AES+RSA加密联合使用

2021-08-26  本文已影响0人  司展超

AES+RSA加密联合使用


使用原因: 因为加密解密效率的问题

使用方式前端:前端对需要加密的数据进性AES加密,然后使用自己RSA【公钥】对AES的密钥进行加密,然后将这两个加密后的数据传输给服务端。

使用方式后端:后端拿到使用RSA加密后的AESkey密文,然后使用自己的RSA密钥进性解密,将解密出来的AES密钥,用它解密传输过来的参数。

@SpringBootTest
public class RSA_AES_TEST {
    String cardId = "440102198001021230";

    private static String RSA_PublicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJfXbIhoMOfPkaTk+pnf6WL3QXhF6TuDCqTsE3dhsZTX++VKP1dd/U2+iFhYt4Z1XGNiHEkSrZ3yt4K9CMXm+O9Cn1J61WWu5cOEk8NlGAliu/SDGwUYvdskBPeY8U6TpchROHsXiWFlmL7IeWWBWJtaXUBy2dJGiRCVrMB+GqEQIDAQAB";
    private static String RSA_priviteKey = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIl9dsiGgw58+RpOT6md/pYvdBeEXpO4MKpOwTd2GxlNf75Uo/V139Tb6IWFi3hnVcY2IcSRKtnfK3gr0Ixeb470KfUnrVZa7lw4STw2UYCWK79IMbBRi92yQE95jxTpOlyFE4exeJYWWYvsh5ZYFYm1pdQHLZ0kaJEJWswH4aoRAgMBAAECgYBqeHVG3huZWaASBfjc0hP3u7G8EG6pGCbfi/NGfriHhKNbAfKiP/Dgxpcu5vbVe7hJsVu+++fiJldkTRHH0c2zEJCR+5smJjp2yxzhEUltbqUjemi4zVBF3/GCwZs/jQ5Xlj5p7ymihYe2KVluVKO9VF+VdlXY7+ZVMB/RCGMnkQJBAN5MMR3IEJ8j5tz8XhYspUMd4hogBuFD2YQTCqS9wyvWC72bluAimwJWVqe2JJ43LeMULsvxSs/5NUDte2rvFl0CQQCeVbmbNZKkIBBkswcVe6Y2m1lgWVMCr1D3ujdnKTbc0rH/slT1QMQtBpWQHtwX7uI9oh2eFgEUHArdtB1wMv9FAkEAogsOXrRBEZCdMIeymh1vVq6I7Bxeh4TrIXCz+ITvqZu9MTki0T3ImvqO7nBC3yZAB+Dlf/rjWxlBbZPvvHKObQJAbkE7kfzoNCmvwK95y1fjEjtzLUiGKWRzeU3OrqNgdLyy/l7sEiwbb08abtVOZcwO9uQgw6iG773nQyLdLPgWEQJBAMZ0LI3mNYVRqYJLyZMSQ/fQZiiadMEFt23nKP7E+jFKwcfh2TV9lxtsAn0+kTomRtiap5gg+uJadXWvZde3yUs=";
    @Test
    public void 客户端() throws Exception {
        //1.客户端使用AES对敏感数据加密,使用RSA公钥对AES的私钥进性加密后传输
        String aesKey = AesUtil_02.getKey();
        System.out.println("aesKey:" + aesKey);//993oVxia17ZWk7gb

        // rsa加密aes公钥后字符串
        String RSA_enc_AES = RsaUtil_01.encrypt(aesKey, RsaUtil_01.getPublicKey(RSA_PublicKey));
        System.out.println("RSA_enc_AES:" + RSA_enc_AES);//需要传输的AES加密后的铭文

        String encrypt = AesUtil_02.encrypt(cardId, aesKey);
        System.out.println("AES加密后密文:" + encrypt);  //owTfsc39fSe1y+v7hvcp1w==


        //2.前端需要将这两个数据提交给后端。
    }

    @Test
    public void 服务端() throws Exception {
        final String aes_key = "V9O6gyoNu/DVzJtVDLvVhR0U/SFEJVHPgdWiknvoSUcbIgkp3zAObPAFVGD3QdrDS4CG3Mwhpoc8QOf6LwkvKHZqa9TgxVmHqbUs9E0wkPp4WQ4a6HDJwB/RzAbFMmHIICQXLLTtbQrCidx30K4zBoq8uDl7/i3ayR8T8juJ1hI=";
        final String content = "mDnq7KecNO+OuChf/inVCOG+E+cQ21OWM6qP9+4yzSc=";
        //1.服务端拿到密文,使用RSA密钥对AES密钥进性解密,后在使用AES密钥对密文进性解密。
        String decrypt = RsaUtil_01.decrypt(aes_key, RsaUtil_01.getPrivateKey(RSA_priviteKey));
        System.out.println("RSA解密AES后的AES密钥:" + decrypt);

        String 客户端明文 = AesUtil_02.decrypt(content, decrypt);

        System.out.println("明文:" + 客户端明文);
    }

    @Test
    public void getRsaKey() throws Exception {
        // 生成密钥对
        KeyPair keyPair = getKeyPair();
        RSA_priviteKey = new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()));
        RSA_PublicKey = new String(Base64.encodeBase64(keyPair.getPublic().getEncoded()));
        System.out.println("私钥:" + RSA_priviteKey);
        System.out.println("公钥:" + RSA_PublicKey);
    }
}

AES工具类

public class AesUtil_02 {
    /**
     * 加密算法AES
     */
    private static final String KEY_ALGORITHM = "AES";

    /**
     * key的长度,Wrong key size: must be equal to 128, 192 or 256
     * 传入时需要16、24、36
     */
    private static final int KEY_LENGTH = 16 * 8;

    /**
     * 算法名称/加密模式/数据填充方式
     * 默认:AES/ECB/PKCS5Padding
     */
    private static final String ALGORITHMS = "AES/ECB/PKCS5Padding";

    /**
     * 后端AES的key,由静态代码块赋值
     */
    public static String key;

    /**
     * 不能在代码中创建
     * JceSecurity.getVerificationResult 会将其put进 private static final Map<Provider,Object>中,导致内存缓便被耗尽
     */
    private static final BouncyCastleProvider PROVIDER = new BouncyCastleProvider();

    static {
        key = getKey();
    }

    /**
     * 获取key
     */
    public static String getKey() {
        int length = KEY_LENGTH / 8;
        StringBuilder uid = new StringBuilder(length);
        //产生16位的强随机数
        Random rd = new SecureRandom();
        for (int i = 0; i < length; i++) {
            //产生0-2的3位随机数
            switch (rd.nextInt(3)) {
                case 0:
                    //0-9的随机数
                    uid.append(rd.nextInt(10));
                    break;
                case 1:
                    //ASCII在65-90之间为大写,获取大写随机
                    uid.append((char) (rd.nextInt(26) + 65));
                    break;
                case 2:
                    //ASCII在97-122之间为小写,获取小写随机
                    uid.append((char) (rd.nextInt(26) + 97));
                    break;
                default:
                    break;
            }
        }
        return uid.toString();
    }

    /**
     * 加密
     *
     * @param content    加密的字符串
     * @param encryptKey key值
     */
    public static String encrypt(String content, String encryptKey) throws Exception {
        //设置Cipher对象
        Cipher cipher = Cipher.getInstance(ALGORITHMS, PROVIDER);
        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), KEY_ALGORITHM));

        //调用doFinal
        // 转base64
        return Base64.encodeBase64String(cipher.doFinal(content.getBytes(StandardCharsets.UTF_8)));

    }

    /**
     * 解密
     *
     * @param encryptStr 解密的字符串
     * @param decryptKey 解密的key值
     */
    public static String decrypt(String encryptStr, String decryptKey) throws Exception {
        //base64格式的key字符串转byte
        byte[] decodeBase64 = Base64.decodeBase64(encryptStr);

        //设置Cipher对象
        Cipher cipher = Cipher.getInstance(ALGORITHMS,PROVIDER);
        cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(decryptKey.getBytes(), KEY_ALGORITHM));

        //调用doFinal解密
        return new String(cipher.doFinal(decodeBase64));
    }
}

RSA工具类

public class RsaUtil_01 {
    /**
     * RSA最大加密明文大小
     */
    private static final int MAX_ENCRYPT_BLOCK = 117;

    /**
     * RSA最大解密密文大小
     */
    private static final int MAX_DECRYPT_BLOCK = 128;

    /**
     * 获取密钥对
     * @return 密钥对
     */
    public static KeyPair getKeyPair() throws Exception {
        KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
        generator.initialize(1024);
        return generator.generateKeyPair();
    }

    /**
     * 获取私钥
     *
     * @param privateKey 私钥字符串
     * @return
     */
    public static PrivateKey getPrivateKey(String privateKey) throws Exception {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        byte[] decodedKey = Base64.decodeBase64(privateKey.getBytes());
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey);
        return keyFactory.generatePrivate(keySpec);
    }

    /**
     * 获取公钥
     *
     * @param publicKey 公钥字符串
     * @return
     */
    public static PublicKey getPublicKey(String publicKey) throws Exception {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        byte[] decodedKey = Base64.decodeBase64(publicKey.getBytes());
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
        return keyFactory.generatePublic(keySpec);
    }

    /**
     * RSA加密
     *
     * @param data 待加密数据
     * @param publicKey 公钥
     * @return
     */
    public static String encrypt(String data, PublicKey publicKey) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        int inputLen = data.getBytes().length;
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        int offset = 0;
        byte[] cache;
        int i = 0;
        // 对数据分段加密
        while (inputLen - offset > 0) {
            if (inputLen - offset > MAX_ENCRYPT_BLOCK) {
                cache = cipher.doFinal(data.getBytes(), offset, MAX_ENCRYPT_BLOCK);
            } else {
                cache = cipher.doFinal(data.getBytes(), offset, inputLen - offset);
            }
            out.write(cache, 0, cache.length);
            i++;
            offset = i * MAX_ENCRYPT_BLOCK;
        }
        byte[] encryptedData = out.toByteArray();
        out.close();
        // 获取加密内容使用base64进行编码,并以UTF-8为标准转化成字符串
        // 加密后的字符串
        return new String(Base64.encodeBase64String(encryptedData));
    }

    /**
     * RSA解密
     *
     * @param data 待解密数据
     * @param privateKey 私钥
     * @return
     */
    public static String decrypt(String data, PrivateKey privateKey) throws Exception {
        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] dataBytes = Base64.decodeBase64(data);
        int inputLen = dataBytes.length;
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        int offset = 0;
        byte[] cache;
        int i = 0;
        // 对数据分段解密
        while (inputLen - offset > 0) {
            if (inputLen - offset > MAX_DECRYPT_BLOCK) {
                cache = cipher.doFinal(dataBytes, offset, MAX_DECRYPT_BLOCK);
            } else {
                cache = cipher.doFinal(dataBytes, offset, inputLen - offset);
            }
            out.write(cache, 0, cache.length);
            i++;
            offset = i * MAX_DECRYPT_BLOCK;
        }
        byte[] decryptedData = out.toByteArray();
        out.close();
        // 解密后的内容
        return new String(decryptedData, "UTF-8");
    }

    /**
     * 签名
     *
     * @param data 待签名数据
     * @param privateKey 私钥
     * @return 签名
     */
    public static String sign(String data, PrivateKey privateKey) throws Exception {
        byte[] keyBytes = privateKey.getEncoded();
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey key = keyFactory.generatePrivate(keySpec);
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initSign(key);
        signature.update(data.getBytes());
        return new String(Base64.encodeBase64(signature.sign()));
    }

    /**
     * 验签
     *
     * @param srcData 原始字符串
     * @param publicKey 公钥
     * @param sign 签名
     * @return 是否验签通过
     */
    public static boolean verify(String srcData, PublicKey publicKey, String sign) throws Exception {
        byte[] keyBytes = publicKey.getEncoded();
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PublicKey key = keyFactory.generatePublic(keySpec);
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initVerify(key);
        signature.update(srcData.getBytes());
        return signature.verify(Base64.decodeBase64(sign.getBytes()));
    }

    public static void main(String[] args) {
        try {
            // 生成密钥对
            KeyPair keyPair = getKeyPair();
            String privateKey = new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()));
            String publicKey = new String(Base64.encodeBase64(keyPair.getPublic().getEncoded()));
            System.out.println("私钥:" + privateKey);
            System.out.println("公钥:" + publicKey);
            // RSA加密
            String data = "待加密的文字内容";
            String encryptData = encrypt(data, getPublicKey(publicKey));
            System.out.println("加密后内容:" + encryptData);
            // RSA解密
            String decryptData = decrypt(encryptData, getPrivateKey(privateKey));
            System.out.println("解密后内容:" + decryptData);

            // RSA签名
            String sign = sign(data, getPrivateKey(privateKey));
            // RSA验签
            boolean result = verify(data, getPublicKey(publicKey), sign);
            System.out.print("验签结果:" + result);
        } catch (Exception e) {
            e.printStackTrace();
            System.out.print("加解密异常");
        }
    }
}

上一篇下一篇

猜你喜欢

热点阅读