首先,要会生成RSA密码对。
https://app.alipay.com/market/document.htm?name=saomazhifu#page-23 (事例中的密钥对好像有问题,最好用自己生成的。)
虽然说公钥和私钥都可以进行加密和解密,如果你是用公钥加密,就需要用私钥解密,如果你用的是私钥加密,就需要用公钥解密。
实际应用中,一般是自己保管私钥,别人都用公钥。所以,多数情况是公钥加密,私钥解密。
import javax.crypto.Cipher;
import sun.security.rsa.RSAPublicKeyImpl;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class Main {
public static String encrypt(String data, String publicKey){
try{
byte[] keyBytes = Base64.decode(publicKey);
RSAPublicKeyImpl key = new RSAPublicKeyImpl(keyBytes);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] encryptdata = cipher.doFinal(data.getBytes());
return Base64.encode(encryptdata);
}catch(Exception e){
e.printStackTrace();
}
return null;
}
public static void main(String[] args) {
String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO2DT8szWj8TpQfwiaflBhZ6cBRRFm/vhkYm6mSpk5kMSU3RNvjQx+I0xoTz+r4y9JUMsbHYy9Undwq94Z9lgYHlJQMVDb4kkiyaAn1Veu9fiQ3wPwgwQC84V0ymuPnfhBt8KcaNtS0CAEtHvFwnBwx2vlMoaG+uGdxrJ3Pho4PwIDAQAB";
System.out.println(encrypt("abc", publicKey));
//其实这里隐藏了一个bug,加密出来的东西为了好看,它自动加了
这样的换行字符,
//有些boss如果没有把回车或是空白字符过滤掉的话,就会出错。所以建议用 replayce一下。
System.out.println(encrypt("abc", publicKey).replace("
", ""));
//细心的人就会发现,用同一个公钥,加密同一个字符串的加密密文是不同的,说明这种加密算法比较强大,它会在里面自动的padding一些随机信息。也就更安全。
//当然了,用密钥解出来就是一样的了。
}
}
我用的类基本上jdk都已集成,不用引用第三方包什么的,还是蛮方便的。
有时候会提示找不到RSAPublicKeyImpl类,这是jdk没设置好的原因,右击项目,选中properties,找到Java Build Path,然后在Libraries中
双击JRE System Library 然后选中Alternate JRE:定位到你安装jdk的地方就ok了。
import java.security.Key;
import java.security.KeyFactory;
import javax.crypto.Cipher;
import java.security.spec.PKCS8EncodedKeySpec;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class Main2 {
public static String decrypt(String data, String privateKey){
try{
byte[] keyBytes = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
Key privateKey2 = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey2);
byte[] encryptdata = cipher.doFinal(Base64.decode(data));
return new String(encryptdata);
}catch(Exception e){
e.printStackTrace();
}
return null;
}
public static void main(String[] args) {
String data = "EEzWXpVZ6FPJOzQASGDfZuCg7nLsyT2fwF85qwD5OXoCwtxCPkej+PkRDOispR0m327cEc7clm6Wqg4bXMxfehc7bkILtSsTIeNkAQMzoB7/xpMeGi6oQFQJJ1PvLqMTb4s+lhKvoBhER8XM/PXIGanL+trDeLcPG7NR72qu4TI=";
String privateKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM7YNPyzNaPxOlB/CJp+UGFnpwFFEWb++GRibqZKmTmQxJTdE2+NDH4jTGhPP6vjL0lQyxsdjL1Sd3Cr3hn2WBgeUlAxUNviSSLJoCfVV671+JDfA/CDBALzhXTKa4+d+EG3wpxo21LQIAS0e8XCcHDHa+Uyhob64Z3Gsnc+Gjg/AgMBAAECgYAb/exlykbXEd0naZmbdr6f/+v84wDw5E5vH1cEEBJeVPYVgzmPHhJzu4kqkJb4Rv1uOY3S9JPIRzG8wLWE4+6VzpF89/oR4O7rb8FV5Ma1I0oXNWyTy5wxqSt39bZZK/12vA58iomt7/+D3k1Z1V55XBNKI0s3SoXkD3pfECAQkQJBAPXV3uh4VOt3kX5GYxs0amF/DxWGFhLvsQWNKNXHK/47r4owVLCw/JDhelfMnWP/AmmANTgO1jnE/GW/RayPN3cCQQDXZZ++PKmhYqFaOPWmO5MItKo9iI5CPiMSZK3yF9nQjqBkquJnbL2XcP/nZqy//xs4lHs52A1qzS2e/xH58Ud5AkEAsUyYQY1XoaNQmYPmQl6hQsPCe0GDdhDM2TYfd174SZl+VunYir56yXr1I5F9CfuHH9PJji6VLoD1j+RNOdDorQJBAMxIEk9u4wYvL44M1VUZzSIFjiubtie3HLYWDC69VhOJIS84Lk8ef1UAk4MYCqBwxpVLpO7ALEFtZGYVzSu6HCkCQQDADWjpnSTo2l5yqYaA8nz4puKAbETC9F3RwMbwHlCY/HZ1QN077E2/3vAI4m0C1ssjN+reszqHUZihBwA5Eg/w";
System.out.println(decrypt(data, privateKey));
}
}
签名与验证
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import com.sun.org.apache.xml.internal.security.utils.Base64;
public class Main3 {
public static String sign(String data, String privateKey){
try{
byte[] keyBytes = Base64.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(privateK);
signature.update(data.getBytes());
return Base64.encode(signature.sign());
}catch(Exception e){
e.printStackTrace();
}
return null;
}
public static boolean verify(String data, String publicKey, String sign){
try{
byte[] keyBytes = Base64.decode(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicK = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initVerify(publicK);
signature.update(data.getBytes());
return signature.verify(Base64.decode(sign));
}catch(Exception e){
e.printStackTrace();
}
return false;
}
public static void main(String[] args) {
String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDO2DT8szWj8TpQfwiaflBhZ6cBRRFm/vhkYm6mSpk5kMSU3RNvjQx+I0xoTz+r4y9JUMsbHYy9Undwq94Z9lgYHlJQMVDb4kkiyaAn1Veu9fiQ3wPwgwQC84V0ymuPnfhBt8KcaNtS0CAEtHvFwnBwx2vlMoaG+uGdxrJ3Pho4PwIDAQAB";
String privateKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM7YNPyzNaPxOlB/CJp+UGFnpwFFEWb++GRibqZKmTmQxJTdE2+NDH4jTGhPP6vjL0lQyxsdjL1Sd3Cr3hn2WBgeUlAxUNviSSLJoCfVV671+JDfA/CDBALzhXTKa4+d+EG3wpxo21LQIAS0e8XCcHDHa+Uyhob64Z3Gsnc+Gjg/AgMBAAECgYAb/exlykbXEd0naZmbdr6f/+v84wDw5E5vH1cEEBJeVPYVgzmPHhJzu4kqkJb4Rv1uOY3S9JPIRzG8wLWE4+6VzpF89/oR4O7rb8FV5Ma1I0oXNWyTy5wxqSt39bZZK/12vA58iomt7/+D3k1Z1V55XBNKI0s3SoXkD3pfECAQkQJBAPXV3uh4VOt3kX5GYxs0amF/DxWGFhLvsQWNKNXHK/47r4owVLCw/JDhelfMnWP/AmmANTgO1jnE/GW/RayPN3cCQQDXZZ++PKmhYqFaOPWmO5MItKo9iI5CPiMSZK3yF9nQjqBkquJnbL2XcP/nZqy//xs4lHs52A1qzS2e/xH58Ud5AkEAsUyYQY1XoaNQmYPmQl6hQsPCe0GDdhDM2TYfd174SZl+VunYir56yXr1I5F9CfuHH9PJji6VLoD1j+RNOdDorQJBAMxIEk9u4wYvL44M1VUZzSIFjiubtie3HLYWDC69VhOJIS84Lk8ef1UAk4MYCqBwxpVLpO7ALEFtZGYVzSu6HCkCQQDADWjpnSTo2l5yqYaA8nz4puKAbETC9F3RwMbwHlCY/HZ1QN077E2/3vAI4m0C1ssjN+reszqHUZihBwA5Eg/w";
String sign = sign("abc", privateKey);
System.out.println(verify("abc", publicKey , sign));
}
}
最近补充一下js版的RSA加解密和签名:加密解最好用的是jsencrypt.js ,签名最好用的是jsrsasign.js 。曾经我也用痛苦地用过RSA.js ,但是它很难用,首先是它的参数对我是一种考验,一开始都不知道那些参数怎么填,才来才慢慢明白,还有就是RSA.js加密是没有padding的,它每次加密出来的东西只要公钥和数据一样,加密出来就是一样的密文,这个还必须得用 bcprov-jdk15-143.jar
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
final Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC");
这个来解,但是一般的boss系统都不这么干,所以RSA.js并不好用,果断放弃吧。
代码如下:
function encrypt(data){ //加密
var _encrypt = new JSEncrypt();
_encrypt.setPublicKey(boss_public_key);
var encrypted = _encrypt.encrypt(data);
return encrypted;
}
function decrypt(data){
var _decrypt = new JSEncrypt();
_decrypt.setPrivateKey(Merchant_private_key);
var uncrypted = _decrypt.decrypt(data);
return uncrypted;
}
function sign(data){ //签名
var rsa = KEYUTIL.getRSAKeyFromPlainPKCS8PEM("-----BEGIN PRIVATE KEY-----" + Merchant_private_key + "-----END PRIVATE KEY-----");
var result = rsa.signString(data, "md5");
return base64_encode(code_conversion(result));
}
这里是用到的几个js http://pan.baidu.com/s/1mg5ub3M