摘要:加解密中必须考虑到的密钥长度明文长度和密文长度问题。而只要用到,那么就要占用实际的明文长度,于是实际明文长度需要减去字节长度。所以如果要对任意长度的数据进行加密,就需要将数据分段后进行逐一加密,并将结果进行拼接。
RSA加解密中必须考虑到的密钥长度、明文长度和密文长度问题。明文长度需要小于密钥长度,而密文长度则等于密钥长度。因此当加密内容长度大于密钥长度时,有效的RSA加解密就需要对内容进行分段。
这是因为,RSA算法本身要求加密内容也就是明文长度m必须0
这样,对于1024长度的密钥。128字节(1024bits)-减去11字节正好是117字节,但对于RSA加密来讲,padding也是参与加密的,所以,依然按照1024bits去理解,但实际的明文只有117字节了。
所以如果要对任意长度的数据进行加密,就需要将数据分段后进行逐一加密,并将结果进行拼接。同样,解码也需要分段解码,并将结果进行拼接。
Php实现</>复制代码
if (! function_exists("url_safe_base64_encode")) { function url_safe_base64_encode ($data) { return str_replace(array("+","/", "="),array("-","_", ""), base64_encode($data)); }}if (! function_exists("url_safe_base64_decode")) { function url_safe_base64_decode ($data) { $base_64 = str_replace(array("-","_"),array("+","/"), $data); return base64_decode($base_64); }}class XRsa{ const CHAR_SET = "UTF-8"; const BASE_64_FORMAT = "UrlSafeNoPadding"; const RSA_ALGORITHM_KEY_TYPE = OPENSSL_KEYTYPE_RSA; const RSA_ALGORITHM_SIGN = OPENSSL_ALGO_SHA256; protected $public_key; protected $private_key; protected $key_len; public function __construct($pub_key, $pri_key = null) { $this->public_key = $pub_key; $this->private_key = $pri_key; $pub_id = openssl_get_publickey($this->public_key); $this->key_len = openssl_pkey_get_details($pub_id)["bits"]; } /* * 创建密钥对 */ public static function createKeys($key_size = 2048) { $config = array( "private_key_bits" => $key_size, "private_key_type" => self::RSA_ALGORITHM_KEY_TYPE, ); $res = openssl_pkey_new($config); openssl_pkey_export($res, $private_key); $public_key_detail = openssl_pkey_get_details($res); $public_key = $public_key_detail["key"]; return [ "public_key" => $public_key, "private_key" => $private_key, ]; } /* * 公钥加密 */ public function publicEncrypt($data) { $encrypted = ""; $part_len = $this->key_len / 8 - 11; $parts = str_split($data, $part_len); foreach ($parts as $part) { $encrypted_temp = ""; openssl_public_encrypt($part, $encrypted_temp, $this->public_key); $encrypted .= $encrypted_temp; } return url_safe_base64_encode($encrypted); } /* * 私钥解密 */ public function privateDecrypt($encrypted) { $decrypted = ""; $part_len = $this->key_len / 8; $base64_decoded = url_safe_base64_decode($encrypted); $parts = str_split($base64_decoded, $part_len); foreach ($parts as $part) { $decrypted_temp = ""; openssl_private_decrypt($part, $decrypted_temp,$this->private_key); $decrypted .= $decrypted_temp; } return $decrypted; } /* * 私钥加密 */ public function privateEncrypt($data) { $encrypted = ""; $part_len = $this->key_len / 8 - 11; $parts = str_split($data, $part_len); foreach ($parts as $part) { $encrypted_temp = ""; openssl_private_encrypt($part, $encrypted_temp, $this->private_key); $encrypted .= $encrypted_temp; } return url_safe_base64_encode($encrypted); } /* * 公钥解密 */ public function publicDecrypt($encrypted) { $decrypted = ""; $part_len = $this->key_len / 8; $base64_decoded = url_safe_base64_decode($encrypted); $parts = str_split($base64_decoded, $part_len); foreach ($parts as $part) { $decrypted_temp = ""; openssl_public_decrypt($part, $decrypted_temp,$this->public_key); $decrypted .= $decrypted_temp; } return $decrypted; } /* * 数据加签 */ public function sign($data) { openssl_sign($data, $sign, $this->private_key, self::RSA_ALGORITHM_SIGN); return url_safe_base64_encode($sign); } /* * 数据签名验证 */ public function verify($data, $sign) { $pub_id = openssl_get_publickey($this->public_key); $res = openssl_verify($data, url_safe_base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN); return $res; }}
</>复制代码
package xrsaimport ( "encoding/pem" "encoding/base64" "crypto/x509" "crypto/rsa" "crypto/rand" "errors" "crypto" "io" "bytes" "encoding/asn1")const ( CHAR_SET = "UTF-8" BASE_64_FORMAT = "UrlSafeNoPadding" RSA_ALGORITHM_KEY_TYPE = "PKCS8" RSA_ALGORITHM_SIGN = crypto.SHA256)type XRsa struct { publicKey *rsa.PublicKey privateKey *rsa.PrivateKey}// 生成密钥对func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error { // 生成私钥文件 privateKey, err := rsa.GenerateKey(rand.Reader, keyLength) if err != nil { return err } derStream := MarshalPKCS8PrivateKey(privateKey) block := &pem.Block{ Type: "PRIVATE KEY", Bytes: derStream, } err = pem.Encode(privateKeyWriter, block) if err != nil { return err } // 生成公钥文件 publicKey := &privateKey.PublicKey derPkix, err := x509.MarshalPKIXPublicKey(publicKey) if err != nil { return err } block = &pem.Block{ Type: "PUBLIC KEY", Bytes: derPkix, } err = pem.Encode(publicKeyWriter, block) if err != nil { return err } return nil}func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) { block, _ := pem.Decode(publicKey) if block == nil { return nil, errors.New("public key error") } pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { return nil, err } pub := pubInterface.(*rsa.PublicKey) block, _ = pem.Decode(privateKey) if block == nil { return nil, errors.New("private key error!") } priv, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return nil, err } pri, ok := priv.(*rsa.PrivateKey) if ok { return &XRsa { publicKey: pub, privateKey: pri, }, nil } else { return nil, errors.New("private key not supported") }}// 公钥加密func (r *XRsa) PublicEncrypt(data string) (string, error) { partLen := r.publicKey.N.BitLen() / 8 - 11 chunks := split([]byte(data), partLen) buffer := bytes.NewBufferString("") for _, chunk := range chunks { bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk) if err != nil { return "", err } buffer.Write(bytes) } return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil}// 私钥解密func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) { partLen := r.publicKey.N.BitLen() / 8 raw, err := base64.RawURLEncoding.DecodeString(encrypted) chunks := split([]byte(raw), partLen) buffer := bytes.NewBufferString("") for _, chunk := range chunks { decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk) if err != nil { return "", err } buffer.Write(decrypted) } return buffer.String(), err}// 数据加签func (r *XRsa) Sign(data string) (string, error) { h := RSA_ALGORITHM_SIGN.New() h.Write([]byte(data)) hashed := h.Sum(nil) sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed) if err != nil { return "", err } return base64.RawURLEncoding.EncodeToString(sign), err}// 数据验签func (r *XRsa) Verify(data string, sign string) error { h := RSA_ALGORITHM_SIGN.New() h.Write([]byte(data)) hashed := h.Sum(nil) decodedSign, err := base64.RawURLEncoding.DecodeString(sign) if err != nil { return err } return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)}func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte { info := struct { Version int PrivateKeyAlgorithm []asn1.ObjectIdentifier PrivateKey []byte }{} info.Version = 0 info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1) info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} info.PrivateKey = x509.MarshalPKCS1PrivateKey(key) k, _ := asn1.Marshal(info) return k}func split(buf []byte, lim int) [][]byte { var chunk []byte chunks := make([][]byte, 0, len(buf)/lim+1) for len(buf) >= lim { chunk, buf = buf[:lim], buf[lim:] chunks = append(chunks, chunk) } if len(buf) > 0 { chunks = append(chunks, buf[:len(buf)]) } return chunks}
</>复制代码
package com.inspii;import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils;import javax.crypto.Cipher;import java.io.ByteArrayOutputStream;import java.security.*;import java.security.interfaces.RSAPublicKey;import java.security.interfaces.RSAPrivateKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;public class XRsa { public static final String CHARSET = "UTF-8"; public static final String RSA_ALGORITHM = "RSA"; public static final String RSA_ALGORITHM_SIGN = "SHA256WithRSA"; private RSAPublicKey publicKey; private RSAPrivateKey privateKey; public XRsa(String publicKey, String privateKey) { try { KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); //通过X509编码的Key指令获得公钥对象 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey)); this.publicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec); //通过PKCS#8编码的Key指令获得私钥对象 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey)); this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec); } catch (Exception e) { throw new RuntimeException("不支持的密钥", e); } } public static Map createKeys(int keySize){ //为RSA算法创建一个KeyPairGenerator对象 KeyPairGenerator kpg; try{ kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM); }catch(NoSuchAlgorithmException e){ throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]"); } //初始化KeyPairGenerator对象,不要被initialize()源码表面上欺骗,其实这里声明的size是生效的 kpg.initialize(keySize); //生成密匙对 KeyPair keyPair = kpg.generateKeyPair(); //得到公钥 Key publicKey = keyPair.getPublic(); String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded()); //得到私钥 Key privateKey = keyPair.getPrivate(); String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded()); Map keyPairMap = new HashMap(); keyPairMap.put("publicKey", publicKeyStr); keyPairMap.put("privateKey", privateKeyStr); return keyPairMap; } public String publicEncrypt(String data){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength())); }catch(Exception e){ throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e); } } public String privateDecrypt(String data){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, privateKey); return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET); }catch(Exception e){ throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e); } } public String privateEncrypt(String data){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength())); }catch(Exception e){ throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e); } } public String publicDecrypt(String data){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, publicKey); return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET); }catch(Exception e){ throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e); } } public String sign(String data){ try{ //sign Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN); signature.initSign(privateKey); signature.update(data.getBytes(CHARSET)); return Base64.encodeBase64URLSafeString(signature.sign()); }catch(Exception e){ throw new RuntimeException("签名字符串[" + data + "]时遇到异常", e); } } public boolean verify(String data, String sign){ try{ Signature signature = Signature.getInstance(RSA_ALGORITHM_SIGN); signature.initVerify(publicKey); signature.update(data.getBytes(CHARSET)); return signature.verify(Base64.decodeBase64(sign)); }catch(Exception e){ throw new RuntimeException("验签字符串[" + data + "]时遇到异常", e); } } private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){ int maxBlock = 0; if(opmode == Cipher.DECRYPT_MODE){ maxBlock = keySize / 8; }else{ maxBlock = keySize / 8 - 11; } ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] buff; int i = 0; try{ while(datas.length > offSet){ if(datas.length-offSet > maxBlock){ buff = cipher.doFinal(datas, offSet, maxBlock); }else{ buff = cipher.doFinal(datas, offSet, datas.length-offSet); } out.write(buff, 0, buff.length); i++; offSet = i * maxBlock; } }catch(Exception e){ throw new RuntimeException("加解密阀值为["+maxBlock+"]的数据时发生异常", e); } byte[] resultDatas = out.toByteArray(); IOUtils.closeQuietly(out); return resultDatas; }}
github地址: https://github.com/liamylian/...
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/25874.html
摘要:加解密中必须考虑到的密钥长度明文长度和密文长度问题。而只要用到,那么就要占用实际的明文长度,于是实际明文长度需要减去字节长度。所以如果要对任意长度的数据进行加密,就需要将数据分段后进行逐一加密,并将结果进行拼接。 RSA加解密中必须考虑到的密钥长度、明文长度和密文长度问题。明文长度需要小于密钥长度,而密文长度则等于密钥长度。因此当加密内容长度大于密钥长度时,有效的RSA加解密就需要对内...
摘要:我们只考虑能解密就行明文公钥加密,私钥解密密文明文公钥私钥使用生成格式的公钥私钥文件。直接使用该密钥需要转换为格式公钥私钥,密钥字符串不需要。库安装会有环境问题,直接安装成功,安装失败。 记录一次项目使用RSA加解密 项目使用Java和Python在开发,RSA加密解密互通代码: Python代码 # -*- coding: utf-8 -*- RSA加解密 import base...
摘要:安全总是很重要的,各个语言对于通用的加密算法都会有实现。对于和加密算法本身,请查阅相关资料在中,很多功能经常是一个函数解决而中的却不是。该文讨论加密解密。一概要这是一个非对称加密算法,一般通过公钥加密,私钥解密。 安全总是很重要的,各个语言对于通用的加密算法都会有实现。前段时间,用Go实现了RSA和DES的加密解密,在这分享一下。(对于RSA和DES加密算法本身,请查阅相关资料) 在P...
摘要:第二次访问接口,客户端需使用返回公钥加密访问参数,之后将加密后的参数和一起发送给服务端进行验证。关于函数的详细介绍可以看上一位朋友的博客,链接在此简单总结用加密公钥传递给用公钥加密信息传递给解密 RSA非对称加密,在网络鉴权中使用很多。本人也是在PHP与C++交互鉴权时出现问题,在解决问题过程中发现,网上对相关问题的描述很少,所在这里记录下,希望对遇到相似问题的朋友有所帮助。 问题情景...
阅读 4094·2021-11-24 09:38
阅读 3258·2021-11-17 09:33
阅读 4001·2021-11-10 11:48
阅读 1354·2021-10-14 09:48
阅读 3249·2019-08-30 13:14
阅读 2660·2019-08-29 18:37
阅读 3534·2019-08-29 12:38
阅读 1531·2019-08-29 12:30
