RSA加解密中必须考虑到的**长度、明文长度和密文长度问题。明文长度需要小于**长度,而密文长度则等于**长度。因此当加密内容长度大于**长度时,有效的RSA加解密就需要对内容进行分段。
这是因为,RSA算法本身要求加密内容也就是明文长度m必须0 这样,对于1024长度的**。128字节(1024bits)-减去11字节正好是117字节,但对于RSA加密来讲,padding也是参与加密的,所以,依然按照1024bits去理解,但实际的明文只有117字节了。 生成:在线RSA公钥私钥生成 公钥: 来源地址:https://blog.csdn.net/shachao888/article/details/131699721公钥:
-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyXyvN9fLKoixOZsD61cJQxzuRNCPdruj5ApBsr2jIakpF7yCXTh3OgKOzE2Y9O5r8kC7oDaDOhmcagPG4nsi80HMGynh/Kwa3bUpPEySsHk6qYI4QAz8XS9IQ/y1GD9tsEgY/783fA1hKr/yPpfPeVQdmlYd2GT4owUAoSS4zXcFNlUf/4dy052Jbb/0am6zONLC7BwyZ2d+znGhX2teLdR9EegPZcpRBAf+litsmzhsRa3CO4vRWgexYOrsr07gCpwnEFEJYUnB8Zq/OfCrqxqXnj+NkqTcMB6JUvyYWtfuWrRxgf8iHsau8Ds354BDv3t3TgMjpuWxpzX+eArc9QIDAQAB-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDJfK8318sqiLE5mwPrVwlDHO5E0I92u6PkCkGyvaMhqSkXvIJdOHc6Ao7MTZj07mvyQLugNoM6GZxqA8bieyLzQcwbKeH8rBrdtSk8TJKweTqpgjhADPxdL0hD/LUYP22wSBj/vzd8DWEqv/I+l895VB2aVh3YZPijBQChJLjNdwU2VR//h3LTnYltv/RqbrM40sLsHDJnZ37OcaFfa14t1H0R6A9lylEEB/6WK2ybOGxFrcI7i9FaB7Fg6uyvTuAKnCcQUQlhScHxmr858KurGpeeP42SpNwwHolS/Jha1+5atHGB/yIexq7wOzfngEO/e3dOAyOm5bGnNf54Ctz1AgMBAAECggEAUjvtV6FfblCz5Ir8IoU3ZojcRoHIy/DxhxUYk1cKyaY8+08Y9esh3i9FEOVq1CyrKgh5i340OPZS/IHmHnGbZiUopL2HWpTzsiFKXy3xgM05wA1B4AJszauKlxUA5JCeuB/09AybHKppSgVlXV6gcyh9nIwhSjyLrh1QkHRoaJK9DebFWCGEFEl5mpKtklc9TQCmbwIJEVk2406BgKt1iCHqFqsXSEDXh0/HYAwLgLxgmQTvKDqI1XTUqXYKXLEbTVpRqgdM9+LxsscoNxqX8vA/NnqpSVS1onVlyR3tYWQmupN72wInNcJS3rLb8BX34rLvQguXOOpT4w5+kRfUUQKBgQD4f2+EU+J8f13+mO6vk0iZ0kOURHAXrgf1oOQSAYGnU6vmnpLNkTUcHwUfCb06VwKvPAKK0hFBgirbaTeDYQOLT7XJmX8vpt9baNT++51PtSMj61GnZaxeR7fd1MzL2NcGQshFJr8S4h7IWOTMbFc/xLurmmbH1/Dzg+Y5CtTtHwKBgQDPkeq+yWa//OjGPxbKNZ/ES2+kat+/bKuGm6RoSZ0WpAgGk5gyI/soLt3ARdd6xHW8OG+vMGuo1530V7B3GZVVIK3x7FcMJ61EI7JQDUvTlM1IEXiQMQxBgTyrvKEhsc39H4UNoSLd0GobB4d5Re2jdghS3s4nKgRax5m4CAsfawKBgBB9fGv+mRAD77vecDBsiKvUfTGQnROlM9gD9j6PpQfykHy8VyeXFDwqfs+BePIvJfl09QI7UHPVbHyk7c8lF/QdtQWMzxjdbQMG4OOO1PCeJ5fRnNiL8bVL8xKgdXqtiA9dTSbxnEpngP1wkLZUFjIgHwgTNfDbDp1KSnPMmTanAoGAI9MMT9dUy4fr6ONUnJu6sldOsnLboR8xT28nZfRmj1TKKdBpcSXyoBHOpfOn6AFmTJD0/ah+vEpScax8wWGB+4pDW0CuGWPzrJH4oYZZ8u94qpqRU1mTwu56OS26JaWZZrl87khES0JAPeADyrN9+ztQ3nSj4fCHhd9zMWb5/HcCgYEAz0w883BdI1uvWq12IE5ggJ62EDpSx0RoFlhq4ys6XvWGBywMdg4l3Ls2Xc+VY/jzE87f2hJdGTprHkEkQEHmTf7WvCd/lfwW7DuC7M34QCn4GbUI1i23wcHvUaR9nztqjCBug4hgwYsJee9EYDjkGoqgYm9dIQw0g9d2FYJU1Pg=-----END RSA PRIVATE KEY-----
Go实现
package xrsa import ( "encoding/pem" "encoding/base64" "crypto/x509" "crypto/rsa" "crypto/rand" "errors" "crypto" "io" "bytes" "encoding/asn1") const ( CHAR_SET = "UTF-8" BASE_64_FORMAT = "UrlSafeNoPadding" RSA_ALGORITHM_KEY_TYPE = "PKCS8" RSA_ALGORITHM_SIGN = crypto.SHA256) type XRsa struct { publicKey *rsa.PublicKey privateKey *rsa.PrivateKey} // 生成**对func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error { // 生成私钥文件 privateKey, err := rsa.GenerateKey(rand.Reader, keyLength) if err != nil { return err } derStream := MarshalPKCS8PrivateKey(privateKey) block := &pem.Block{ Type: "PRIVATE KEY", Bytes: derStream, } err = pem.Encode(privateKeyWriter, block) if err != nil { return err } // 生成公钥文件 publicKey := &privateKey.PublicKey derPkix, err := x509.MarshalPKIXPublicKey(publicKey) if err != nil { return err } block = &pem.Block{ Type: "PUBLIC KEY", Bytes: derPkix, } err = pem.Encode(publicKeyWriter, block) if err != nil { return err } return nil} func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) { block, _ := pem.Decode(publicKey) if block == nil { return nil, errors.New("public key error") } pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { return nil, err } pub := pubInterface.(*rsa.PublicKey) block, _ = pem.Decode(privateKey) if block == nil { return nil, errors.New("private key error!") } priv, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return nil, err } pri, ok := priv.(*rsa.PrivateKey) if ok { return &XRsa { publicKey: pub, privateKey: pri, }, nil } else { return nil, errors.New("private key not supported") }} // 公钥加密func (r *XRsa) PublicEncrypt(data string) (string, error) { partLen := r.publicKey.N.BitLen() / 8 - 11 chunks := split([]byte(data), partLen) buffer := bytes.NewBufferString("") for _, chunk := range chunks { bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk) if err != nil { return "", err } buffer.Write(bytes) } return base64.RawURLEncoding.EncodeToString(buffer.Bytes()), nil} // 私钥解密func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) { partLen := r.publicKey.N.BitLen() / 8 raw, err := base64.RawURLEncoding.DecodeString(encrypted) chunks := split([]byte(raw), partLen) buffer := bytes.NewBufferString("") for _, chunk := range chunks { decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk) if err != nil { return "", err } buffer.Write(decrypted) } return buffer.String(), err} // 数据加签func (r *XRsa) Sign(data string) (string, error) { h := RSA_ALGORITHM_SIGN.New() h.Write([]byte(data)) hashed := h.Sum(nil) sign, err := rsa.SignPKCS1v15(rand.Reader, r.privateKey, RSA_ALGORITHM_SIGN, hashed) if err != nil { return "", err } return base64.RawURLEncoding.EncodeToString(sign), err} // 数据验签func (r *XRsa) Verify(data string, sign string) error { h := RSA_ALGORITHM_SIGN.New() h.Write([]byte(data)) hashed := h.Sum(nil) decodedSign, err := base64.RawURLEncoding.DecodeString(sign) if err != nil { return err } return rsa.VerifyPKCS1v15(r.publicKey, RSA_ALGORITHM_SIGN, hashed, decodedSign)} func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte { info := struct { Version int PrivateKeyAlgorithm []asn1.ObjectIdentifier PrivateKey []byte }{} info.Version = 0 info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1) info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} info.PrivateKey = x509.MarshalPKCS1PrivateKey(key) k, _ := asn1.Marshal(info) return k} func split(buf []byte, lim int) [][]byte { var chunk []byte chunks := make([][]byte, 0, len(buf)/lim+1) for len(buf) >= lim { chunk, buf = buf[:lim], buf[lim:] chunks = append(chunks, chunk) } if len(buf) > 0 { chunks = append(chunks, buf[:len(buf)]) } return chunks}
Php实现
public_key = $pub_key; $this->private_key = $pri_key; $pub_id = openssl_get_publickey($this->public_key); $this->key_len = openssl_pkey_get_details($pub_id)['bits']; } public static function createKeys($key_size = 2048) { $config = array( "private_key_bits" => $key_size, "private_key_type" => self::RSA_ALGORITHM_KEY_TYPE, ); $res = openssl_pkey_new($config); openssl_pkey_export($res, $private_key); $public_key_detail = openssl_pkey_get_details($res); $public_key = $public_key_detail["key"]; return [ "public_key" => $public_key, "private_key" => $private_key, ]; } public function publicEncrypt($data) { $encrypted = ''; $part_len = $this->key_len / 8 - 11; $parts = str_split($data, $part_len); foreach ($parts as $part) { $encrypted_temp = ''; openssl_public_encrypt($part, $encrypted_temp, $this->public_key); $encrypted .= $encrypted_temp; } return $this->url_safe_base64_encode($encrypted); } public function privateDecrypt($encrypted) { $decrypted = ""; $part_len = $this->key_len / 8; $base64_decoded = $this->url_safe_base64_decode($encrypted); $parts = str_split($base64_decoded, $part_len); foreach ($parts as $part) { $decrypted_temp = ''; openssl_private_decrypt($part, $decrypted_temp, $this->private_key); $decrypted .= $decrypted_temp; } return $decrypted; } public function privateEncrypt($data) { $encrypted = ''; $part_len = $this->key_len / 8 - 11; $parts = str_split($data, $part_len); foreach ($parts as $part) { $encrypted_temp = ''; openssl_private_encrypt($part, $encrypted_temp, $this->private_key); $encrypted .= $encrypted_temp; } return $this->url_safe_base64_encode($encrypted); } public function publicDecrypt($encrypted) { $decrypted = ""; $part_len = $this->key_len / 8; $base64_decoded = $this->url_safe_base64_decode($encrypted); $parts = str_split($base64_decoded, $part_len); foreach ($parts as $part) { $decrypted_temp = ''; openssl_public_decrypt($part, $decrypted_temp, $this->public_key); $decrypted .= $decrypted_temp; } return $decrypted; } public function sign($data) { openssl_sign($data, $sign, $this->private_key, self::RSA_ALGORITHM_SIGN); return $this->url_safe_base64_encode($sign); } public function verify($data, $sign) { $pub_id = openssl_get_publickey($this->public_key); $res = openssl_verify($data, $this->url_safe_base64_decode($sign), $pub_id, self::RSA_ALGORITHM_SIGN); return $res; } function url_safe_base64_decode($data) { $base_64 = str_replace(array('-', '_'), array('+', '/'), $data); return base64_decode($base_64); } function url_safe_base64_encode($data) { return str_replace(array('+', '/', '='), array('-', '_', ''), base64_encode($data)); }}?>
Java实现
package com.inspii; import org.apache.commons.codec.binary.Base64;import org.apache.commons.io.IOUtils; import javax.crypto.Cipher;import java.io.ByteArrayOutputStream;import java.security.*;import java.security.interfaces.RSAPublicKey;import java.security.interfaces.RSAPrivateKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map; public class XRsa { public static final String CHARSET = "UTF-8"; public static final String RSA_ALGORITHM = "RSA"; public static final String RSA_ALGORITHM_SIGN = "SHA256WithRSA"; private RSAPublicKey publicKey; private RSAPrivateKey privateKey; public XRsa(String publicKey, String privateKey) { try { KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); //通过X509编码的Key指令获得公钥对象 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey)); this.publicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec); //通过PKCS#8编码的Key指令获得私钥对象 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey)); this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec); } catch (Exception e) { throw new RuntimeException("不支持的**", e); } } public static Map