下面是RSA 生成公私鑰 加解密 加簽驗籤的功能類
開放平臺簽名算法名稱 | 標準簽名算法名稱 | 備註 |
RSA2 | SHA256WithRSA | 強制要求 RSA 密鑰的長度至少爲 2048 |
RSA | SHA1WithRSA | 對 RSA 密鑰的長度不限制,推薦使用 2048 位以上 |
由於計算能力的飛速發展,從安全性角度考慮,儘可能考慮RSA2,該算法在摘要算法上比 SHA1WithRSA 有更強的安全能力。
目前 SHA1WithRSA 的簽名算法很多地方也提供支持,但爲了您的應用安全,強烈建議使用 SHA256WithRSA 的簽名算法。
keySize長度推薦 2048位
工具類 使用的 全部是 jdk自帶jar 不需要引入其他包,附帶基礎測試,工具類使用的是RSA2 keysize 默認 2048,標準算法名稱爲
SHA256WithRSA
package utils;
import javax.crypto.Cipher;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
/**
* @Author: 四靈
* @Description: RSA 非對稱 加密解密 加簽驗籤工具
* @Date: Created in 15:01 2016/4/9
*/
@SuppressWarnings("all")
public class RSAUtils {
//取值 SHA256WithRSA 或者 SHA1WithRSA
//RSA 對應 SHA1WithRSA
//RSA2 對應 SHA256WithRSA 至少2048 位以上
public static final String SHA_WITH_RSA_ALGORITHM = "SHA256WithRSA";
public static final String MD5_WITH_RSA = "MD5WithRSA";
public static final int KEY_SIZE_2048 = 2048;
public static final int KEY_SIZE_1024 = 1024;
public static final String ALGORITHM = "RSA";
public static final String CHARSET = "UTF-8";
/**
* SHAWithRSA簽名
*/
public static String sign(String in,String pivateKey,String algorithm) throws Exception{
PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(pivateKey));
KeyFactory keyf = KeyFactory.getInstance(ALGORITHM);
PrivateKey priKey = keyf.generatePrivate(priPKCS8);
Signature signa = Signature.getInstance(algorithm!=null?algorithm:SHA_WITH_RSA_ALGORITHM);
signa.initSign(priKey);
signa.update(in.getBytes());
byte[] signdata = signa.sign();
return Base64.getEncoder().encodeToString(signdata);
}
/**
* SHAWithRSA簽名
* 默認 SHAWithRSA簽名
*/
public static String sign(String in,String pivateKey) throws Exception{
return sign(in,pivateKey,null);
}
/**
* SHAWithRSA驗籤
* 默認SHAWithRSA驗籤
*/
public static boolean isValid(String in,String signData,String publicKey,String algorithm) throws Exception{
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
byte[] encodedKey = Base64.getDecoder().decode(publicKey);
PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
Signature signa = Signature.getInstance(algorithm!=null?algorithm:SHA_WITH_RSA_ALGORITHM);
signa.initVerify(pubKey);
signa.update(in.getBytes());
byte[] sign_byte = Base64.getDecoder().decode(signData);
boolean flag = signa.verify(sign_byte);
return flag;
}
/**
* SHAWithRSA驗籤
*/
public static boolean isValid(String in,String signData,String publicKey) throws Exception{
return isValid(in,signData,publicKey,null);
}
/**
* RSA公鑰加密
*/
public static String encrypt( String str, String publicKey) throws Exception{
//base64編碼的公鑰
byte[] decoded = Base64.getDecoder().decode(publicKey);
RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(ALGORITHM).generatePublic(new X509EncodedKeySpec(decoded));
//RSA加密
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
String outStr = Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes(CHARSET)));
return outStr;
}
/**
* RSA私鑰解密
*/
public static String decrypt(String str, String privateKey) throws Exception{
//64位解碼加密後的字符串
byte[] inputByte = java.util.Base64.getDecoder().decode(str.getBytes(CHARSET));
//base64編碼的私鑰
byte[] decoded = Base64.getDecoder().decode(privateKey);
RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(decoded));
//RSA解密
Cipher cipher = Cipher.getInstance(ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, priKey);
String outStr = new String(cipher.doFinal(inputByte));
return outStr;
}
/**
* 隨機生成密鑰對
* 也可以用阿里的生成工具
*/
public static void genKeyPair(Integer keySize) throws NoSuchAlgorithmException {
//推薦 2048位以上,保證安全性
if(keySize==null){
keySize = KEY_SIZE_2048;
}
// KeyPairGenerator類用於生成公鑰和私鑰對,基於RSA算法生成對象
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM);
// 初始化密鑰對生成器,密鑰大小爲96-1024位
keyPairGen.initialize(keySize, new SecureRandom());
// 生成一個密鑰對,保存在keyPair中
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到私鑰
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公鑰
String publicKeyString = new String(Base64.getEncoder().encode(publicKey.getEncoded()));
// 得到私鑰字符串
String privateKeyString = new String(Base64.getEncoder().encode(privateKey.getEncoded()));
// 將公鑰和私鑰保存到Map
System.out.println("公鑰:"+publicKeyString);
System.out.println("私鑰:"+privateKeyString);
}
//簡單測試
public static void main(String[] args) throws Exception {
String content = "我的數據";
//支付寶RSA生成的公私鑰 也同樣適用,可以自行嘗試
genKeyPair(null);
String publicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGv/70Te42PS5fyuLCNr/UiMtDqhasMZpmA92aDTWjh9RT5r4Kl3sKRO63RitWuEgFAZHljJUB9afEzWnP+EGpkeiq3SMpIfpUWy89nqZxUUyOg6aIvfEZBjKFFc3umM9uasFTLC8l4NCfDnlkpHxwQjc5emUGJ5ZnqqGOmrdP5se7dyO7QEtdI7/jfbzPDmMeWyegWE5iN8CHJh2V0foBur7gS/syTnbLFcRr3wzsbXh9RyLP9OMmHx9MO1fhTOnTZnN+xWXNggTgymoUM27+bZd/nrKaZNeUF50DIyTFEe6yqwkbtVf2jeR+CNjcWO+uP7CvTpDKk+9h3DZyZ5RwIDAQAB";
String privateKey = "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCQa//vRN7jY9Ll/K4sI2v9SIy0OqFqwxmmYD3ZoNNaOH1FPmvgqXewpE7rdGK1a4SAUBkeWMlQH1p8TNac/4QamR6KrdIykh+lRbLz2epnFRTI6Dpoi98RkGMoUVze6Yz25qwVMsLyXg0J8OeWSkfHBCNzl6ZQYnlmeqoY6at0/mx7t3I7tAS10jv+N9vM8OYx5bJ6BYTmI3wIcmHZXR+gG6vuBL+zJOdssVxGvfDOxteH1HIs/04yYfH0w7V+FM6dNmc37FZc2CBODKahQzbv5tl3+esppk15QXnQMjJMUR7rKrCRu1V/aN5H4I2NxY764/sK9OkMqT72HcNnJnlHAgMBAAECggEAYq4o1miMk3rl49fferFJXGtyGMPm/3gH0rL4D/ff8kme7u1T8NJawgvDEQcZWzT3+GTChQXNqD2EKmKmUegVb8coI0HZ2kwV62vQduZzT7QL26syHbVU2j96QVY2yulyNFIxStrAcbLp3d0JoJtoqAef4Z/BODPRF8DA8PzY9rrKM38EIki/lywgnhmmavfB4Z0jOi+yjL7uwj497YAC6XK5A4ZKFXYp1D5b0af7N7VyZNte/r/3nrH+/T2FpLGB3I8y/VB7cAS5GXB0GrUMOvVfnm576tukh4nOi+F0J3YxHW2AJU92RYE4qLT9nq5FsHFtu83+0Lo6C51wl4WcAQKBgQDNiM0J2gc10gNd0lv47CIUxgprKDJgxOs7xm7H+MVGzy2xpfsm3kjB/M4fHVDFLhSbqgo3TYBd9SgMxJRcmuE1HBs2Vd0NXMM+Q/XdIYA57YV3rclx7xUf95XZ2G2PFFFh45VW68KamZKufs4kbXwb3nrFgT48qkFWiKxTrXi7gQKBgQCz4d9da6+WVuDR5tURnZDATwbEefxpmSaIGbF16JAR1sY4Wnj5hB0phD0Pv0b/8+35ZpKGpK/ca7qm1VR9fEfMvP1f311ICXqovoydHktgEhTC+ictDMoHjSjJ8VHMKz+ahmQKB/AFHqReg+lfkcc3zOf/A99cvqWWkyGmq4i4xwKBgGZHjmk5o17oDJ7SwMwFjgwyZRrgHPnE5J6RZ62BoYJUNRPzWiEEesZ2LIiVSQ1mmgDAxGay3Y9kITMBXCcdN7b7LpuCbQdqQwqoPSB2vF2XUlS1Gcrlw+hth5epuRN7c+g3nahsmCHhDHpjReggx6MCuquwXi1IOE18o+zcJXmBAoGAVmTBVqkFp/sJ90YaR1+ZygMqiOrdpAn+S5erd6m+qBKzGRW6zHv7VZlBinKfswaA4Su2bBxkqkTDXKVQ8wPhqB+MwaMRtit3UdxSxJNsODP27L4gWq6tyXqugG76jkinP5wUKA0v5gWVhB9u0ou9Vrt/ISfG+1BFT1BS9S2leLkCgYAbFtXUQTNKd9IuI1pZguuwVI8US/xAOM4uTQoQx/tUO3OwgLt9iziKqg1n8GtRESAGwfbtJli85fhYSB36CdPs3ad22Y1SM6xnpLt5TnA8Vc3IuME4Y1ogH6Z3EBVvTPBb5BX2XoBvbpx8nMxtPIrh5ZkS8Cb9aoOoEhTrvEXrNw==";
/*加解密測試*/
String encryptContent = RSAUtils.encrypt(content, publicKey);
System.out.println("加密後數據:\n" + encryptContent);
String decryptContent = RSAUtils.decrypt(encryptContent,privateKey);
System.out.println("解密後數據:\n"+decryptContent);
/*加簽驗籤測試*/
String signOriginalContent = "驗籤功能測試";
String geneSignContent = RSAUtils.sign(signOriginalContent, privateKey);
System.out.println("生成的簽名:\n"+geneSignContent);
boolean valid = RSAUtils.isValid(signOriginalContent,geneSignContent, publicKey);
System.out.println("結果驗籤:\n"+valid);
}
}