加密解密 - alx696/share GitHub Wiki
Keytool
生成keystore
keytool -genkeypair -dname "cn=Keming, ou=Java, o=Wuhan, c=CN" \
-alias dev -keypass 123456 \
-keystore keystore_ca \
-storepass 123456 -validity 3650
keytool -list -v -keystore keystore_ca
参考: https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
导入ca证书到Keytool
keytool -import -alias root -file ca/root.pem -keystore keystore_ca
参考: https://alvinalexander.com/java/java-using-keytool-import-certificate-keystore
ECMAScript RSA公钥加密
使用https://github.com/travist/jsencrypt文档方法生成RSA公钥和私钥,然后使用公钥对字符进行加密.
let jsEncrypt = new JSEncrypt();
jsEncrypt.setPublicKey(`-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDWfY2O365v28Fqb399uW2evCqK
eUduMOAkvGQvZlhXlHyO4doKCsJW4LjOMEaN5e8kWUNLYTIZA3PK/6Pmx0ivlREC
qh+l3I6OySYutxHE/RhvvY7hHpeFWAjQhFNQscWuutVN/nNj3gyheXqgUnWOpsOe
ZNXYK0dud9oFOW0LqwIDAQAB
-----END PUBLIC KEY-----`);
let encrypted = jsEncrypt.encrypt('你好');
console.log(encrypted);
Java RSA私钥解密
上面生成的私钥无法直接在Java中使用, 需要进行转换.
转换私钥
openssl pkcs8 -topk8 -inform PEM -outform DER -in rsa_1024_priv.pem -nocrypt > pkcs8_key
读取pkcs8_key并解密
package util;
import org.apache.commons.io.FileUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
/**
* RSA解密工具
*/
public class KeysRsa {
private static final Logger L = LogManager.getLogger();
private static KeysRsa ourInstance = new KeysRsa();
private static final String CIPHER_ALGORITHM = "RSA";
private static Base64.Decoder decoder;
private static PrivateKey privateKey;
public static KeysRsa getInstance() {
return ourInstance;
}
private KeysRsa() {
decoder = Base64.getDecoder();
try {
byte[] keys = FileUtils.readFileToByteArray(
new File(文件夹, "pkcs8_key")
);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keys);
KeyFactory keyFactory = KeyFactory.getInstance(CIPHER_ALGORITHM);
privateKey = keyFactory.generatePrivate(keySpec);
} catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
L.catching(e);
}
}
/**
* 根据密钥对指定的密文cipherText进行解密.
*
* @param cipherText 密文
* @return 解密后的明文.
*/
public final String decrypt(String cipherText) {
try {
Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] result = cipher.doFinal(
decoder.decode(cipherText)
);
return new String(result, "UTF-8");
} catch (NoSuchAlgorithmException | InvalidKeyException | NoSuchPaddingException
| BadPaddingException | IllegalBlockSizeException | UnsupportedEncodingException e) {
L.catching(e);
L.error("解密出错");
}
return null;
}
}