首頁 > 開發者 > Go

RSA加密解密(無資料大小限制,php、go、java互連實現)

來源:互聯網
上載者:User
創建阿里雲帳戶,並獲得超過 40 款產品的免費試用版;而企業帳戶則可以享有總值 $1200 的免費試用版。立即註冊!
這是一個建立於 的文章,其中的資訊可能已經有所發展或是發生改變。

RSA加解密中必須考慮到的密鑰長度、明文長度和密文長度問題。明文長度需要小於密鑰長度,而密文長度則等於密鑰長度。因此當加密內容長度大於密鑰長度時,有效RSA加解密就需要對內容進行分段。

這是因為,RSA演算法本身要求加密內容也就是明文長度m必須0<m<密鑰長度n。如果小於這個長度就需要進行padding,因為如果沒有padding,使用者無法確分解密後內容的真實長度,字串之類的內容問題還不大,以0作為結束符,但對位元據就很難理解,因為不確定後面的0是內容還是內容結束符。而只要用到padding,那麼就要佔用實際的明文長度,於是實際明文長度需要減去padding位元組長度。我們一般使用的padding標準有NoPPadding、OAEPPadding、PKCS1Padding等,其中PKCS#1建議的padding就佔用了11個位元組。

這樣,對於1024長度的密鑰。128位元組(1024bits)-減去11位元組正好是117位元組,但對於RSA加密來講,padding也是參與加密的,所以,依然按照1024bits去理解,但實際的明文只有117位元組了。

Php實現

if (! function_exists('url_safe_base64_encode')) {    function url_safe_base64_encode ($data) {        return str_replace(array('+','/', '='),array('-','_', ''), base64_encode($data));    }}if (! function_exists('url_safe_base64_decode')) {    function url_safe_base64_decode ($data) {        $base_64 = str_replace(array('-','_'),array('+','/'), $data);        return base64_decode($base_64);    }}class XRsa{    const CHAR_SET = "UTF-8";    const BASE_64_FORMAT = "UrlSafeNoPadding";    const RSA_ALGORITHM_KEY_TYPE = OPENSSL_KEYTYPE_RSA;    const RSA_ALGORITHM_SIGN = OPENSSL_ALGO_SHA256;    protected $public_key;    protected $private_key;    protected $key_len;    public function __construct($pub_key, $pri_key = null)    {        $this->public_key = $pub_key;        $this->private_key = $pri_key;        $pub_id = openssl_get_publickey($this->public_key);        $this->key_len = openssl_pkey_get_details($pub_id)['bits'];    }    /*     * 建立金鑰組     */    public static function createKeys($key_size = 2048)    {        $config = array(            "private_key_bits" => $key_size,            "private_key_type" => self::RSA_ALGORITHM_KEY_TYPE,        );        $res = openssl_pkey_new($config);        openssl_pkey_export($res, $private_key);        $public_key_detail = openssl_pkey_get_details($res);        $public_key = $public_key_detail["key"];        return [            "public_key" => $public_key,            "private_key" => $private_key,        ];    }    /*     * 公開金鑰加密     */    public function publicEncrypt($data)    {        $encrypted = '';        $part_len = $this->key_len / 8 - 11;        $parts = str_split($data, $part_len);        foreach ($parts as $part) {            $encrypted_temp = '';            openssl_public_encrypt($part, $encrypted_temp, $this->public_key);            $encrypted .= $encrypted_temp;        }        return url_safe_base64_encode($encrypted);    }    /*     * 私密金鑰解密     */    public function privateDecrypt($encrypted)    {        $decrypted = "";        $part_len = $this->key_len / 8;        $base64_decoded = url_safe_base64_decode($encrypted);        $parts = str_split($base64_decoded, $part_len);        foreach ($parts as $part) {            $decrypted_temp = '';            openssl_private_decrypt($part, $decrypted_temp,$this->private_key);            $decrypted .= $decrypted_temp;        }        return $decrypted;    }    /*     * 私密金鑰加密     */    public function privateEncrypt($data)    {        $encrypted = '';        $part_len = $this->key_len / 8 - 11;        $parts = str_split($data, $part_len);        foreach ($parts as $part) {            $encrypted_temp = '';            openssl_private_encrypt($part, $encrypted_temp, $this->private_key);            $encrypted .= $encrypted_temp;        }        return url_safe_base64_encode($encrypted);    }    /*     * 公開金鑰解密     */    public function publicDecrypt($encrypted)    {        $decrypted = "";        $part_len = $this->key_len / 8;        $base64_decoded = url_safe_base64_decode($encrypted);        $parts = str_split($base64_decoded, $part_len);        foreach ($parts as $part) {            $decrypted_temp = '';            openssl_public_decrypt($part, $decrypted_temp,$this->public_key);            $decrypted .= $decrypted_temp;        }        return $decrypted;    }    /*     * 資料加簽     */    public function sign($data)    {        openssl_sign($data, $sign, $this->private_key, self::RSA_ALGORITHM_SIGN);        return url_safe_base64_encode($sign);    }    /*     * 資料簽名驗證     */    public function verify($data, $sign)    {        $pub_id = openssl_get_publickey($this->public_key);        $res = openssl_verify($data, url_safe_base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN);        return $res;    }}

Go實現

package xrsaimport (    "encoding/pem"    "encoding/base64"    "crypto/x509"    "crypto/rsa"    "crypto/rand"    "errors"    "crypto"    "io"    "bytes"    "encoding/asn1")const (    CHAR_SET = "UTF-8"    BASE_64_FORMAT = "UrlSafeNoPadding"    RSA_ALGORITHM_KEY_TYPE = "PKCS8"    RSA_ALGORITHM_SIGN = crypto.SHA256)type XRsa struct {    publicKey *rsa.PublicKey    privateKey *rsa.PrivateKey}// 產生金鑰組func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error {    // 產生私密金鑰檔案    privateKey, err := rsa.GenerateKey(rand.Reader, keyLength)    if err != nil {        return err    }    derStream := MarshalPKCS8PrivateKey(privateKey)    block := &pem.Block{        Type:  "PRIVATE KEY",        Bytes: derStream,    }    err = pem.Encode(privateKeyWriter, block)    if err != nil {        return err    }    // 產生公開金鑰檔案    publicKey := &privateKey.PublicKey    derPkix, err := x509.MarshalPKIXPublicKey(publicKey)    if err != nil {        return err    }    block = &pem.Block{        Type:  "PUBLIC KEY",        Bytes: derPkix,    }    err = pem.Encode(publicKeyWriter, block)    if err != nil {        return err    }    return nil}func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) {    block, _ := pem.Decode(publicKey)    if block == nil {        return nil, errors.New("public key error")    }    pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)    if err != nil {        return nil, err    }    pub := pubInterface.(*rsa.PublicKey)    block, _ = pem.Decode(privateKey)    if block == nil {        return nil, errors.New("private key error!")    }    priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)    if err != nil {        return nil, err    }    pri, ok := priv.(*rsa.PrivateKey)    if ok {        return &XRsa {            publicKey: pub,            privateKey: pri,        }, nil    } else {        return nil, errors.New("private key not supported")    }}// 公開金鑰加密func (r *XRsa) PublicEncrypt(data string) (string, error) {    partLen := r.publicKey.N.BitLen() / 8 - 11    chunks := split([]byte(data), partLen)    buffer := bytes.NewBufferString("")    for _, chunk := range chunks {        bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk)        if err != nil {            return "", err        }        buffer.Write(bytes)    }    return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil}// 私密金鑰解密func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) {    partLen := r.publicKey.N.BitLen() / 8    raw, err := base64.RawURLEncoding.DecodeString(encrypted)    chunks := split([]byte(raw), partLen)    buffer := bytes.NewBufferString("")    for _, chunk := range chunks {        decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk)        if err != nil {            return "", err        }        buffer.Write(decrypted)    }    return buffer.String(), err}// 資料加簽func (r *XRsa) Sign(data string) (string, error) {    h := RSA_ALGORITHM_SIGN.New()    h.Write([]byte(data))    hashed := h.Sum(nil)    sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed)    if err != nil {        return "", err    }    return base64.RawURLEncoding.EncodeToString(sign), err}// 資料驗簽func (r *XRsa) Verify(data string, sign string) error {    h := RSA_ALGORITHM_SIGN.New()    h.Write([]byte(data))    hashed := h.Sum(nil)    decodedSign, err := base64.RawURLEncoding.DecodeString(sign)    if err != nil {        return err    }    return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)}func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte {    info := struct {        Version             int        PrivateKeyAlgorithm []asn1.ObjectIdentifier        PrivateKey          []byte    }{}    info.Version = 0    info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1)    info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}    info.PrivateKey = x509.MarshalPKCS1PrivateKey(key)    k, _ := asn1.Marshal(info)    return k}func split(buf []byte, lim int) [][]byte {    var chunk []byte    chunks := make([][]byte, 0, len(buf)/lim+1)    for len(buf) >= lim {        chunk, buf = buf[:lim], buf[lim:]        chunks = append(chunks, chunk)    }    if len(buf) > 0 {        chunks = append(chunks, buf[:len(buf)])    }    return chunks}

Java實現

package com.inspii;import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils;import javax.crypto.Cipher;import java.io.ByteArrayOutputStream;import java.security.*;import java.security.interfaces.RSAPublicKey;import java.security.interfaces.RSAPrivateKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;public class XRsa {    public static final String CHARSET = "UTF-8";    public static final String RSA_ALGORITHM = "RSA";    public static final String RSA_ALGORITHM_SIGN = "SHA256WithRSA";    private RSAPublicKey publicKey;    private RSAPrivateKey privateKey;    public XRsa(String publicKey, String privateKey)    {        try {            KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM);            //通過X509編碼的Key指令獲得公開金鑰對象            X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));            this.publicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);            //通過PKCS#8編碼的Key指令獲得私密金鑰對象            PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));            this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);        } catch (Exception e) {            throw new RuntimeException("不支援的密鑰", e);        }    }    public static Map<String, String> createKeys(int keySize){        //為RSA演算法建立一個KeyPairGenerator對象        KeyPairGenerator kpg;        try{            kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM);        }catch(NoSuchAlgorithmException e){            throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]");        }        //初始化KeyPairGenerator對象,不要被initialize()源碼錶面上欺騙,其實這裡聲明的size是生效的        kpg.initialize(keySize);        //產生密匙對        KeyPair keyPair = kpg.generateKeyPair();        //得到公開金鑰        Key publicKey = keyPair.getPublic();        String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());        //得到私密金鑰        Key privateKey = keyPair.getPrivate();        String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());        Map<String, String> keyPairMap = new HashMap<String, String>();        keyPairMap.put("publicKey", publicKeyStr);        keyPairMap.put("privateKey", privateKeyStr);        return keyPairMap;    }    public String publicEncrypt(String data){        try{            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);            cipher.init(Cipher.ENCRYPT_MODE, publicKey);            return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));        }catch(Exception e){            throw new RuntimeException("加密字串[" + data + "]時遇到異常", e);        }    }    public String privateDecrypt(String data){        try{            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);            cipher.init(Cipher.DECRYPT_MODE, privateKey);            return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);        }catch(Exception e){            throw new RuntimeException("解密字串[" + data + "]時遇到異常", e);        }    }    public String privateEncrypt(String data){        try{            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);            cipher.init(Cipher.ENCRYPT_MODE, privateKey);            return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength()));        }catch(Exception e){            throw new RuntimeException("加密字串[" + data + "]時遇到異常", e);        }    }    public String publicDecrypt(String data){        try{            Cipher cipher = Cipher.getInstance(RSA_ALGORITHM);            cipher.init(Cipher.DECRYPT_MODE, publicKey);            return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET);        }catch(Exception e){            throw new RuntimeException("解密字串[" + data + "]時遇到異常", e);        }    }    public String sign(String data){        try{            //sign            Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN);            signature.initSign(privateKey);            signature.update(data.getBytes(CHARSET));            return Base64.encodeBase64URLSafeString(signature.sign());        }catch(Exception e){            throw new RuntimeException("簽名字串[" + data + "]時遇到異常", e);        }    }    public boolean verify(String data, String sign){        try{            Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN);            signature.initVerify(publicKey);            signature.update(data.getBytes(CHARSET));            return signature.verify(Base64.decodeBase64(sign));        }catch(Exception e){            throw new RuntimeException("驗簽字串[" + data + "]時遇到異常", e);        }    }    private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){        int maxBlock = 0;        if(opmode == Cipher.DECRYPT_MODE){            maxBlock = keySize / 8;        }else{            maxBlock = keySize / 8 - 11;        }        ByteArrayOutputStream out = new ByteArrayOutputStream();        int offSet = 0;        byte[] buff;        int i = 0;        try{            while(datas.length > offSet){                if(datas.length-offSet > maxBlock){                    buff = cipher.doFinal(datas, offSet, maxBlock);                }else{                    buff = cipher.doFinal(datas, offSet, datas.length-offSet);                }                out.write(buff, 0, buff.length);                i++;                offSet = i * maxBlock;            }        }catch(Exception e){            throw new RuntimeException("加解密閥值為["+maxBlock+"]的資料時發生異常", e);        }        byte[] resultDatas = out.toByteArray();        IOUtils.closeQuietly(out);        return resultDatas;    }}

參考

github地址: https://github.com/williamyli...

本文章原先以中文撰寫並發佈於 aliyun.com,亦設英文版本,僅作資訊用途。本網站不對文章的準確性,完整性或可靠性或其任何翻譯作出任何明示或暗示的陳述或保證。如對該文章有任何疑慮或投訴,請傳送電郵至 info-contact@alibabacloud.com 並提供相關疑慮或投訴的詳細說明。職員會於 5 個工作天內與您聯絡,一經驗證之後,即會刪除該侵權內容。

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More