前言
最近在看,网络安全方面的问题,我们可以使用rsa进行非对称加密防止,获取用户信息。首先我们看下java下操作rsa进行加密解密算法,代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
package com.jb.test; import java.security.invalidkeyexception;import java.security.keypair;import java.security.keypairgenerator;import java.security.nosuchalgorithmexception;import java.security.privatekey;import java.security.publickey;import java.security.securerandom; import javax.crypto.badpaddingexception;import javax.crypto.cipher;import javax.crypto.illegalblocksizeexception;import javax.crypto.nosuchpaddingexception; import org.apache.commons.codec.binary.hex; public class rsaentry { /** * @title: main * @description: rsa加密算法,解密算法 * @param args * void * @throws nosuchalgorithmexception * @throws nosuchpaddingexception * @throws invalidkeyexception * @throws badpaddingexception * @throws illegalblocksizeexception * * @throws */ public static void main(string[] args) throws nosuchalgorithmexception, nosuchpaddingexception, invalidkeyexception, illegalblocksizeexception, badpaddingexception {// security.getproviders();//获取所有支持的加密算法 //采用非对称加密解密算法 //生成密钥实例 keypairgenerator keygen = keypairgenerator.getinstance("rsa"); securerandom random = new securerandom(); random.setseed(system.currenttimemillis());//设置随机种子 keygen.initialize(512, random);//设置密钥长度,应为64的整数倍 //生成密钥公钥对 keypair keypair = keygen.generatekeypair(); //获取公钥 publickey pubkey = keypair.getpublic(); //获取私钥 privatekey prikey = keypair.getprivate(); //测试数据 string data = "测试数据"; //使用公钥进行加密 //构建加密解密类 cipher cipher = cipher.getinstance("rsa"); cipher.init(cipher.encrypt_mode, pubkey);//设置为加密模式 byte[] jmdata = cipher.dofinal(data.getbytes()); //打印加密后数据 system.out.println(new string(hex.encodehex(jmdata))); //改为解密模式进行解密 cipher.init(cipher.decrypt_mode, prikey);//会用私钥解密 jmdata = cipher.dofinal(jmdata); system.out.println(new string(jmdata)); }} |
在web应用中,我们可以通过js进行前端加密,java进行后台解密,已达到我们的目的。这里需要注意的是,要想实现正确的加密解密算法,需要使用bcprov-ext-jdk15on-147.jar。
首先创建系统的密钥提供者:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
package com.jb.test; import java.security.keypair;import java.security.keypairgenerator;import java.security.privatekey;import java.security.publickey;import java.security.securerandom; import org.apache.commons.codec.binary.hex;import org.bouncycastle.jcajce.provider.asymmetric.rsa.bcrsapublickey;import org.bouncycastle.jce.provider.bouncycastleprovider; /** * rsa初始化类 * @author nmm * 结合前台的js使用的话,主要需要指定密钥提供者,即引入bcprov-ext-jdk15on-147.jar并使用其中的提供者 */public class rsainitutil { private static keypair keypair; private static rsainitutil util; private rsainitutil(){ try { if(keypair == null) { //如果想要能够解密js的加密文件,使用此提供者是必须的 keypairgenerator keygen = keypairgenerator.getinstance("rsa", new bouncycastleprovider()); securerandom random = new securerandom(); random.setseed(system.currenttimemillis()); keygen.initialize(512, random);//设置512位长度 keypair = keygen.generatekeypair(); } } catch (exception e) { e.printstacktrace(); } } public static rsainitutil getinstance(){ synchronized ("rsa") { if(util == null) { util = new rsainitutil(); } } return util; } /** * * 功能说明:[获取公钥] * @return * 创建者:nmm, aug 19, 2013 */ public publickey getpublickey(){ return keypair.getpublic(); } public privatekey getprivatekey(){ return keypair.getprivate(); } /** * * 功能说明:[获取公钥字符串] * @return * 创建者:nmm, aug 19, 2013 */ public string getpublickeystr(){ //根据我们的提供者,这里获取的是该类型公钥 bcrsapublickey pk = (bcrsapublickey) getpublickey(); string str = new string(hex.encodehex(pk.getmodulus().tobytearray())); system.out.println(str); //获取入口10001一般都为这个 string ss = new string(hex.encodehex(pk.getpublicexponent().tobytearray())); //获取转换字符串 system.out.println(b2hex(pk.getmodulus().tobytearray())); return ss + str; } /** * * 功能说明:[手动转换] * @param bytearray * @return * 创建者:nmm, aug 19, 2013 */ private string b2hex(byte[] bytearray) { stringbuilder sb = new stringbuilder(); for(int i = 0; i < bytearray.length; i++ ) { int zhz = bytearray[i]; if(zhz < 0) { zhz += 256; } if(zhz < 16) { sb.append("0"); } sb.append(integer.tohexstring(zhz)); } return sb.tostring(); }} |
前台引入rsa.js,bigint.js和barrett.js并采用如下方法加密:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
<%@ page language="java" import="java.util.*" pageencoding="utf-8"%><%@page import="com.jb.test.rsainitutil"%><% rsainitutil rsa = rsainitutil.getinstance(); string my = rsa.getpublickeystr(); string exp = my.substring(0,6); string mou = my.substring(6);%><!doctype html public "-//w3c//dtd html 4.01 transitional//en"><html> <head> <title>rsa测试</title> <script type="text/javascript" src="rsa.js"></script> <script type="text/javascript" src="bigint.js"></script> <script type="text/javascript" src="barrett.js"></script> </head> <body> </body></html><script type="text/javascript"> var m = '<%=mou%>'; var e = '<%=exp%>'; var key = ''; setmaxdigits(128); alert(e); key = new rsakeypair(e,'',m); var res = encryptedstring(key,encodeuricomponent('测试数据')); window.location.href = 'rsadectry.do?res=' + res; </script> |
后台解密算法为:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
package com.jb.test; import java.net.urldecoder;import java.security.nosuchalgorithmexception; import javax.crypto.cipher;import javax.crypto.nosuchpaddingexception; import org.apache.commons.codec.binary.hex;import org.bouncycastle.jce.provider.bouncycastleprovider;import org.springframework.stereotype.controller;import org.springframework.web.bind.annotation.requestmapping; /** * rsa加密的控制层 * @author nmm * */@controller("rsacontroller")public class rsacontroller { private rsainitutil rsautil = rsainitutil.getinstance(); /** * * 功能说明:[解密方法] * @param res * 创建者:nmm, aug 19, 2013 * @throws nosuchpaddingexception * @throws nosuchalgorithmexception */ @requestmapping("rsadectry.do") public void decodetry(string res) throws exception { cipher cipher = cipher.getinstance("rsa",new bouncycastleprovider());//必须指定此提供者 cipher.init(cipher.decrypt_mode, rsautil.getprivatekey()); system.out.println(res); byte[] buff = cipher.dofinal(hex.decodehex(res.tochararray())); //将字符串转为字符 stringbuilder sb = new stringbuilder(new string(buff,"utf-8")); //解密后的内容是倒叙的 sb.reverse(); //进行url解密,主要是为了中文乱码问题 string result = urldecoder.decode(sb.tostring(), "utf-8"); system.out.println(result); }} |
至此可完成,整个加密解密过程,下面大家可以把rsa相关的内容全部整合到一个工具类中,不用想这里处理。
下面为rsa加密解密工具类:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
|
package com.jb.framework.filter; import java.io.fileinputstream;import java.io.fileoutputstream;import java.io.ioexception;import java.io.objectinputstream;import java.io.objectoutputstream;import java.math.biginteger;import java.net.urldecoder;import java.security.keyfactory;import java.security.keypair;import java.security.keypairgenerator;import java.security.nosuchalgorithmexception;import java.security.privatekey;import java.security.publickey;import java.security.securerandom;import java.security.spec.rsaprivatekeyspec;import java.security.spec.rsapublickeyspec;import java.util.calendar; import javax.crypto.cipher; import org.apache.commons.codec.binary.hex;import org.bouncycastle.jcajce.provider.asymmetric.rsa.bcrsapublickey;import org.bouncycastle.jce.provider.bouncycastleprovider; /** * * @package: com.jb.framework.filter<br> * @classname: rsautil<br> * @description: rsa加密工具类,这里我们是每次系统启动时声称一套公钥,私钥,因此不能将加密串存入数据库中,如果要这么做可以预先生成密钥队写入到文件中<br> */public class rsautil { private rsautil(){} public static final string keypubfile = "rsapubkey.bin"; public static final string keyprifile = "rsaprikey.bin"; private static rsautil rsa; //密钥生成器 private publickey publickey; //密钥队 private privatekey privatekey; public static rsautil getinstance(){ synchronized ("rsa") { if(rsa == null) { rsa = new rsautil(); rsa.init(); } } return rsa; } /** * * @title: init * @description: 初始化方法 * void * @throws */ private void init() { //构建rsa算法 try { keypairgenerator kengen = keypairgenerator.getinstance("rsa",new bouncycastleprovider()); //构建随机种子 securerandom random = new securerandom(); random.setseed(calendar.getinstance().gettimeinmillis()); kengen.initialize(512, random);//采用512位加密 keypair keypair = kengen.generatekeypair(); publickey = keypair.getpublic(); privatekey = keypair.getprivate(); } catch (nosuchalgorithmexception e) { e.printstacktrace(); } } /** * * @title: getpublickey * @description: 获取公钥 * @return * publickey * @throws */ public publickey getpublickey(){ return this.publickey; } /** * * @title: getprivatekey * @description: 获取私钥 * @return * privatekey * @throws */ public privatekey getprivatekey(){ return this.privatekey; } /** * * @title: getpublickeystr * @description: 获取系统公钥字符串,前6位为exponentk,后面为modlus * @return * string * @throws */ public string getpublickeystr(){ bcrsapublickey pk = (bcrsapublickey) getpublickey(); string pubstr = ""; pubstr += b2hex(pk.getpublicexponent().tobytearray()); pubstr += b2hex(pk.getmodulus().tobytearray()); return pubstr; } /** * * @title: entrytext * @description: 使用默认公钥进行加密 * @param text * @return * string * @throws */ public string encrytext(string text) { return encrytext(text,getpublickey()); } /** * * @title: entrytext * @description: 使用指定公钥进行加密,解决长字符串加密 * @param text * @param publickey2 * @return * string * @throws */ public string encrytext(string text, publickey pk) { try { cipher cipher = cipher.getinstance("rsa",new bouncycastleprovider()); cipher.init(cipher.encrypt_mode, pk); int block = cipher.getblocksize();//获取最大加密块 int j = 0; stringbuilder sb = new stringbuilder(); byte[] targetdata = text.getbytes("utf-8"); while (targetdata.length - j*block > 0) { byte[] jmdata = cipher.dofinal(targetdata,j*block,math.min(targetdata.length - j*block, block)); sb.append(b2hex(jmdata)); j++; } return sb.tostring(); } catch (exception e) { e.printstacktrace(); } return null; } /** * * @title: decrytext * @description: 使用默认的私钥进行解密解密算法 * @param text * @return * string * @throws */ public string decrytext(string text) { return decrytext(text,getprivatekey()); } /** * * @title: decrytext * @description: 指定私钥进行解密,增加对于大字符串的解密操作 * @param text * @param privatekey2 * @return * string * @throws */ public string decrytext(string text, privatekey pk) { try { cipher cipher = cipher.getinstance("rsa", new bouncycastleprovider()); cipher.init(cipher.decrypt_mode, pk); byte[] targetbuff = hex.decodehex(text.replace(" ", "").tochararray()); int block = cipher.getblocksize(); int j = 0; stringbuilder sb = new stringbuilder(); while (targetbuff.length - j * block > 0) { byte[] jmdata = cipher.dofinal(targetbuff,j*block,block); sb.append(new string(jmdata,"utf-8")); j++; } return sb.tostring(); } catch (exception e) { e.printstacktrace(); } return null; } /** * * @title: decrytextbyurl * @description: 解密前台传递的加密串,为防止中文乱码,前台字符串最好使用encodeuricomponent方法进行url编码 * @param text * @return * string * @throws */ public string decrytextbyurl(string text) { try { cipher cipher = cipher.getinstance("rsa", new bouncycastleprovider()); cipher.init(cipher.decrypt_mode, getprivatekey()); byte[] targetbuff = hex.decodehex(text.replace(" ", "").tochararray()); int block = cipher.getblocksize(); int j = 0; stringbuilder sb = new stringbuilder(); while (targetbuff.length - j * block > 0) {//处理大字符串的加密解密处理 byte[] jmdata = cipher.dofinal(targetbuff,j*block,block); sb.append(new stringbuilder(new string(jmdata,"utf-8")).reverse()); j++; } string res = urldecoder.decode(sb.tostring(), "utf-8"); return res; } catch (exception e) { e.printstacktrace(); } return null; } /** * * @title: createpubkey * @description: 根据指定的幂和模式生成公钥 * @param exponent * @param modules * @return * publickey * @throws */ public publickey createpubkey(byte[] exponent,byte[]modules) { try { keyfactory keyfactory = keyfactory.getinstance("rsa", new bouncycastleprovider()); rsapublickeyspec rsaks = new rsapublickeyspec(new biginteger(modules),new biginteger(exponent)); return keyfactory.generatepublic(rsaks); } catch (exception e) { e.printstacktrace(); } return null; } /** * * @title: createpubkey * @description: 根据指定的幂和模式生成公钥 * @param exponent * @param modules * @return * publickey * @throws */ public privatekey createprikey(byte[] exponent,byte[]modules) { try { keyfactory keyfactory = keyfactory.getinstance("rsa", new bouncycastleprovider()); rsaprivatekeyspec rsaks = new rsaprivatekeyspec(new biginteger(modules),new biginteger(exponent)); return keyfactory.generateprivate(rsaks); } catch (exception e) { e.printstacktrace(); } return null; } /** * * @title: savekeytofile * @description: 保存公钥和私钥到文件中 * void * @throws */ public void savekeytofile() { publickey pk = getpublickey(); privatekey prik = getprivatekey(); string path = rsautil.class.getclassloader().getresource("").getpath(); objectoutputstream outpub = null; objectoutputstream outpri = null; try { system.out.println(path + keypubfile); outpub = new objectoutputstream(new fileoutputstream(path + keypubfile)); outpri = new objectoutputstream(new fileoutputstream(path + keyprifile)); outpub.writeobject(pk); outpri.writeobject(prik); } catch (exception e) { e.printstacktrace(); }finally { try { outpub.close(); outpri.close(); } catch (ioexception e) { e.printstacktrace(); } } } /** * * @title: readkey * @description: 读取密钥 * @param ispub * @return * object * @throws */ public object readkey(boolean ispub) { string path = rsautil.class.getclassloader().getresource("").getpath(); objectinputstream in = null; try { if(ispub) { path += keypubfile; in = new objectinputstream(new fileinputstream(path)); publickey pk = (publickey) in.readobject(); return pk; }else { path += keyprifile; in = new objectinputstream(new fileinputstream(path)); privatekey pk = (privatekey) in.readobject(); return pk; } } catch (exception e) { e.printstacktrace(); }finally { try { in.close(); } catch (ioexception e) { e.printstacktrace(); } } return null; } /** * * @title: b2hex * @description: 将二进制转为16进制字符串 * @param buff * @return * string * @throws */ public string b2hex(byte[] buff) { stringbuilder sb = new stringbuilder(); for(int i = 0; i < buff.length; i++) { int z = buff[i]; if(z < 0) { z+= 256; } if(z < 16) { sb.append("0"); } sb.append(integer.tohexstring(z)); } return sb.tostring(); }} |
下载:rsajar.rar
总结
以上就是这篇文章的全部内容了,希望本文的内容对大家的学习或者工作具有一定的参考学习价值,如果有疑问大家可以留言交流,谢谢大家对服务器之家的支持。
原文链接:https://blog.csdn.net/niemingming/article/details/10082975
