非對稱加密算法
非對稱加密算法的密鑰,一把公開,稱爲公鑰,一把保密,稱爲私鑰。非對稱加密算法解決了對稱加密算法密鑰分配的問題,極大的提高了算法的安全性。非堆成加密算法的代表算法:RSA算法,廣泛的被使用到各個方面
-
RSA算法實現
算法 密鑰長度 密鑰長度默認值 工作模式 填充模式 備註 RSA 512-65536 1024 ECB NoPadding
PKCS1Pdaaing
OAEPWITHMD5AndMGF1Padding
OAEPWITHSHA1AndMGF1Padding
OAEPWITHSHA256AndMGF1Padding
OAEPWITHSHA394AndMGF1Padding
OAEPWITHSHA512AndMGF1Paddingjava 7實現 RSA 512-65536 2048 NONE NoPadding
PKCS1Pdaaing
OAEPWITHMD5AndMGF1Padding
OAEPWITHSHA1AndMGF1Padding
OAEPWITHSHA256AndMGF1Padding
OAEPWITHSHA394AndMGF1Padding
OAEPWITHSHA512AndMGF1Padding
ISO9796-1 PaddingBouncy Castle實現 算法實現:
/** * @Author: zxx * @Description: RSA加密解密 * 注意:大部分情況下約定的是公鑰加密,私鑰解密 */ public class RSAUtil { /** * 算法常量: RSA */ private static final String ALGORITHM_RSA = "RSA"; /** * 公鑰 */ private static final String PUBLICKEY = "RSAPublicKey"; /** * 私鑰 */ private static final String PRIVATEKEY = "RSAPrivateKey"; /** * RSA密鑰長度 */ private static final int KEY_SIZE = 1024; /** * 公鑰加密,公鑰的都是使用X509EncodedKeySpec規約 * @return */ public static byte[] encryptByPublicKey(byte[] data, byte[] key){ byte[] rbyte = null; try { X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //獲取公鑰 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE,publicKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 公鑰解密 * @return */ public static byte[] decryptByPublicKey(byte[] data, byte[] key){ byte[] rbyte = null; try { X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //獲取公鑰 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE,publicKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 私鑰加密,私鑰的都是使用PKCS8EncodedKeySpec規約 * @return */ public static byte[] encryptByPrivateKey(byte[] data, byte[] key){ byte[] rbyte = null; try { PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //獲取公鑰 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE,privateKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 私鑰解密 * @return */ public static byte[] decryptByPrivateKey(byte[] data, byte[] key){ byte[] rbyte = null; try { PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(key); KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_RSA); //獲取公鑰 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); //加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE,privateKey); rbyte = cipher.doFinal(data); }catch (Exception e){ e.printStackTrace(); } return rbyte; } /** * 獲取公鑰 * @return */ public static byte[] getPublicKey(Map<String,Object> keyMap){ Key key =(Key) keyMap.get(PUBLICKEY); return key.getEncoded(); } /** * 獲取私鑰 * @return */ public static byte[] getPrivateKey(Map<String,Object> keyMap){ Key key =(Key) keyMap.get(PRIVATEKEY); return key.getEncoded(); } /** * 初始化密鑰 * @return */ public static Map<String,Object> initKey(){ Map<String,Object> keyMap = null; try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_RSA); keyPairGenerator.initialize(KEY_SIZE); //生成密鑰對 KeyPair keyPair = keyPairGenerator.genKeyPair(); //獲取公鑰和私鑰 RSAPublicKey publicKey =(RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey =(RSAPrivateKey) keyPair.getPrivate(); //公鑰和私鑰放到Map中 keyMap = new HashMap<>(2); keyMap.put(PUBLICKEY,publicKey); keyMap.put(PRIVATEKEY,privateKey); }catch (Exception e){ e.printStackTrace(); } return keyMap; } }
如果涉及到使用證書,以下是加載證書代碼:
/** * @Author: zxx * @Description: 證書加載 */ public class CertUtil { /** * 獲取私鑰 * @param keyStorePath * @param password * @param alias * @return * @throws Exception */ private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath, String password, String alias) throws Exception { KeyStore ks = getKeyStore(keyStorePath,password); return (PrivateKey) ks.getKey(alias,password.toCharArray()); } /** * 獲取公鑰 * @param keyStorePath * @param password * @param alias * @return * @throws Exception */ private static PublicKey getPublicKeyByKeyStore(String keyStorePath, String password, String alias) throws Exception { Certificate certificate = getCertificate(keyStorePath); return certificate.getPublicKey(); } /** * 獲取Certificate * @param keyStorePath * @return */ private static Certificate getCertificate(String keyStorePath) throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509"); FileInputStream inputStream = new FileInputStream(keyStorePath); Certificate certificate = certificateFactory.generateCertificate(inputStream); inputStream.close(); return certificate; } /** * 獲得KeyStore * @param keyStorePath * @param password * @return */ private static KeyStore getKeyStore(String keyStorePath, String password) throws Exception { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); FileInputStream inputStream = new FileInputStream(keyStorePath); keyStore.load(inputStream,password.toCharArray()); inputStream.close(); return keyStore; } }
證書如何生成:
以生成PKCS8爲例,使用的是支付寶開放平臺助手來生產: