package com.ykx.transfer.util;
import java.io.ByteArrayOutputStream;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.apache.commons.io.IOUtils;
/**
* 加解密工具類
*/
public final class EncryptDecryptUtil {
public static final String CHARSET = "UTF-8";
//密鑰算法
public static final String ALGORITHM_RSA = "RSA";
//RSA 簽名算法
public static final String ALGORITHM_RSA_SIGN = "SHA256WithRSA";
public static final int ALGORITHM_RSA_PRIVATE_KEY_LENGTH = 2048;
private static String publickey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDazJE8JgkL4hXA5pJwuBu9skcCrA6cQBGws3G0rmIp/K51sqGVCradW8ait03/5/sUKoHDF2tu89dcuhTYBxgidMDmyBlAznU8WRt9FrgCtlhq4evcq+ZeUAPyXtvBMU18gNJq0EctJbszjTBkGvHuEuJes5lPs3nT+eHG1edwfQIDAQAB";
private static String privatekey = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBANrMkTwmCQviFcDmknC4G72yRwKsDpxAEbCzcbSuYin8rnWyoZUKtp1bxqK3Tf/n+xQqgcMXa27z11y6FNgHGCJ0wObIGUDOdTxZG30WuAK2WGrh69yr5l5QA/Je28ExTXyA0mrQRy0luzONMGQa8e4S4l6zmU+zedP54cbV53B9AgMBAAECgYA/FCby3kxRXrbCzDZ/xLRKtjD+tjfoGBiBhtpLKtMmI7DwQbWP0GzhZOoZUxtroaejIrYSVpgkfqwiEYuc1D7Cd8N8ucXxG+UJE/lJoI9mlou5UAvEhJpjiWgKJDKkuRai3BfTBWDTCvDFrODPPeFaOGkIFgEFb+q2HoGOHjoOwQJBAPHlBHUz2M93Us2TKisTX+YrpZkyhEL6Z/U6EBcdVBhbnM9VFFT8g+qxQoFhsxg6xQe6I7vveRTR1cBDEqGzUkkCQQDnjsg1+RFdPRfJ4Z55KjdeP5Q2M3iLMGlPOSgcKKPXE7GI3A8rRY+STHXOgP+PWVESRGEG4LhyREwJHjGzRCyVAkEAq++kLoaOylC/W34KUBnyZVGK4IymtFD2ybjerP9cwf+EQ17vF8VxIsWiRwKh4UwMtoRZWAFMqD7KV2GVgbhLeQJAHEw1qWrjtVpG8vPwkuwW0hzA9xK5M4FaDUV14mMRCrKsaoZCEE6y6fUQHIllMdZ/ctUKanXB9KzmAeM/vaGiNQJAGk7xrqDAETApzZhwWmSxNzOJhVcOvo9URXwbwiuD/H5jsxCXMbIog5t0uiGhDN4Aqv5JeGODgGXbWcS598J8/A==";
private EncryptDecryptUtil() {
}
/**
* 初始化RSA算法密鑰對
*
* @param keysize RSA1024已經不安全了,建議2048
* @return 經過Base64編碼後的公私鑰Map, 鍵名分別爲publicKey和privateKey
*/
public static Map<String, String> initRSAKey(int keysize) {
if (keysize != ALGORITHM_RSA_PRIVATE_KEY_LENGTH) {
throw new IllegalArgumentException("RSA1024已經不安全了,請使用" + ALGORITHM_RSA_PRIVATE_KEY_LENGTH + "初始化RSA密鑰對");
}
//爲RSA算法創建一個KeyPairGenerator對象
KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance(ALGORITHM_RSA);
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("No such algorithm-->[" + ALGORITHM_RSA + "]");
}
//初始化KeyPairGenerator對象,不要被initialize()源碼表面上欺騙,其實這裏聲明的size是生效的
kpg.initialize(ALGORITHM_RSA_PRIVATE_KEY_LENGTH);
//生成密匙對
KeyPair keyPair = kpg.generateKeyPair();
//得到公鑰
Key publicKey = keyPair.getPublic();
String publicKeyStr = Base64.getEncoder().encodeToString(publicKey.getEncoded());
//得到私鑰
Key privateKey = keyPair.getPrivate();
String privateKeyStr = Base64.getEncoder().encodeToString(privateKey.getEncoded());
Map<String, String> keyPairMap = new HashMap<String, String>();
keyPairMap.put("publicKey", publicKeyStr);
keyPairMap.put("privateKey", privateKeyStr);
return keyPairMap;
}
/**
* RSA算法公鑰加密數據
*
* @param data 待加密的明文字符串
* @param key RSA公鑰字符串
* @return RSA公鑰加密後的經過Base64編碼的密文字符串
*/
public static String buildRSAEncryptByPublicKey(String data, String key) {
try {
//通過X509編碼的Key指令獲得公鑰對象
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(key));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return Base64.getEncoder().encodeToString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET)));
} catch (Exception e) {
throw new RuntimeException("加密字符串[" + data + "]時遇到異常", e);
}
}
/**
* RSA算法公鑰解密數據
*
* @param data 待解密的經過Base64編碼的密文字符串
* @param key RSA公鑰字符串
* @return RSA公鑰解密後的明文字符串
*/
public static String buildRSADecryptByPublicKey(String data, String key) {
try {
//通過X509編碼的Key指令獲得公鑰對象
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(key));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.getDecoder().decode(data)), CHARSET);
} catch (Exception e) {
throw new RuntimeException("解密字符串[" + data + "]時遇到異常", e);
}
}
/**
* RSA算法私鑰加密數據
*
* @param data 待加密的明文字符串
* @param key RSA私鑰字符串
* @return RSA私鑰加密後的經過Base64編碼的密文字符串
*/
public static String buildRSAEncryptByPrivateKey(String data, String key) {
try {
//通過PKCS#8編碼的Key指令獲得私鑰對象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(key));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return Base64.getEncoder().encodeToString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET)));
} catch (Exception e) {
throw new RuntimeException("加密字符串[" + data + "]時遇到異常", e);
}
}
/**
* RSA算法私鑰解密數據
* @param data 待解密的經過Base64編碼的密文字符串
* @param key RSA私鑰字符串
* @return RSA私鑰解密後的明文字符串
*/
public static String buildRSADecryptByPrivateKey(String data, String key) {
try {
//通過PKCS#8編碼的Key指令獲得私鑰對象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(key));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.getDecoder().decode(data)), CHARSET);
} catch (Exception e) {
throw new RuntimeException("解密字符串[" + data + "]時遇到異常", e);
}
}
/**
* RSA算法使用私鑰對數據生成數字簽名
*
* @param data 待簽名的明文字符串
* @param key RSA私鑰字符串
* @return RSA私鑰簽名後的經過Base64編碼的字符串
*/
public static String buildRSASignByPrivateKey(String data, String key) {
try {
//通過PKCS#8編碼的Key指令獲得私鑰對象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(key));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance(ALGORITHM_RSA_SIGN);
signature.initSign(privateKey);
signature.update(data.getBytes(CHARSET));
return Base64.getEncoder().encodeToString(signature.sign());
} catch (Exception e) {
throw new RuntimeException("簽名字符串[" + data + "]時遇到異常", e);
}
}
/**
* RSA算法使用公鑰校驗數字簽名
*
* @param data 參與簽名的明文字符串
* @param key RSA公鑰字符串
* @param sign RSA簽名得到的經過Base64編碼的字符串
* @return true--驗籤通過,false--驗籤未通過
*/
public static boolean buildRSAverifyByPublicKey(String data, String key, String sign) {
try {
//通過X509編碼的Key指令獲得公鑰對象
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(key));
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA);
PublicKey publicKey = keyFactory.generatePublic(x509KeySpec);
Signature signature = Signature.getInstance(ALGORITHM_RSA_SIGN);
signature.initVerify(publicKey);
signature.update(data.getBytes(CHARSET));
return signature.verify(Base64.getDecoder().decode(sign));
} catch (Exception e) {
throw new RuntimeException("驗簽字符串[" + data + "]時遇到異常", e);
}
}
/**
* RSA算法分段加解密數據
*
* @param cipher 初始化了加解密工作模式後的javax.crypto.Cipher對象
* @param opmode 加解密模式,值爲javax.crypto.Cipher.ENCRYPT_MODE/DECRYPT_MODE
* @return 加密或解密後得到的數據的字節數組
*/
private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas) {
int maxBlock = 0;
if (opmode == Cipher.DECRYPT_MODE) {
maxBlock = ALGORITHM_RSA_PRIVATE_KEY_LENGTH / 8;
} else {
maxBlock = ALGORITHM_RSA_PRIVATE_KEY_LENGTH / 8 - 11;
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] buff;
int i = 0;
try {
while (datas.length > offSet) {
if (datas.length - offSet > maxBlock) {
buff = cipher.doFinal(datas, offSet, maxBlock);
} else {
buff = cipher.doFinal(datas, offSet, datas.length - offSet);
}
out.write(buff, 0, buff.length);
i++;
offSet = i * maxBlock;
}
} catch (Exception e) {
throw new RuntimeException("加解密閥值爲[" + maxBlock + "]的數據時發生異常", e);
}
byte[] resultDatas = out.toByteArray();
IOUtils.closeQuietly(out);
return resultDatas;
}
public static void main(String[] args) {
System.out.println("簽名:"+buildRSASignByPrivateKey("ABCabc123測試", privatekey));
System.out.println("校驗:"+buildRSAverifyByPublicKey("ABCabc123測試",publickey,buildRSASignByPrivateKey("ABCabc123測試", privatekey)));
}
}