Java RSA研究
前几天我做了PHP RSA的测试,想想Java来做RSA应该更简单,就在网上搜了一下Java RSA,发现资料是有一些,但却不是很完整,也不是很严谨,都是转来转去,看来还是自己要测试一下,两个文件RSAUtil.java和EncryptException.java,注意,JDK里没有RSA的provider,所以我们要用第三方的provider,在http://www.bouncycastle.org/下载最新的包,加入工程。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 | import javax.crypto.Cipher; import java.security.*; import java.security.spec.RSAPublicKeySpec; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.InvalidKeySpecException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.io.*; import java.math.BigInteger; public class RSAUtil { /** * * 生成密钥对 * * @return KeyPair * * @throws EncryptException */ public static KeyPair generateKeyPair() throws EncryptException { try { KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider()); final int KEY_SIZE = 1024;//没什么好说的了,这个值关系到块加密的大小,可以更改,但是不要太大,否则效率会低 keyPairGen.initialize(KEY_SIZE, new SecureRandom()); KeyPair keyPair = keyPairGen.genKeyPair(); return keyPair; } catch (Exception e) { throw new EncryptException(e.getMessage()); } } /** * * 生成公钥 * * @param modulus * * @param publicExponent * * @return RSAPublicKey * * @throws EncryptException */ public static RSAPublicKey generateRSAPublicKey(byte[] modulus, byte[] publicExponent) throws EncryptException { KeyFactory keyFac = null; try { keyFac = KeyFactory.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider()); } catch (NoSuchAlgorithmException ex) { throw new EncryptException(ex.getMessage()); } RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(publicExponent)); try { return (RSAPublicKey) keyFac.generatePublic(pubKeySpec); } catch (InvalidKeySpecException ex) { throw new EncryptException(ex.getMessage()); } } /** * * 生成私钥 * * @param modulus * * @param privateExponent * * @return RSAPrivateKey * * @throws EncryptException */ public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus, byte[] privateExponent) throws EncryptException { KeyFactory keyFac = null; try { keyFac = KeyFactory.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider()); } catch (NoSuchAlgorithmException ex) { throw new EncryptException(ex.getMessage()); } RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(new BigInteger(modulus), new BigInteger(privateExponent)); try { return (RSAPrivateKey) keyFac.generatePrivate(priKeySpec); } catch (InvalidKeySpecException ex) { throw new EncryptException(ex.getMessage()); } } /** * * 加密 * * @param key 加密的密钥 * * @param data 待加密的明文数据 * * @return 加密后的数据 * * @throws EncryptException */ public static byte[] encrypt(Key key, byte[] data) throws EncryptException { try { Cipher cipher = Cipher.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider()); cipher.init(Cipher.ENCRYPT_MODE, key); int blockSize = cipher.getBlockSize();//获得加密块大小,如:加密前数据为128个byte,而key_size=1024 加密块大小为127 byte,加密后为128个byte;因此共有2个加密块,第一个127 byte第二个为1个byte int outputSize = cipher.getOutputSize(data.length);//获得加密块加密后块大小 int leavedSize = data.length % blockSize; int blocksSize = leavedSize != 0 ? data.length / blockSize + 1 : data.length / blockSize; byte[] raw = new byte[outputSize * blocksSize]; int i = 0; while (data.length - i * blockSize > 0) { if (data.length - i * blockSize > blockSize) cipher.doFinal(data, i * blockSize, blockSize, raw, i * outputSize); else cipher.doFinal(data, i * blockSize, data.length - i * blockSize, raw, i * outputSize); //这里面doUpdate方法不可用,查看源代码后发现每次doUpdate后并没有什么实际动作除了把byte[]放到ByteArrayOutputStream中,而最后doFinal的时候才将所有的byte[]进行加密,可是到了此时加密块大小很可能已经超出了OutputSize所以只好用dofinal方法。 i++; } return raw; } catch (Exception e) { throw new EncryptException(e.getMessage()); } } /** * * 解密 * * @param key 解密的密钥 * * @param raw 已经加密的数据 * * @return 解密后的明文 * * @throws EncryptException */ public static byte[] decrypt(Key key, byte[] raw) throws EncryptException { try { Cipher cipher = Cipher.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider()); cipher.init(cipher.DECRYPT_MODE, key); int blockSize = cipher.getBlockSize(); ByteArrayOutputStream bout = new ByteArrayOutputStream(64); int j = 0; while (raw.length - j * blockSize > 0) { bout.write(cipher.doFinal(raw, j * blockSize, blockSize)); j++; } return bout.toByteArray(); } catch (Exception e) { throw new EncryptException(e.getMessage()); } } public static String byte2hex(byte[] b) { String hs = ""; String stmp = ""; for (int i = 0; i < b.length; i++) { stmp = Integer.toHexString(b[i] & 0xFF); if (stmp.length() == 1) { hs += "0" + stmp; } else { hs += stmp; } } //return hs; return hs.toUpperCase(); } public static byte[] hex2byte(String hex) throws IllegalArgumentException { if (hex.length() % 2 != 0) { throw new IllegalArgumentException(); } char[] arr = hex.toCharArray(); byte[] b = new byte[hex.length() / 2]; for (int i = 0, j = 0, l = hex.length(); i < l; i++, j++) { String swap = "" + arr[i++] + arr[i]; int byteint = Integer.parseInt(swap, 16) & 0xFF; b[j] = new Integer(byteint).byteValue(); } return b; } /** * * * * @param args * * @throws Exception */ public static void main(String[] args) throws Exception { byte[] orgData = "test".getBytes(); KeyPair keyPair = RSAUtil.generateKeyPair(); RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey priKey = (RSAPrivateKey) keyPair.getPrivate(); byte[] pubModBytes = pubKey.getModulus().toByteArray(); System.out.println("PubKey Modulus:"+new BigInteger(pubModBytes).toString(16)); byte[] pubPubExpBytes = pubKey.getPublicExponent().toByteArray(); System.out.println("publicExponent:"+new BigInteger(pubPubExpBytes).toString(16)); byte[] priModBytes = priKey.getModulus().toByteArray(); byte[] priPriExpBytes = priKey.getPrivateExponent().toByteArray(); RSAPublicKey recoveryPubKey = RSAUtil.generateRSAPublicKey(pubModBytes, pubPubExpBytes); RSAPrivateKey recoveryPriKey = RSAUtil.generateRSAPrivateKey(priModBytes, priPriExpBytes); byte[] raw = RSAUtil.encrypt(priKey, orgData); System.out.println("Encrypt:"+byte2hex(raw)); byte[] data = RSAUtil.decrypt(recoveryPubKey, raw); System.out.println("Decrypt:"+new String(data)); } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | public class EncryptException extends Exception { public EncryptException() { super(); } public EncryptException(String message) { super(message); } public EncryptException(String message, Throwable cause) { super(message, cause); } public EncryptException(Throwable cause) { super(cause); } } |
我们看一下运行结果:
1 2 3 4 | PubKey Modulus:a907de8b5789b1df66c8a4ea90f99c9b00bbad520d487a7e218cd1ee2a1cafcaff2dd03a70cc61d8ccdfe0557b9132dd163a5a6c287d94790fc8b573a154ba0cd799e2cc73fc44c03083274760664125cafc33c647c44df300968665b6dbc9e553c59f8180de0ded3ae2163aab499c1ec0688ed7468fb816cdf05db501cbba19 publicExponent:10001 Encrypt:71521BBA91D871AAA8FF99D7E9D6E44DAE6218FAFDC07CE7C34ABACC1357854BF8F5D94F17FD106346B0916CC81A85B7031F9421810F1E5A568EE408E6DFDB219201CB1DE2AF259A516F3B930130D6AD4FFCB26072EB2BD9CFC11CA727B181A640311BC3023B2D1E54EBC52454C669389C24D0F7AD316B0B24257D53384E1446 Decrypt:test |
使用已有的Modulus加密的话
1 2 3 4 5 6 7 8 | String modulus = "D192471B8699640F931FE6F4FACC3E990B894F894CEA5BEE0DCBD7A4B76752F7345CF9B5F1271001B724F7A0ABF0A6E911E309536F4BE4749E92DCC531B8E36B95969D206649C9DD2371B413A8DFD9B92569660B1499A5CD310B86A8FDE24988E456897A416D2E7B0B649F0714F322C57EF92563B21A448D1072FF3806C34C75"; byte[] b_modulus = new BigInteger(modulus,16).toByteArray(); String publicExponent = "10001"; byte[] b_publicExponent = new BigInteger(publicExponent,16).toByteArray(); String text = "test"; RSAPublicKey recoveryPubKey = RSAUtil.generateRSAPublicKey(b_modulus, b_publicExponent); byte[] ss = RSAUtil.encrypt(recoveryPubKey,text.getBytes()); System.out.println(byte2hex(ss)); |