RSA 是一种常用的非对称加密,一般采用公钥加密、私钥解密,具体非对称加密的介绍可参见文章常用的加密算法 。
如下样例代码中包括如下功能:
- 初始化RSA秘钥
- 生成RSA公私钥
- 使用公私钥进行加密和解密的操作
具体应用场景中公私钥一般不会成对出现,系统双方会交换公钥,解密对方发过来的数据。当然,为了保证接口参数的正确性,一般来说还会对参数做一下签名的操作,这个后续再整理。
package com.my.test.sa;
import javax.crypto.Cipher;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
public class RSAUtil {
private static String KEY_ALGORITHM = "RSA";
private static String CHARSET_NAME = "UTF-8";
private static String PUBLIC_KEY = "RSAPublicKey";
private static String PRIVATE_KEY = "RSAPrivateKey";
/**
* 根据keyMap获取公钥字符串
*/
public static String getPublicKey(Map keyMap) throws Exception {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return encryptBASE64(key.getEncoded());
}
/**
* 根据keyMap获取私钥字符串
*/
public static String getPrivateKey(Map keyMap) throws Exception {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return encryptBASE64(key.getEncoded());
}
/**
* 初始化秘钥
*/
public static Map initKey() throws NoSuchAlgorithmException {
//获得对象 KeyPairGenerator 参数 RSA 1024个字节
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
//公私钥对象存入map中
Map keyMap = new HashMap<>(2);
keyMap.put(PUBLIC_KEY,rsaPublicKey);
keyMap.put(PRIVATE_KEY,rsaPrivateKey);
return keyMap;
}
/**
* 将base64编码后的公钥字符串转成PublicKey实例
*/
public static PublicKey getPublicKey(String publicKey) throws Exception{
byte[ ] keyBytes= Base64.getDecoder().decode(publicKey.getBytes());
X509EncodedKeySpec keySpec=new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePublic(keySpec);
}
/**
* 将base64编码后的私钥字符串转成PrivateKey实例
*/
public static PrivateKey getPrivateKey(String privateKey) throws Exception{
byte[ ] keyBytes= Base64.getDecoder().decode(privateKey.getBytes());
PKCS8EncodedKeySpec keySpec=new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePrivate(keySpec);
}
/**
* 公钥加密
*/
private static String encrypt(String content,String public_key) throws Exception {
PublicKey publicKey = getPublicKey(public_key);
Cipher cipher=Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] result = cipher.doFinal(content.getBytes(CHARSET_NAME));
return org.apache.commons.codec.binary.Base64.encodeBase64String(result);
}
/**
* 私钥解密
*/
private static String decrypt(String content,String private_key) throws Exception {
byte[] decodeContent = org.apache.commons.codec.binary.Base64.decodeBase64(content);
PrivateKey privateKey = getPrivateKey(private_key);
Cipher cipher=Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] result = cipher.doFinal(decodeContent);
return new String(result);
}
/**
* 编码返回字符串
*/
private static String encryptBASE64(byte[] key) throws Exception {
return Base64.getEncoder().encodeToString(key);
}
}
另外,一些安全系统比较高的系统。为保证接口中参数的正确性和有效性,一般会对参数做签名和验签的操作,这里我们可以使用java.security.Signature的可以进行参数的签名和验签,示例代码如下:
/**
* 使用RSA签名
*/
private static String signWithRSA(Map paramsMap, String privateKey) throws Exception {
String content = formatSignContent(paramsMap);
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(getPrivateKey(privateKey));
signature.update(content.getBytes("utf-8"));
byte[] signed = signature.sign();
return encryptBASE64(signed);
}
/**
* 使用RSA验签
*/
private static boolean checkSignWithRSA(Map paramsMap, String publicKey, String sign) throws Exception {
String content = formatSignContent(paramsMap);
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initVerify(getPublicKey(publicKey));
signature.update(content.getBytes("utf-8"));
return signature.verify(Base64.getDecoder().decode(sign));
}
/**
* 格式化map
*/
private static String formatSignContent(Map params) {
Map sortedMap = sortMap(params);
StringBuilder content = new StringBuilder();
int index = 0;
for (Object key : sortedMap.keySet()){
Object value = sortedMap.get(key.toString());
if (value != null && StringUtils.isNotBlank(value.toString())) {
content.append(index == 0 ? "" : "&").append(key).append("=").append(value);
index++;
}
}
return content.toString();
}
/**
* map 排序
*/
private static Map sortMap(Map map) {
Map sortedParams = new TreeMap();
sortedParams.putAll(map);
return sortedParams;
}
执行测试代码
public static void main(String[] args) throws Exception {
Map keyMap = initKey();
String publicKey = getPublicKey(keyMap);
String privateKey = getPrivateKey(keyMap);
String content = "hello world";
String encryptContent = encrypt(content,publicKey);
String decryptContent = decrypt(encryptContent,privateKey);
System.out.println("生成的公钥:" + publicKey);
System.out.println("生成的私钥:" + privateKey);
System.out.println("加密后的数据:" + encryptContent);
System.out.println("解密后的数据:" + decryptContent);
Map map = new HashMap<>();
map.put("key1","value1");
map.put("key2","value2");
map.put("key3","value3");
String sign = signWithRSA(map,privateKey);
boolean check = checkSignWithRSA(map,publicKey,sign);
System.out.println("签名结果,sign:"+sign);
System.out.println("验签结果,result:"+check);
}
结果如下
生成的公钥:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHveLjg3KupwsZk4RgH7lkiOaQnFffz7qfRonjU3sCyxoqrXWJTjJDn5qMkC0vwhyxtHwbzA8a5Wwaywy0xW+c7jAtHYEDXotEXTa2Xr6kTetjYxKpx8gj5ZzG19KFfhJYn79VTftuwvV5W92dmsml9vraq/QXpJE7olYlm07KkwIDAQAB
生成的私钥:MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIe94uODcq6nCxmThGAfuWSI5pCcV9/Pup9GieNTewLLGiqtdYlOMkOfmoyQLS/CHLG0fBvMDxrlbBrLDLTFb5zuMC0dgQNei0RdNrZevqRN62NjEqnHyCPlnMbX0oV+Elifv1VN+27C9Xlb3Z2ayaX2+tqr9BekkTuiViWbTsqTAgMBAAECgYEAhwM+hi77RW5OowzQEM/dFXr5YYKwAKPcKon9okcpRfj/uM045+4IHqzECuVonGUFJ1euTfOkXostAGVP6Qmr3ccH1A72c+V6QO6cueI8pmn5cxI4vpQO5JxCkbEr0vOhDOEsH1jC/ExwwV7oacYgb/7yuxLtAd6mLyixEoTYk0ECQQDCAMVgROmTcx//Yjbdy5/RiBpAC4XAcPxdmkBnQ8eH1M8IL2os9s3koUdmwDOyBvyj4WqG2pTnQAfrjw2G9MCzAkEAsx7O5ODx84lxTXNh2lUJOkPC3kMKW1bacyvGCwYDXvQbZ0KwuQ3AUQVlGpP+0GIGtL+Y8WGErE/VBxP2QxD+oQJAWAlZiDI9fLgFkTLUixnYUJFeuCmCbK3ZF/DjwPi1FyKvQJujpvvouxOk/y/BRcx94TBt0vxmDfq0nWSxUsjGmQJAGPV2BtaBYFoKe6xUOkQXIRNIGAhnbQrRLbMvyWFxHs4M83qLfX25CpEh4W4113uRS6ZW/WuFPS1ylaXmbrnzgQJAb8eohYot4It3k5E5Tl1A0ThZ3ef7kKlXCeKehWhIV+e79WrliPiy96VNdgNUfdnpflosBL+17y+mw7PRZIlKmg==
加密后的数据:Cj9GYv4mCLuPjWbFxgrGdK094fRCiFgzGz/Kxr22A86HSHDqBwzXMoBbPaF/pDrcx1lwyUJ6Vip0qpA+OHkuhrUpeZRVudkDcb+RuWHDOh7B10Gf7xBFY7GZAClOKo3EclnhgF3ZB1GK9JL5wVZ9sckmLaENnQr4kYO8aBDFy7k=
解密后的数据:hello world
签名结果,sign:PBP2//Iim4JHPw+wFyL0BiECBGM396IyqHozfpWuawDVryc0c5wuNmWA6T8UdNSdupvJFTknZvqrbLVGEfN72vyAAMkBHIDPoR05+3JMIaLi5M40X7lJY0vAiz6ppLdO2WY71CRd6s02p/sW76MUr/gVTMiOFXN7BdTZWE0PYpE=
验签结果,result:true