针对“Java OpenSSL生成的RSA公私钥进行数据加解密详细介绍”的话题,以下是完整攻略的介绍:
一、概述
OpenSSL是一个开源的安全套接字层(SSL)实现库,能够实现多种安全协议,包括SSL和TLS。Java OpenSSL是使用Java编写的,利用OpenSSL库生成RSA公私钥,以及使用公私钥进行数据的加解密。
本文将详细介绍Java OpenSSL如何生成RSA公私钥,以及使用公私钥进行数据加解密。
二、生成RSA公私钥
通过以下命令在Linux环境下生成2048位密钥:
openssl genpkey -algorithm RSA -out private.key
openssl rsa -in private.key -pubout -out public.key
注:这里生成的公钥、私钥可以在Java和其他支持openssl密钥格式的语言中使用。
通过Java OpenSSL代码生成RSA公私钥:
import sun.security.x509.X500Name;
import sun.security.x509.X509CertImpl;
import sun.security.x509.X509CertInfo;
import javax.security.auth.x500.X500Principal;
import java.io.*;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.*;
public class GenerateKeyPairUtil {
private static final String keyAlg = "RSA";
public static KeyPair generateRSAKeyPair(File publicKeyFile, File privateKeyFile) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, CertificateException, InvalidKeySpecException {
SecureRandom secureRandom = new SecureRandom();
KeyPairGenerator kpGen = KeyPairGenerator.getInstance(keyAlg, "BC");
RSAKeyGenParameterSpec spec = new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4);
kpGen.initialize(spec, secureRandom);
KeyPair keyPair = kpGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateCrtKey privateKey = (RSAPrivateCrtKey) keyPair.getPrivate();
// 导出公钥
X509Certificate cert = generateX509V3Cert(publicKey, privateKey);
OutputStream pemPublicKey = new FileOutputStream(publicKeyFile);
pemPublicKey.write("-----BEGIN PUBLIC KEY-----\n".getBytes());
pemPublicKey.write(new String(org.bouncycastle.util.encoders.Base64.encode(cert.getEncoded())).getBytes());
pemPublicKey.write("\n-----END PUBLIC KEY-----\n".getBytes());
pemPublicKey.flush();
pemPublicKey.close();
// 导出私钥
FileOutputStream fos = new FileOutputStream(privateKeyFile);
fos.write("-----BEGIN PRIVATE KEY-----\n".getBytes());
fos.write(new String(org.bouncycastle.util.encoders.Base64.encode(privateKey.getEncoded())).getBytes());
fos.write("\n-----END PRIVATE KEY-----\n".getBytes());
fos.flush();
fos.close();
return keyPair;
}
private static X509Certificate generateX509V3Cert(RSAPublicKey publicKey, RSAPrivateCrtKey privateKey) throws NoSuchAlgorithmException, SignatureException, InvalidKeyException, IOException, CertificateEncodingException, CertificateException {
X500Name x500Name = new X500Name(new X500Principal("CN=Java OpenSSL RSA Test").getName());
BigInteger serialNumber = new BigInteger(64, new SecureRandom());
long now = System.currentTimeMillis();
X509CertInfo info = new X509CertInfo();
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(serialNumber));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(x500Name));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(x500Name));
info.set(X509CertInfo.VALIDITY, new CertificateValidity(new Date(now), new Date(now + 365L * 24L * 60L * 60L * 1000L)));
info.set(X509CertInfo.KEY, new CertificateX509Key(publicKey));
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid, AlgorithmId.rsaEncryption)));
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privateKey, "SHA256withRSA");
return cert;
}
public static void main(String[] args) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException, IOException, CertificateException, InvalidKeySpecException {
KeyPair keyPair = GenerateKeyPairUtil.generateRSAKeyPair(new File("public.key"), new File("private.key"));
System.out.println("Public key:\n" + keyPair.getPublic().toString() + "\n");
System.out.println("Private key:\n" + keyPair.getPrivate().toString());
}
}
在执行完上述代码后,在指定的目录下会生成名称为“public.key”和“private.key”的公钥和私钥文件。
三、RSA加解密
RSA是一种非对称加密算法,根据公钥加密,私钥解密。
- RSA公钥加密
RSA公钥加密示例:
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PEMWriter;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import java.io.FileReader;
import java.io.FileWriter;
import java.io.StringWriter;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
public class RSAEncryptUtil {
static {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
public static byte[] encrypt(byte[] data, String publicKeyFile) throws Exception {
// 读取公钥
PEMReader reader = new PEMReader(new FileReader(publicKeyFile));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
PublicKey publicKey = converter.getPublicKey((RSAPublicKey) reader.readObject());
reader.close();
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
public static void main(String[] args) throws Exception {
// 待加密数据
String data = "Hello, world!";
// 加载RSA公钥
String publicKeyFile = "public.key";
// 加密
byte[] encrypted = RSAEncryptUtil.encrypt(data.getBytes(), publicKeyFile);
// 将加密后的数据进行Base64编码,方便传输
String encryptedBase64 = new String(org.bouncycastle.util.encoders.Base64.encode(encrypted));
System.out.println("加密前:" + data);
System.out.println("加密后:" + encryptedBase64);
}
}
- RSA私钥解密
RSA私钥解密示例:
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import javax.crypto.Cipher;
import java.io.FileReader;
import java.security.PrivateKey;
import java.security.Security;
import java.security.interfaces.RSAPrivateCrtKey;
public class RSADecryptUtil {
static {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
}
public static byte[] decrypt(byte[] data, String privateKeyFile) throws Exception {
// 读取私钥
PEMReader reader = new PEMReader(new FileReader(privateKeyFile));
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
PrivateKey privateKey = converter.getPrivateKey((RSAPrivateCrtKey) reader.readObject());
reader.close();
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
public static void main(String[] args) throws Exception {
// 待解密数据
String encryptedBase64 = "WbWSkZlwsP6QcCI1CksTZ2atyWrxFhq/f5PHj0tPchB+znmrldyF76Sp7k3SLx9STuL2T1Qzg1kXsg2TYiUoJNEcs9TJupf6834KvGgLit7aJHgQsd78/Hio6lZay8uSMMXGd7mF8EN1WVK9d5YjRmBFSxe1mwmowlzhtYS9IL8=";
// 加载RSA私钥
String privateKeyFile = "private.key";
// 解密
byte[] decrypted = RSADecryptUtil.decrypt(org.bouncycastle.util.encoders.Base64.decode(encryptedBase64.getBytes()), privateKeyFile);
System.out.println("解密前:" + new String(decrypted));
System.out.println("解密后:" + new String(decrypted));
}
}
在上述示例中,给出了Java OpenSSL生成的RSA测试公私钥及其加解密的示例。这些示例需要依存Bouncy Castle库,应在自己的项目中将其添加到类路径中。
本站文章如无特殊说明,均为本站原创,如若转载,请注明出处:Java OpenSSL生成的RSA公私钥进行数据加解密详细介绍 - Python技术站