任何一个安全的系统里,密码都是不允许明文传输的,一般传输到后台的密码都是经过加密,再由后台解密进行校验的,传统的加密方式就是通过RSA加密
RSA算法概述
对称加密算法
在1976年以前,所有的加密方法都是同一种模式 对称加密算法(Symmetric-key algorithm)
其特点就是如果甲传了一串密文给乙,那么乙必须要知道甲的加密规则才能解密。否则无法解密,这样就导致了加密算法的泄露,影响了系统安全性。
非对称加密算法
1976年,两位美国计算机学家Whitfield Diffie 和 Martin Hellman,提出了一种崭新构思,可以在不直接传递密钥的情况下,完成解密。这被称为“Diffie-Hellman密钥交换算法”。
- (1)甲要传密信给乙,乙先根据某种算法得出本次与甲通信的公钥与私钥
- (2)乙将公钥传给甲(公钥可以让任何人知道,即使泄露也没有任何关系)
- (3)甲使用乙传给的公钥加密要发送的信息原文m,发送给乙加密后的密文c
- (4)乙使用自己的私钥解密密文c,得到信息原文m
如果公钥加密的信息只有私钥解得开,那么只要私钥不泄漏,通信就是安全的。
简而言之,就是接收方只需要发布公钥,以及特定的算法,就可以实现数据安全。
RSA算法
1977年,三位数学家Rivest、Shamir 和 Adleman 设计了一种算法,可以实现非对称加密。这种算法用他们三个人的名字命名,叫做RSA算法。
这种算法非常可靠,密钥越长,它就越难破解。根据已经披露的文献,目前被破解的最长RSA密钥是768个二进制位。也就是说,长度超过768位的密钥,还无法破解(至少没人公开宣布)。因此可以认为,1024位的RSA密钥基本安全,2048位的密钥极其安全。
java RSA算法实现
import org.apache.commons.codec.binary.Base64;import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import java.io.ByteArrayOutputStream;import java.io.IOException;import java.security.*;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;/**** @date 2019/7/31 13:48*/public class RSAUtils {/*** 加密算法RSA*/public static final String KEY_ALGORITHM = "RSA";/*** 签名算法*/public static final String SIGNATURE_ALGORITHM = "MD5withRSA";/*** 获取公钥的key*/private static final String PUBLIC_KEY = "RSAPublicKey";/*** 获取私钥的key*/private static final String PRIVATE_KEY = "RSAPrivateKey";/*** RSA最大加密明文大小*/private static final int MAX_ENCRYPT_BLOCK = 117;/*** RSA最大解密密文大小*/private static final int MAX_DECRYPT_BLOCK = 128;/*** RSA 位数 如果采用2048 上面最大加密和最大解密则须填写: 245 256*/private static final int INITIALIZE_LENGTH = 1024;/*** 私钥*/private static final String privateKey = "";/*** 生成密钥对(公钥和私钥)** @return* @throws Exception*/public static Map<String, Object> genKeyPair() throws Exception {KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);keyPairGen.initialize(INITIALIZE_LENGTH);KeyPair keyPair = keyPairGen.generateKeyPair();RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();Map<String, Object> keyMap = new HashMap<String, Object>(2);keyMap.put(PUBLIC_KEY, publicKey);keyMap.put(PRIVATE_KEY, privateKey);return keyMap;}/** *//*** 用私钥对信息生成数字签名** @param data 已加密数据* @return* @throws Exception*/public static String sign(byte[] data) throws Exception {byte[] keyBytes = Base64.decodeBase64(privateKey);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);signature.initSign(privateK);signature.update(data);return Base64.encodeBase64String(signature.sign());}/*** 校验数字签名** @param data 已加密数据* @param publicKey 公钥(BASE64编码)* @param sign 数字签名* @return* @throws Exception*/public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {byte[] keyBytes = Base64.decodeBase64(publicKey);X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);PublicKey publicK = keyFactory.generatePublic(keySpec);Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);signature.initVerify(publicK);signature.update(data);return signature.verify(Base64.decodeBase64(sign));}/*** <p>* 私钥解密** @param encryptedData 已加密数据* @return* @throws Exception*/private static byte[] decryptByPrivateKey(byte[] encryptedData) throws Exception {byte[] keyBytes = Base64.decodeBase64(privateKey);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());return getBytes(encryptedData, privateK, cipher, Cipher.DECRYPT_MODE, MAX_DECRYPT_BLOCK);}/*** 公钥解密** @param encryptedData 已加密数据* @param publicKey 公钥(BASE64编码)* @return* @throws Exception*/public static byte[] decryptByPublicKey(byte[] encryptedData, String publicKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(publicKey);X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key publicK = keyFactory.generatePublic(x509KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());return getBytes(encryptedData, publicK, cipher, Cipher.DECRYPT_MODE, MAX_DECRYPT_BLOCK);}/*** 公钥加密** @param data 源数据* @param publicKey 公钥(BASE64编码)* @return* @throws Exception*/private static byte[] encryptByPublicKey(byte[] data, String publicKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(publicKey);X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key publicK = keyFactory.generatePublic(x509KeySpec);// 对数据加密Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());return getBytes(data, publicK, cipher, Cipher.ENCRYPT_MODE, MAX_ENCRYPT_BLOCK);}/*** 私钥加密** @param data 源数据* @return* @throws Exception*/public static byte[] encryptByPrivateKey(byte[] data) throws Exception {byte[] keyBytes = Base64.decodeBase64(privateKey);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());return getBytes(data, privateK, cipher, Cipher.ENCRYPT_MODE, MAX_ENCRYPT_BLOCK);}private static byte[] getBytes(byte[] data, Key privateK, Cipher cipher, int encryptMode, int maxEncryptBlock)throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, IOException {cipher.init(encryptMode, privateK);int inputLen = data.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;byte[] cache;int i = 0;// 对数据分段加密while (inputLen - offSet > 0) {if (inputLen - offSet > maxEncryptBlock) {cache = cipher.doFinal(data, offSet, maxEncryptBlock);} else {cache = cipher.doFinal(data, offSet, inputLen - offSet);}out.write(cache, 0, cache.length);i++;offSet = i * maxEncryptBlock;}byte[] encryptedData = out.toByteArray();out.close();return encryptedData;}/*** 获取私钥** @param keyMap 密钥对* @return* @throws Exception*/public static String getPrivateKey(Map<String, Object> keyMap) throws Exception {Key key = (Key) keyMap.get(PRIVATE_KEY);return Base64.encodeBase64String(key.getEncoded());}/*** 获取公钥** @param keyMap 密钥对* @return* @throws Exception*/public static String getPublicKey(Map<String, Object> keyMap) throws Exception {Key key = (Key) keyMap.get(PUBLIC_KEY);return Base64.encodeBase64String(key.getEncoded());}/*** java端公钥加密*/public static String encryptedDataOnJava(String data, String publicKey) {try {data = Base64.encodeBase64String(encryptByPublicKey(data.getBytes(), publicKey));} catch (Exception e) {e.printStackTrace();}return data;}/*** java端私钥解密*/public static String decryptDataOnJava(String data){String temp = "";byte[] rs = Base64.decodeBase64(data);try {temp = new String(decryptByPrivateKey(rs), "UTF-8");} catch (Exception e) {return null;}return temp;}}
- 服务器通过
genKeyPair()方法获得公钥、私钥。 - 将公钥发布给通信者(例如前端界面)
- 通信者获取公钥用同样的RSA算法加密数据。
- 服务器通过私钥进行数据解密
JavaScript RSA算法
- 可以通过引入外部RSA算法JS,来实现公钥加密 ```html
```
- 如果怕有外网限制,则使用本地文件jsencrypt.min.js 用法是一样的。
若有收获,就点个赞吧
0 人点赞
