java.io.OutputStream;
import java.net.Socket;
import java.net.UnknownHostException;
import java.util.HashMap;
import java.util.Map;
import com.alibaba.fastjson.JSONObject;
public class TCPClient
{
private static String url = "21.131.4.33";
private static int port = 10000;
private static String publicKey = RSAUtil.readKeyFromFile("E:/publicKey.keystore");
private static String privateKey = RSAUtil.readKeyFromFile("E:/privateKey.keystore");
public static void main(String[] args) throws Exception
{
Map map = new HashMap();
map.put("name", "张三");
map.put("age", "23");
map.put("address", "北京市");
map.put("message", "测试数据");
String data = JSONObject.toJSONString(map);
//加签
String sign = RSAUtil.signByPrivateKey(data, privateKey);
//加密
String cipherText = RSAUtil.encryptByPublicKey(data, RSAUtil.readPublicKeyFromString(publicKey));
TCPClient tcpClient = new TCPClient();
tcpClient.sendMessage(url, port, sign+","+cipherText);
}
public void sendMessage(String url,int port,String message) throws UnknownHostException, IOException
{
Socket socket = new Socket(url,port);
OutputStream outputStream = socket.getOutputStream();
outputStream.write(message.getBytes());
socket.close();
outputStream.close();
}
}
package util;
import java.io.IOException;
import java.io.InputStream;
import java.net.ServerSocket;
import java.net.Socket;
public class TCPServer
{
private static int port = 10000;
private static String publicKey = RSAUtil.readKeyFromFile("E:/publicKey.keystore");
private static String privateKey = RSAUtil.readKeyFromFile("E:/privateKey.keystore");
public static void main(String[] args) throws Exception
{
TCPServer tcpServer = new TCPServer();
String message = tcpServer.getMessage(port);
//message = sign+cipherText
//System.out.println("message:"+message);
String sign = message.split(",")[0];
String cipherText = message.split(",")[1];
String plainText = RSAUtil.decryptByPrivateKey(cipherText, RSAUtil.readPrivateKeyFromString(privateKey));
if(RSAUtil.verifySignByPublicKey(plainText, publicKey, sign))
{
System.out.println("验签成功!");
System.out.println(plainText);
}
else
{
System.out.println("验签失败!");
}
}
public String getMessage(int port) throws IOException
{
String message = "";
ServerSocket serverSocket = new ServerSocket(port);
Socket socket = serverSocket.accept();
InputStream inputStream = socket.getInputStream();
byte[] bs = new byte[1024];
int len = inputStream.read(bs);
message = new String(bs, 0, len);
socket.close();
serverSocket.close();
return message;
}
}
先启动Server端,再启动Client端,传输过程中使用密文传输,加签防止内容被篡改,运行结果如下:
验签成功!
{"message":"测试数据","address":"北京市","age":"23","name":"张三"}