【转】https://www.jianshu.com/p/f666412a9a35
ps:
如果是前端通过jsencryto传进来的 类似:"kVfKAhpv/K40YMPKcEM298TEY1KNOnqF8DdzQan1IzFEhrGkyZI1g2GmE6dKw7gmhOFix1rxCmBSEDsn06kWtMTiuXe2r3IAxZVhBGlzHH5lumAgIjQ3f5Brnq4IruYtKSSJVhjgOoT6WRfjH5SSvsCA2mTiy/pGOQsSh44aRcA="
格式(base64)格式,需要用base64解码再用秘钥解密。
passwordBase64Decode,err := base64.StdEncoding.DecodeString(form.Password)
下面示例中打印的"08593c865d2a340436ea263ff894f17301339f7db0a5809808caec4fa4dc7875a3150946d4351d031a3b976f560dd96a7335151821b6ca4f63e4a4cd0cdeff3cfec9772e984c963cfca9f6557fd578c9ccfadff32f50c310ee3b244d13374b9a0b32fef63c0190a7b9ebf9fe451659382893227f9cd68370219be10f25bf2fd9"这种编码格式为hex。
改了生成公钥秘钥文件,从公钥秘钥文件中读取公钥秘钥
package main
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/hex"
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
"os"
)
func GetTextFromPemFile(path string) []byte {
f, err := os.Open(path)
if err != nil {
fmt.Println("read file fail", err)
return []byte("")
}
defer f.Close()
fd, err := ioutil.ReadAll(f)
if err != nil {
fmt.Println("read to fd fail", err)
return []byte("")
}
return fd
}
func main() {
//rsa 密钥文件产生
fmt.Println("-------------------------------获取RSA公私钥-----------------------------------------")
//prvKey, pubKey := GenRsaKey()
prvKey := GetTextFromPemFile("private.pem")
pubKey := GetTextFromPemFile("public.pem")
fmt.Println(string(prvKey))
fmt.Println(string(pubKey))
fmt.Println("-------------------------------进行签名与验证操作-----------------------------------------")
var data = "卧了个槽,这么神奇的吗??!!! ԅ(¯﹃¯ԅ) !!!!!!)"
fmt.Println("对消息进行签名操作...")
signData := RsaSignWithSha256([]byte(data), prvKey)
fmt.Println("消息的签名信息: ", hex.EncodeToString(signData))
fmt.Println("
对签名信息进行验证...")
if RsaVerySignWithSha256([]byte(data), signData, pubKey) {
fmt.Println("签名信息验证成功,确定是正确私钥签名!!")
}
fmt.Println("-------------------------------进行加密解密操作-----------------------------------------")
ciphertext := RsaEncrypt([]byte(data), pubKey)
fmt.Println("公钥加密后的数据:", hex.EncodeToString(ciphertext))
sourceData := RsaDecrypt(ciphertext, prvKey)
fmt.Println("私钥解密后的数据:", string(sourceData))
}
//RSA公钥私钥产生
func GenRsaKey() (prvkey, pubkey []byte) {
// 生成私钥文件
privateKey, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
derStream := x509.MarshalPKCS1PrivateKey(privateKey)
block := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: derStream,
}
//存到文件里,执行一次,以后从文件中获取私钥和公钥
//file, _ := os.Create("private.pem")
//err = pem.Encode(file, block)
prvkey = pem.EncodeToMemory(block)
publicKey := &privateKey.PublicKey
derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
if err != nil {
panic(err)
}
block = &pem.Block{
Type: "PUBLIC KEY",
Bytes: derPkix,
}
//存到文件里
//file, _ = os.Create("public.pem")
//err = pem.Encode(file, block)
pubkey = pem.EncodeToMemory(block)
return
}
//签名
func RsaSignWithSha256(data []byte, keyBytes []byte) []byte {
h := sha256.New()
h.Write(data)
hashed := h.Sum(nil)
block, _ := pem.Decode(keyBytes)
if block == nil {
panic(errors.New("private key error"))
}
privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
fmt.Println("ParsePKCS8PrivateKey err", err)
panic(err)
}
signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashed)
if err != nil {
fmt.Printf("Error from signing: %s
", err)
panic(err)
}
return signature
}
//验证
func RsaVerySignWithSha256(data, signData, keyBytes []byte) bool {
block, _ := pem.Decode(keyBytes)
if block == nil {
panic(errors.New("public key error"))
}
pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
panic(err)
}
hashed := sha256.Sum256(data)
err = rsa.VerifyPKCS1v15(pubKey.(*rsa.PublicKey), crypto.SHA256, hashed[:], signData)
if err != nil {
panic(err)
}
return true
}
// 公钥加密
func RsaEncrypt(data, keyBytes []byte) []byte {
//解密pem格式的公钥
block, _ := pem.Decode(keyBytes)
if block == nil {
panic(errors.New("public key error"))
}
// 解析公钥
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
panic(err)
}
// 类型断言
pub := pubInterface.(*rsa.PublicKey)
//加密
ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, pub, data)
if err != nil {
panic(err)
}
return ciphertext
}
// 私钥解密
func RsaDecrypt(ciphertext, keyBytes []byte) []byte {
//获取私钥
block, _ := pem.Decode(keyBytes)
if block == nil {
panic(errors.New("private key error!"))
}
//解析PKCS1格式的私钥
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
panic(err)
}
// 解密
data, err := rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext)
if err != nil {
panic(err)
}
return data
}