百度百科:RSA公开密钥密码体制是一种使用不同的加密密钥与解密密钥,“由已知加密密钥推导出解密密钥在计算上是不可行的”密码体制
RSA根据一对公钥,私钥对数据进行加密,签名 ----常跟AES加密互用,AES+AESkey加密数据,RSA加密AESKey,RSA对返回报文体进行签名
RSA加密: 拿商户的公钥对数据进行加密,商户拿到数据用私钥解密
RSA签名:用本公司的私钥进行签名,商户拿到数据用我们公司的公钥验签
加解密实例 demo链接
-----加密方法
/**
* 使用商户公钥进行加密
* @param data
* @param publicKey
* @return
*/
private static String encode(String data,String publicKey){
try {
byte[] decode = Base64.decode(publicKey);
// PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(decode);
// RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(decode);
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(decode);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Key key = keyFactory.generatePublic(x509EncodedKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE,key);
return Base64.encode(cipher.doFinal(data.getBytes("UTF-8")));
} catch (Base64DecodingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
}
return "";
}
-----解密方法
public static String decode(String data,String privateKey){
try {
byte[] dataByte = Base64.decode(data.getBytes("UTF-8"));
byte[] decode = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(decode);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE,rsaPrivateKey);
return new String(cipher.doFinal(dataByte));
} catch (Base64DecodingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (NoSuchPaddingException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
} catch (BadPaddingException e) {
e.printStackTrace();
} catch (IllegalBlockSizeException e) {
e.printStackTrace();
}
return "";
}
------测试用随机生成 公钥和私钥
public static Map<String, String> keyMap = new HashMap(); //用于封装随机产生的公钥与私钥
/**
* 随机生成密钥对
* @throws NoSuchAlgorithmException
*/
public static void genKeyPair(){
try {
// KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
// 初始化密钥对生成器,密钥大小为96-1024位
keyPairGen.initialize(1024);
// 生成一个密钥对,保存在keyPair中
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到私钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公钥
String publicKeyString = Base64.encode(publicKey.getEncoded());
System.out.println(publicKeyString);
// 得到私钥字符串
String privateKeyString = Base64.encode((privateKey.getEncoded()));
System.out.println(privateKeyString);
// 将公钥和私钥保存到Map
keyMap.put("pubKey", publicKeyString); //0表示公钥
keyMap.put("priKey", privateKeyString); //1表示私钥
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
-----------------------签名实例----------------
package com.fostlin.rsa;
import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import java.io.UnsupportedEncodingException;
import java.math.BigDecimal;
import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.text.DecimalFormat;
import java.util.Map;
public class RSASignUtil {
private final static String ENCODE = "UTF-8";
//RSA 签名算法
private static final String ALGORITHM_RSA_SIGN = "SHA256WithRSA";
//密钥算法
private static final String ALGORITHM_RSA = "RSA";
public static void main(String[] args) {
REAUtil.genKeyPair();
Map<String,String> keyMap = REAUtil.keyMap;
String sign = sign("张三",keyMap.get("priKey"),ENCODE);
System.out.println(sign);
System.out.println("校验签名结果:"+ doCheck("张三",sign,keyMap.get("pubKey"),ENCODE));
}
/**
* 签名
* @param data 签名数据
* @param privateKey 私钥
* @param enCode 编码
* @return
*/
public static String sign(String data,String privateKey,String enCode){
try {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decode(privateKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey key = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance(ALGORITHM_RSA_SIGN);
signature.initSign(key);
signature.update(data.getBytes(enCode));
return Base64.encode(signature.sign());
} catch (Base64DecodingException e) {
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
} catch (SignatureException e) {
e.printStackTrace();
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return "";
}
/**
* 验签
* @param content 数据
* @param sign 签名
* @param publicKey 公钥
* @param encode 编码
* @return
*/
public static boolean doCheck(String content, String sign, String publicKey,String encode){
try {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decode(publicKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey1 = keyFactory.generatePublic(x509EncodedKeySpec);
Signature signature = Signature.getInstance(ALGORITHM_RSA_SIGN);
signature.initVerify(publicKey1);
signature.update(content.getBytes(encode));
return signature.verify(Base64.decode(sign));
} catch (Exception e) {
e.printStackTrace();
}
return false;
}
}