AES+RSA加密联合使用
使用原因: 因为加密解密效率的问题
使用方式前端:前端对需要加密的数据进性AES加密,然后使用自己RSA【公钥】对AES的密钥进行加密,然后将这两个加密后的数据传输给服务端。
使用方式后端:后端拿到使用RSA加密后的AESkey密文,然后使用自己的RSA密钥进性解密,将解密出来的AES密钥,用它解密传输过来的参数。
@SpringBootTest
public class RSA_AES_TEST {
String cardId = "440102198001021230";
private static String RSA_PublicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJfXbIhoMOfPkaTk+pnf6WL3QXhF6TuDCqTsE3dhsZTX++VKP1dd/U2+iFhYt4Z1XGNiHEkSrZ3yt4K9CMXm+O9Cn1J61WWu5cOEk8NlGAliu/SDGwUYvdskBPeY8U6TpchROHsXiWFlmL7IeWWBWJtaXUBy2dJGiRCVrMB+GqEQIDAQAB";
private static String RSA_priviteKey = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIl9dsiGgw58+RpOT6md/pYvdBeEXpO4MKpOwTd2GxlNf75Uo/V139Tb6IWFi3hnVcY2IcSRKtnfK3gr0Ixeb470KfUnrVZa7lw4STw2UYCWK79IMbBRi92yQE95jxTpOlyFE4exeJYWWYvsh5ZYFYm1pdQHLZ0kaJEJWswH4aoRAgMBAAECgYBqeHVG3huZWaASBfjc0hP3u7G8EG6pGCbfi/NGfriHhKNbAfKiP/Dgxpcu5vbVe7hJsVu+++fiJldkTRHH0c2zEJCR+5smJjp2yxzhEUltbqUjemi4zVBF3/GCwZs/jQ5Xlj5p7ymihYe2KVluVKO9VF+VdlXY7+ZVMB/RCGMnkQJBAN5MMR3IEJ8j5tz8XhYspUMd4hogBuFD2YQTCqS9wyvWC72bluAimwJWVqe2JJ43LeMULsvxSs/5NUDte2rvFl0CQQCeVbmbNZKkIBBkswcVe6Y2m1lgWVMCr1D3ujdnKTbc0rH/slT1QMQtBpWQHtwX7uI9oh2eFgEUHArdtB1wMv9FAkEAogsOXrRBEZCdMIeymh1vVq6I7Bxeh4TrIXCz+ITvqZu9MTki0T3ImvqO7nBC3yZAB+Dlf/rjWxlBbZPvvHKObQJAbkE7kfzoNCmvwK95y1fjEjtzLUiGKWRzeU3OrqNgdLyy/l7sEiwbb08abtVOZcwO9uQgw6iG773nQyLdLPgWEQJBAMZ0LI3mNYVRqYJLyZMSQ/fQZiiadMEFt23nKP7E+jFKwcfh2TV9lxtsAn0+kTomRtiap5gg+uJadXWvZde3yUs=";
@Test
public void 客户端() throws Exception {
//1.客户端使用AES对敏感数据加密,使用RSA公钥对AES的私钥进性加密后传输
String aesKey = AesUtil_02.getKey();
System.out.println("aesKey:" + aesKey);//993oVxia17ZWk7gb
// rsa加密aes公钥后字符串
String RSA_enc_AES = RsaUtil_01.encrypt(aesKey, RsaUtil_01.getPublicKey(RSA_PublicKey));
System.out.println("RSA_enc_AES:" + RSA_enc_AES);//需要传输的AES加密后的铭文
String encrypt = AesUtil_02.encrypt(cardId, aesKey);
System.out.println("AES加密后密文:" + encrypt); //owTfsc39fSe1y+v7hvcp1w==
//2.前端需要将这两个数据提交给后端。
}
@Test
public void 服务端() throws Exception {
final String aes_key = "V9O6gyoNu/DVzJtVDLvVhR0U/SFEJVHPgdWiknvoSUcbIgkp3zAObPAFVGD3QdrDS4CG3Mwhpoc8QOf6LwkvKHZqa9TgxVmHqbUs9E0wkPp4WQ4a6HDJwB/RzAbFMmHIICQXLLTtbQrCidx30K4zBoq8uDl7/i3ayR8T8juJ1hI=";
final String content = "mDnq7KecNO+OuChf/inVCOG+E+cQ21OWM6qP9+4yzSc=";
//1.服务端拿到密文,使用RSA密钥对AES密钥进性解密,后在使用AES密钥对密文进性解密。
String decrypt = RsaUtil_01.decrypt(aes_key, RsaUtil_01.getPrivateKey(RSA_priviteKey));
System.out.println("RSA解密AES后的AES密钥:" + decrypt);
String 客户端明文 = AesUtil_02.decrypt(content, decrypt);
System.out.println("明文:" + 客户端明文);
}
@Test
public void getRsaKey() throws Exception {
// 生成密钥对
KeyPair keyPair = getKeyPair();
RSA_priviteKey = new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()));
RSA_PublicKey = new String(Base64.encodeBase64(keyPair.getPublic().getEncoded()));
System.out.println("私钥:" + RSA_priviteKey);
System.out.println("公钥:" + RSA_PublicKey);
}
}
AES工具类
public class AesUtil_02 {
/**
* 加密算法AES
*/
private static final String KEY_ALGORITHM = "AES";
/**
* key的长度,Wrong key size: must be equal to 128, 192 or 256
* 传入时需要16、24、36
*/
private static final int KEY_LENGTH = 16 * 8;
/**
* 算法名称/加密模式/数据填充方式
* 默认:AES/ECB/PKCS5Padding
*/
private static final String ALGORITHMS = "AES/ECB/PKCS5Padding";
/**
* 后端AES的key,由静态代码块赋值
*/
public static String key;
/**
* 不能在代码中创建
* JceSecurity.getVerificationResult 会将其put进 private static final Map<Provider,Object>中,导致内存缓便被耗尽
*/
private static final BouncyCastleProvider PROVIDER = new BouncyCastleProvider();
static {
key = getKey();
}
/**
* 获取key
*/
public static String getKey() {
int length = KEY_LENGTH / 8;
StringBuilder uid = new StringBuilder(length);
//产生16位的强随机数
Random rd = new SecureRandom();
for (int i = 0; i < length; i++) {
//产生0-2的3位随机数
switch (rd.nextInt(3)) {
case 0:
//0-9的随机数
uid.append(rd.nextInt(10));
break;
case 1:
//ASCII在65-90之间为大写,获取大写随机
uid.append((char) (rd.nextInt(26) + 65));
break;
case 2:
//ASCII在97-122之间为小写,获取小写随机
uid.append((char) (rd.nextInt(26) + 97));
break;
default:
break;
}
}
return uid.toString();
}
/**
* 加密
*
* @param content 加密的字符串
* @param encryptKey key值
*/
public static String encrypt(String content, String encryptKey) throws Exception {
//设置Cipher对象
Cipher cipher = Cipher.getInstance(ALGORITHMS, PROVIDER);
cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), KEY_ALGORITHM));
//调用doFinal
// 转base64
return Base64.encodeBase64String(cipher.doFinal(content.getBytes(StandardCharsets.UTF_8)));
}
/**
* 解密
*
* @param encryptStr 解密的字符串
* @param decryptKey 解密的key值
*/
public static String decrypt(String encryptStr, String decryptKey) throws Exception {
//base64格式的key字符串转byte
byte[] decodeBase64 = Base64.decodeBase64(encryptStr);
//设置Cipher对象
Cipher cipher = Cipher.getInstance(ALGORITHMS,PROVIDER);
cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), KEY_ALGORITHM));
//调用doFinal解密
return new String(cipher.doFinal(decodeBase64));
}
}
RSA工具类
public class RsaUtil_01 {
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 获取密钥对
* @return 密钥对
*/
public static KeyPair getKeyPair() throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
return generator.generateKeyPair();
}
/**
* 获取私钥
*
* @param privateKey 私钥字符串
* @return
*/
public static PrivateKey getPrivateKey(String privateKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] decodedKey = Base64.decodeBase64(privateKey.getBytes());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey);
return keyFactory.generatePrivate(keySpec);
}
/**
* 获取公钥
*
* @param publicKey 公钥字符串
* @return
*/
public static PublicKey getPublicKey(String publicKey) throws Exception {
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] decodedKey = Base64.decodeBase64(publicKey.getBytes());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
return keyFactory.generatePublic(keySpec);
}
/**
* RSA加密
*
* @param data 待加密数据
* @param publicKey 公钥
* @return
*/
public static String encrypt(String data, PublicKey publicKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
int inputLen = data.getBytes().length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offset = 0;
byte[] cache;
int i = 0;
// 对数据分段加密
while (inputLen - offset > 0) {
if (inputLen - offset > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data.getBytes(), offset, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data.getBytes(), offset, inputLen - offset);
}
out.write(cache, 0, cache.length);
i++;
offset = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
// 获取加密内容使用base64进行编码,并以UTF-8为标准转化成字符串
// 加密后的字符串
return new String(Base64.encodeBase64String(encryptedData));
}
/**
* RSA解密
*
* @param data 待解密数据
* @param privateKey 私钥
* @return
*/
public static String decrypt(String data, PrivateKey privateKey) throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] dataBytes = Base64.decodeBase64(data);
int inputLen = dataBytes.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offset = 0;
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - offset > 0) {
if (inputLen - offset > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(dataBytes, offset, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(dataBytes, offset, inputLen - offset);
}
out.write(cache, 0, cache.length);
i++;
offset = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
// 解密后的内容
return new String(decryptedData, "UTF-8");
}
/**
* 签名
*
* @param data 待签名数据
* @param privateKey 私钥
* @return 签名
*/
public static String sign(String data, PrivateKey privateKey) throws Exception {
byte[] keyBytes = privateKey.getEncoded();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey key = keyFactory.generatePrivate(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(key);
signature.update(data.getBytes());
return new String(Base64.encodeBase64(signature.sign()));
}
/**
* 验签
*
* @param srcData 原始字符串
* @param publicKey 公钥
* @param sign 签名
* @return 是否验签通过
*/
public static boolean verify(String srcData, PublicKey publicKey, String sign) throws Exception {
byte[] keyBytes = publicKey.getEncoded();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey key = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initVerify(key);
signature.update(srcData.getBytes());
return signature.verify(Base64.decodeBase64(sign.getBytes()));
}
public static void main(String[] args) {
try {
// 生成密钥对
KeyPair keyPair = getKeyPair();
String privateKey = new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()));
String publicKey = new String(Base64.encodeBase64(keyPair.getPublic().getEncoded()));
System.out.println("私钥:" + privateKey);
System.out.println("公钥:" + publicKey);
// RSA加密
String data = "待加密的文字内容";
String encryptData = encrypt(data, getPublicKey(publicKey));
System.out.println("加密后内容:" + encryptData);
// RSA解密
String decryptData = decrypt(encryptData, getPrivateKey(privateKey));
System.out.println("解密后内容:" + decryptData);
// RSA签名
String sign = sign(data, getPrivateKey(privateKey));
// RSA验签
boolean result = verify(data, getPublicKey(publicKey), sign);
System.out.print("验签结果:" + result);
} catch (Exception e) {
e.printStackTrace();
System.out.print("加解密异常");
}
}
}
