RSA加密解密(无数据大小限制,php、go、java互通实现)
RSA加解密中必须考虑到的**长度、明文长度和密文长度问题。明文长度需要小于**长度,而密文长度则等于**长度。因此当加密内容长度大于**长度时,有效的RSA加解密就需要对内容进行分段。
这是因为,RSA算法本身要求加密内容也就是明文长度m必须0 这样,对于1024长度的**。128字节(1024bits)-减去11字节正好是117字节,但对于RSA加密来讲,padding也是参与加密的,所以,依然按照1024bits去理解,但实际的明文只有117字节了。 生成:在线RSA公钥私钥生成 公钥:公钥:
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXyvN9fLKoixOZsD61cJ
QxzuRNCPdruj5ApBsr2jIakpF7yCXTh3OgKOzE2Y9O5r8kC7oDaDOhmcagPG4nsi
80HMGynh/Kwa3bUpPEySsHk6qYI4QAz8XS9IQ/y1GD9tsEgY/783fA1hKr/yPpfP
eVQdmlYd2GT4owUAoSS4zXcFNlUf/4dy052Jbb/0am6zONLC7BwyZ2d+znGhX2te
LdR9EegPZcpRBAf+litsmzhsRa3CO4vRWgexYOrsr07gCpwnEFEJYUnB8Zq/OfCr
qxqXnj+NkqTcMB6JUvyYWtfuWrRxgf8iHsau8Ds354BDv3t3TgMjpuWxpzX+eArc
9QIDAQAB
-----END PUBLIC KEY----------BEGIN RSA PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJfK8318sqiLE5
mwPrVwlDHO5E0I92u6PkCkGyvaMhqSkXvIJdOHc6Ao7MTZj07mvyQLugNoM6GZxq
A8bieyLzQcwbKeH8rBrdtSk8TJKweTqpgjhADPxdL0hD/LUYP22wSBj/vzd8DWEq
v/I+l895VB2aVh3YZPijBQChJLjNdwU2VR//h3LTnYltv/RqbrM40sLsHDJnZ37O
caFfa14t1H0R6A9lylEEB/6WK2ybOGxFrcI7i9FaB7Fg6uyvTuAKnCcQUQlhScHx
mr858KurGpeeP42SpNwwHolS/Jha1+5atHGB/yIexq7wOzfngEO/e3dOAyOm5bGn
Nf54Ctz1AgMBAAECggEAUjvtV6FfblCz5Ir8IoU3ZojcRoHIy/DxhxUYk1cKyaY8
+08Y9esh3i9FEOVq1CyrKgh5i340OPZS/IHmHnGbZiUopL2HWpTzsiFKXy3xgM05
wA1B4AJszauKlxUA5JCeuB/09AybHKppSgVlXV6gcyh9nIwhSjyLrh1QkHRoaJK9
DebFWCGEFEl5mpKtklc9TQCmbwIJEVk2406BgKt1iCHqFqsXSEDXh0/HYAwLgLxg
mQTvKDqI1XTUqXYKXLEbTVpRqgdM9+LxsscoNxqX8vA/NnqpSVS1onVlyR3tYWQm
upN72wInNcJS3rLb8BX34rLvQguXOOpT4w5+kRfUUQKBgQD4f2+EU+J8f13+mO6v
k0iZ0kOURHAXrgf1oOQSAYGnU6vmnpLNkTUcHwUfCb06VwKvPAKK0hFBgirbaTeD
YQOLT7XJmX8vpt9baNT++51PtSMj61GnZaxeR7fd1MzL2NcGQshFJr8S4h7IWOTM
bFc/xLurmmbH1/Dzg+Y5CtTtHwKBgQDPkeq+yWa//OjGPxbKNZ/ES2+kat+/bKuG
m6RoSZ0WpAgGk5gyI/soLt3ARdd6xHW8OG+vMGuo1530V7B3GZVVIK3x7FcMJ61E
I7JQDUvTlM1IEXiQMQxBgTyrvKEhsc39H4UNoSLd0GobB4d5Re2jdghS3s4nKgRa
x5m4CAsfawKBgBB9fGv+mRAD77vecDBsiKvUfTGQnROlM9gD9j6PpQfykHy8VyeX
FDwqfs+BePIvJfl09QI7UHPVbHyk7c8lF/QdtQWMzxjdbQMG4OOO1PCeJ5fRnNiL
8bVL8xKgdXqtiA9dTSbxnEpngP1wkLZUFjIgHwgTNfDbDp1KSnPMmTanAoGAI9MM
T9dUy4fr6ONUnJu6sldOsnLboR8xT28nZfRmj1TKKdBpcSXyoBHOpfOn6AFmTJD0
/ah+vEpScax8wWGB+4pDW0CuGWPzrJH4oYZZ8u94qpqRU1mTwu56OS26JaWZZrl8
7khES0JAPeADyrN9+ztQ3nSj4fCHhd9zMWb5/HcCgYEAz0w883BdI1uvWq12IE5g
gJ62EDpSx0RoFlhq4ys6XvWGBywMdg4l3Ls2Xc+VY/jzE87f2hJdGTprHkEkQEHm
Tf7WvCd/lfwW7DuC7M34QCn4GbUI1i23wcHvUaR9nztqjCBug4hgwYsJee9EYDjk
GoqgYm9dIQw0g9d2FYJU1Pg=
-----END RSA PRIVATE KEY-----
Go实现
package xrsa
import (
"encoding/pem"
"encoding/base64"
"crypto/x509"
"crypto/rsa"
"crypto/rand"
"errors"
"crypto"
"io"
"bytes"
"encoding/asn1"
)
const (
CHAR_SET = "UTF-8"
BASE_64_FORMAT = "UrlSafeNoPadding"
RSA_ALGORITHM_KEY_TYPE = "PKCS8"
RSA_ALGORITHM_SIGN = crypto.SHA256
)
type XRsa struct {
publicKey *rsa.PublicKey
privateKey *rsa.PrivateKey
}
// 生成**对
func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error {
// 生成私钥文件
privateKey, err := rsa.GenerateKey(rand.Reader, keyLength)
if err != nil {
return err
}
derStream := MarshalPKCS8PrivateKey(privateKey)
block := &pem.Block{
Type: "PRIVATE KEY",
Bytes: derStream,
}
err = pem.Encode(privateKeyWriter, block)
if err != nil {
return err
}
// 生成公钥文件
publicKey := &privateKey.PublicKey
derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
if err != nil {
return err
}
block = &pem.Block{
Type: "PUBLIC KEY",
Bytes: derPkix,
}
err = pem.Encode(publicKeyWriter, block)
if err != nil {
return err
}
return nil
}
func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) {
block, _ := pem.Decode(publicKey)
if block == nil {
return nil, errors.New("public key error")
}
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
pub := pubInterface.(*rsa.PublicKey)
block, _ = pem.Decode(privateKey)
if block == nil {
return nil, errors.New("private key error!")
}
priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
pri, ok := priv.(*rsa.PrivateKey)
if ok {
return &XRsa {
publicKey: pub,
privateKey: pri,
}, nil
} else {
return nil, errors.New("private key not supported")
}
}
// 公钥加密
func (r *XRsa) PublicEncrypt(data string) (string, error) {
partLen := r.publicKey.N.BitLen() / 8 - 11
chunks := split([]byte(data), partLen)
buffer := bytes.NewBufferString("")
for _, chunk := range chunks {
bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk)
if err != nil {
return "", err
}
buffer.Write(bytes)
}
return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil
}
// 私钥解密
func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) {
partLen := r.publicKey.N.BitLen() / 8
raw, err := base64.RawURLEncoding.DecodeString(encrypted)
chunks := split([]byte(raw), partLen)
buffer := bytes.NewBufferString("")
for _, chunk := range chunks {
decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk)
if err != nil {
return "", err
}
buffer.Write(decrypted)
}
return buffer.String(), err
}
// 数据加签
func (r *XRsa) Sign(data string) (string, error) {
h := RSA_ALGORITHM_SIGN.New()
h.Write([]byte(data))
hashed := h.Sum(nil)
sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed)
if err != nil {
return "", err
}
return base64.RawURLEncoding.EncodeToString(sign), err
}
// 数据验签
func (r *XRsa) Verify(data string, sign string) error {
h := RSA_ALGORITHM_SIGN.New()
h.Write([]byte(data))
hashed := h.Sum(nil)
decodedSign, err := base64.RawURLEncoding.DecodeString(sign)
if err != nil {
return err
}
return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)
}
func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte {
info := struct {
Version int
PrivateKeyAlgorithm []asn1.ObjectIdentifier
PrivateKey []byte
}{}
info.Version = 0
info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1)
info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
info.PrivateKey = x509.MarshalPKCS1PrivateKey(key)
k, _ := asn1.Marshal(info)
return k
}
func split(buf []byte, lim int) [][]byte {
var chunk []byte
chunks := make([][]byte, 0, len(buf)/lim+1)
for len(buf) >= lim {
chunk, buf = buf[:lim], buf[lim:]
chunks = append(chunks, chunk)
}
if len(buf) > 0 {
chunks = append(chunks, buf[:len(buf)])
}
return chunks
}
Php实现
public_key = $pub_key;
$this->private_key = $pri_key;
$pub_id = openssl_get_publickey($this->public_key);
$this->key_len = openssl_pkey_get_details($pub_id)['bits'];
}
/*
* 创建**对
*/
public static function createKeys($key_size = 2048)
{
$config = array(
"private_key_bits" => $key_size,
"private_key_type" => self::RSA_ALGORITHM_KEY_TYPE,
);
$res = openssl_pkey_new($config);
openssl_pkey_export($res, $private_key);
$public_key_detail = openssl_pkey_get_details($res);
$public_key = $public_key_detail["key"];
return [
"public_key" => $public_key,
"private_key" => $private_key,
];
}
/*
* 公钥加密
*/
public function publicEncrypt($data)
{
$encrypted = '';
$part_len = $this->key_len / 8 - 11;
$parts = str_split($data, $part_len);
foreach ($parts as $part) {
$encrypted_temp = '';
openssl_public_encrypt($part, $encrypted_temp, $this->public_key);
$encrypted .= $encrypted_temp;
}
return $this->url_safe_base64_encode($encrypted);
}
/*
* 私钥解密
*/
public function privateDecrypt($encrypted)
{
$decrypted = "";
$part_len = $this->key_len / 8;
$base64_decoded = $this->url_safe_base64_decode($encrypted);
$parts = str_split($base64_decoded, $part_len);
foreach ($parts as $part) {
$decrypted_temp = '';
openssl_private_decrypt($part, $decrypted_temp, $this->private_key);
$decrypted .= $decrypted_temp;
}
return $decrypted;
}
/*
* 私钥加密
*/
public function privateEncrypt($data)
{
$encrypted = '';
$part_len = $this->key_len / 8 - 11;
$parts = str_split($data, $part_len);
foreach ($parts as $part) {
$encrypted_temp = '';
openssl_private_encrypt($part, $encrypted_temp, $this->private_key);
$encrypted .= $encrypted_temp;
}
return $this->url_safe_base64_encode($encrypted);
}
/*
* 公钥解密
*/
public function publicDecrypt($encrypted)
{
$decrypted = "";
$part_len = $this->key_len / 8;
$base64_decoded = $this->url_safe_base64_decode($encrypted);
$parts = str_split($base64_decoded, $part_len);
foreach ($parts as $part) {
$decrypted_temp = '';
openssl_public_decrypt($part, $decrypted_temp, $this->public_key);
$decrypted .= $decrypted_temp;
}
return $decrypted;
}
/*
* 数据加签
*/
public function sign($data)
{
openssl_sign($data, $sign, $this->private_key, self::RSA_ALGORITHM_SIGN);
return $this->url_safe_base64_encode($sign);
}
/*
* 数据签名验证
*/
public function verify($data, $sign)
{
$pub_id = openssl_get_publickey($this->public_key);
$res = openssl_verify($data, $this->url_safe_base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN);
return $res;
}
function url_safe_base64_decode($data)
{
$base_64 = str_replace(array('-', '_'), array('+', '/'), $data);
return base64_decode($base_64);
}
function url_safe_base64_encode($data)
{
return str_replace(array('+', '/', '='), array('-', '_', ''), base64_encode($data));
}
}
?>Java实现
package com.inspii;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.io.IOUtils;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.security.interfaces.RSAPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
public class XRsa {
public static final String CHARSET = "UTF-8";
public static final String RSA_ALGORITHM = "RSA";
public static final String RSA_ALGORITHM_SIGN = "SHA256WithRSA";
private RSAPublicKey publicKey;
private RSAPrivateKey privateKey;
public XRsa(String publicKey, String privateKey)
{
try {
KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);
//通过X509编码的Key指令获得公钥对象
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));
this.publicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
//通过PKCS#8编码的Key指令获得私钥对象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));
this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);
} catch (Exception e) {
throw new RuntimeException("不支持的**", e);
}
}
public static Map