因?yàn)镽sa加密的代碼都是比較通用的,所以沒有特意去整合珍特,這里參照著兩位大神的代碼重新寫了一遍祝峻,做了一些簡單的修改,符合本地運(yùn)行環(huán)境
服務(wù)端代參照:http://www.cnblogs.com/zhujiabin/p/7118126.html
客戶端代碼參照:https://jackiedark.github.io/2018/02/05/JSEncrypt%E9%95%BF%E6%96%87%E6%9C%AC%E5%88%86%E6%AE%B5%E5%8A%A0%E8%A7%A3%E5%AF%86/
JS加密依賴:jsencrypt.js
Github地址:https://github.com/travist/jsencrypt
可客戶端盡量依賴JAVA自帶的Jar扎筒,只是Base64加密的時候額外依賴了apache的工具類commons-net-3.3.jar
服務(wù)端工RSA工具類
package com.wzh.config.utils;
import org.apache.commons.net.util.Base64;
import org.apache.log4j.Logger;
import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
/**
* <RSA加密解密工具類>
* <額外依賴 commons-net-3.3.jar,日志用的log4j呼猪,如果是其他的日志框架可以更改>
* @author wzh
* @version 2018-12-16 18:20
* @see [相關(guān)類/方法] (可選)
**/
public class RsaUtils
{
private static Logger log = Logger.getLogger(RsaUtils.class);
/**
* 塊加密大小
*/
private static final int CACHE_SIZE = 1024;
/**
* 加密算法RSA
*/
public static final String KEY_ALGORITHM = "RSA";
/**
* 簽名算法
*/
public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
/**
* 獲取公鑰的key
*/
private static final String PUBLIC_KEY = "RsaPublicKey";
/**
* 獲取私鑰的key
*/
private static final String PRIVATE_KEY = "RsaPrivateKey";
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* Base64字符串解碼為二進(jìn)制數(shù)據(jù)
* @param base64
* @return 二進(jìn)制數(shù)據(jù)
* @throws Exception
*/
public static byte[] decodeBase64(String base64)
throws Exception
{
return Base64.decodeBase64(base64.getBytes());
}
/**
* 二進(jìn)制數(shù)據(jù)編碼為Base64字符串
* @param bytes
* @return Base64字符串
* @throws Exception
*/
public static String encodeBase64(byte[] bytes)
throws Exception
{
return new String(Base64.encodeBase64(bytes));
}
/**
* 生成秘鑰對
* @return 返回公鑰和私鑰的Map集合
* @throws Exception
*/
public static Map<String, Object> initKeyPair()
throws Exception
{
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(CACHE_SIZE);
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
// 公鑰
keyMap.put(PUBLIC_KEY, publicKey);
// 私鑰
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
/**
* 獲取私鑰
* @param keyMap 秘鑰對Map
* @return 私鑰字符串
* @throws Exception
*/
public static String getPrivateKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return encodeBase64(key.getEncoded());
}
/**
* 獲取公鑰字符串
* @param keyMap 秘鑰對Map
* @return 公鑰字符串
* @throws Exception
*/
public static String getPublicKey(Map<String, Object> keyMap) throws Exception {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return encodeBase64(key.getEncoded());
}
/**
* 使用私鑰生成數(shù)字簽名
* @param data 使用私鑰加密的數(shù)據(jù)
* @param privateKey 是喲啊字符串
* @return 數(shù)字簽名
* @throws Exception
*/
public static String sign(byte[] data, String privateKey) throws Exception {
// 獲取byte數(shù)組
byte[] keyBytes = decodeBase64(privateKey);
// 構(gòu)造PKCS8EncodedKeySpec對象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
// 指定的加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取私鑰匙對象
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
// 用私鑰對信息生成數(shù)字簽名
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateK);
signature.update(data);
return encodeBase64(signature.sign());
}
/**
* 校驗(yàn)數(shù)字簽名
* @param data 私鑰加密的數(shù)據(jù)
* @param publicKey 公鑰字符串
* @param sign 私鑰生成的簽名
* @return 校驗(yàn)成功返回true 失敗返回false
* @throws Exception
*/
public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {
// 獲取byte數(shù)組
byte[] keyBytes = decodeBase64(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
// 構(gòu)造X509EncodedKeySpec對象
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 指定的加密算法
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
// 取公鑰匙對象
PublicKey publicK = keyFactory.generatePublic(keySpec);
signature.initVerify(publicK);
signature.update(data);
// 驗(yàn)證簽名是否正常
return signature.verify(decodeBase64(sign));
}
/**
* 私鑰加密
* @param data 需要加密的數(shù)據(jù)
* @param privateKey 私鑰
* @return 加密后的數(shù)據(jù)
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String privateKey) throws Exception {
byte[] keyBytes = decodeBase64(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數(shù)據(jù)分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
* 公鑰加密
* @param data 需要加密的數(shù)據(jù)
* @param publicKey 公鑰字符串
* @return 加密后的數(shù)據(jù)
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String publicKey) throws Exception {
byte[] keyBytes = decodeBase64(publicKey);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);
// 對數(shù)據(jù)加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicK);
int inputLen = data.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數(shù)據(jù)分段加密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
} else {
cache = cipher.doFinal(data, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_ENCRYPT_BLOCK;
}
byte[] encryptedData = out.toByteArray();
out.close();
return encryptedData;
}
/**
* 私鑰解密
* @param encryptedData 公鑰加密的數(shù)據(jù)
* @param privateKey 私鑰字符串
* @return 私鑰解密的數(shù)據(jù)
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] encryptedData, String privateKey) throws Exception {
byte[] keyBytes = decodeBase64(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateK);
int inputLen = encryptedData.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數(shù)據(jù)分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
}
/**
* 公鑰解密
* @param encryptedData 私鑰加密的數(shù)據(jù)
* @param publicKey 公鑰字符串
* @return 公鑰解密的數(shù)據(jù)
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] encryptedData, String publicKey) throws Exception {
byte[] keyBytes = decodeBase64(publicKey);
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicK = keyFactory.generatePublic(x509KeySpec);
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicK);
int inputLen = encryptedData.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] cache;
int i = 0;
// 對數(shù)據(jù)分段解密
while (inputLen - offSet > 0) {
if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
} else {
cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet);
}
out.write(cache, 0, cache.length);
i++;
offSet = i * MAX_DECRYPT_BLOCK;
}
byte[] decryptedData = out.toByteArray();
out.close();
return decryptedData;
}
/**
* 公鑰加密方法
* @param data 需加密的字符串
* @param PUBLICKEY 公鑰字符串
* @return 加密后的字符串
*/
public static String encryptedDataByPublic(String data, String PUBLICKEY) {
try {
data = encodeBase64(encryptByPublicKey(data.getBytes(), PUBLICKEY));
} catch (Exception e) {
e.printStackTrace();
log.error(e.getMessage(),e);
}
return data;
}
/**
* 私鑰解密方法
* @param data 公鑰加密的字符串
* @param PRIVATEKEY 私鑰字符串
* @return 私鑰解密的字符串
*/
public static String decryptDataByPrivate(String data, String PRIVATEKEY) {
String temp = "";
try {
byte[] rs = decodeBase64(data);
//以utf-8的方式生成字符串
temp = new String(decryptByPrivateKey(rs, PRIVATEKEY),"UTF-8");
} catch (Exception e) {
e.printStackTrace();
}
return temp;
}
public static void main(String[] args) {
try {
Map<String, Object> keyMap = RsaUtils.initKeyPair();
String publicKey = RsaUtils.getPublicKey(keyMap);
String privateKey = RsaUtils.getPrivateKey(keyMap);
System.out.println("公鑰:" + publicKey);
System.out.println("私鑰:" + privateKey);
String source = "我是需要私鑰加密的字符串!";
System.out.println("簽名驗(yàn)證邏輯砸琅,私鑰加密--公鑰解密,需要加密的字符串:" + source);
byte[] data = source.getBytes();
byte[] encodedData = RsaUtils.encryptByPrivateKey(data, privateKey);
System.out.println("私鑰加密后:" + new String(encodedData));
String sign = RsaUtils.sign(encodedData, privateKey);
System.out.println("簽名:" + sign);
boolean status = RsaUtils.verify(encodedData, publicKey, sign);
System.out.println("驗(yàn)證結(jié)果:" + status);
byte[] decodedData = RsaUtils.decryptByPublicKey(encodedData, publicKey);
String target = new String(decodedData);
System.out.println("公鑰解密私鑰加密的數(shù)據(jù):" + target);
System.out.println("---------公鑰加密----私鑰解密----------");
// 這里盡量長一點(diǎn)衰腌,復(fù)制了一段歌詞
String msg = "月濺星河莉掂,長路漫漫句占,風(fēng)煙殘盡岛杀,獨(dú)影闌珊诱篷;誰叫我身手不凡壶唤,誰讓我愛恨兩難,到后來棕所," +
"肝腸寸斷闸盔。幻世當(dāng)空琳省,恩怨休懷迎吵,舍悟離迷,六塵不改针贬;且怒且悲且狂哉击费,是人是鬼是妖怪,不過是桦他," +
"心有魔債蔫巩。叫一聲佛祖,回頭無岸快压,跪一人為師圆仔,生死無關(guān);善惡浮世真假界,塵緣散聚不分明蔫劣,難斷坪郭!" +
"我要這鐵棒有何用,我有這變化又如何拦宣;還是不安截粗,還是氐惆,金箍當(dāng)頭鸵隧,欲說還休绸罗。我要這鐵棒醉舞魔," +
"我有這變化亂迷濁豆瘫;踏碎靈霄珊蟀,放肆桀驁,世惡道險外驱,終究難逃育灸。";
String ecodeMsg = RsaUtils.encryptedDataByPublic(msg,publicKey);
System.out.println("加密后的歌詞:" + ecodeMsg);
String decodeMsg = RsaUtils.decryptDataByPrivate(ecodeMsg,privateKey);
System.out.println("解密后的歌詞:" + decodeMsg);
} catch (Exception e) {
e.printStackTrace();
}
}
}
首先測試一下工具類,main函數(shù)跑一下昵宇,成功驗(yàn)證簽名磅崭,加密,解密
image.png
客戶端JS代碼瓦哎,需要JSEncrypt庫砸喻,前文有給出github地址柔逼,這里對這個庫做一個簡單的擴(kuò)展,因?yàn)镽SA長文本超過秘鑰長度要報錯割岛,所以需要擴(kuò)展修改下
/**
* ---------------------------
* 此JS需加載JSEncrypt庫的后面愉适,加密解密調(diào)用著兩個方法
* ---------------------------
*/
/**
* 長文本加密
* @param {string} string 待加密長文本
* @returns {string} 加密后的base64編碼
* */
JSEncrypt.prototype.encryptLong = function (string) {
var k = this.getKey();
try {
var ct = "";
//RSA每次加密117bytes,需要輔助方法判斷字符串截取位置
//1.獲取字符串截取點(diǎn)
var bytes = new Array();
bytes.push(0);
var byteNo = 0;
var len, c;
len = string.length;
var temp = 0;
for (var i = 0; i < len; i++) {
c = string.charCodeAt(i);
if (c >= 0x010000 && c <= 0x10FFFF) { //特殊字符癣漆,如?维咸,?
byteNo += 4;
} else if (c >= 0x000800 && c <= 0x00FFFF) { //中文以及標(biāo)點(diǎn)符號
byteNo += 3;
} else if (c >= 0x000080 && c <= 0x0007FF) { //特殊字符,如è惠爽,ò
byteNo += 2;
} else { // 英文以及標(biāo)點(diǎn)符號
byteNo += 1;
}
if ((byteNo % 117) >= 114 || (byteNo % 117) == 0) {
if (byteNo - temp >= 114) {
bytes.push(i);
temp = byteNo;
}
}
}
//2.截取字符串并分段加密
if (bytes.length > 1) {
for (var i = 0; i < bytes.length - 1; i++) {
var str;
if (i == 0) {
str = string.substring(0, bytes[i + 1] + 1);
} else {
str = string.substring(bytes[i] + 1, bytes[i + 1] + 1);
}
var t1 = k.encrypt(str);
ct += t1;
}
;
if (bytes[bytes.length - 1] != string.length - 1) {
var lastStr = string.substring(bytes[bytes.length - 1] + 1);
ct += k.encrypt(lastStr);
}
return hex2b64(ct);
}
var t = k.encrypt(string);
var y = hex2b64(t);
return y;
} catch (ex) {
console.log(ex);
return false;
}
};
/**
* 長文本解密
* @param {string} string 加密后的base64編碼
* @returns {string} 解密后的原文
* */
JSEncrypt.prototype.decryptLong = function (string) {
var k = this.getKey();
var maxLength = 128;
try {
var string = b64tohex(string);
var ct = "";
if (string.length > maxLength * 2) {
var lt = string.match(/.{1,256}/g); //128位解密癌蓖。取256位
lt.forEach(function (entry) {
var t1 = k.decrypt(entry);
ct += t1;
});
return ct;
}
var y = k.decrypt(string);
return y;
} catch (ex) {
return false;
}
};
function hex2b64(h) {
var b64map="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
var b64padchar="=";
var i;
var c;
var ret = "";
for(i = 0; i+3 <= h.length; i+=3) {
c = parseInt(h.substring(i,i+3),16);
ret += b64map.charAt(c >> 6) + b64map.charAt(c & 63);
}
if(i+1 == h.length) {
c = parseInt(h.substring(i,i+1),16);
ret += b64map.charAt(c << 2);
}
else if(i+2 == h.length) {
c = parseInt(h.substring(i,i+2),16);
ret += b64map.charAt(c >> 2) + b64map.charAt((c & 3) << 4);
}
while((ret.length & 3) > 0) ret += b64padchar;
return ret;
}
一個簡單的測試頁面,就不做前后臺銜接了疆股,只是在前提用后臺生成的公鑰進(jìn)行加密费坊,然后后臺main方法解密一下。
<!DOCTYPE html>
<html>
<head>
<title>MyHtml.html</title>
<meta name="keywords" content="keyword1,keyword2,keyword3">
<meta name="description" content="this is my page">
<meta name="content-type" content="text/html; charset=UTF-8">
<script src="${request.contextPath}/js/jquery-3.3.1.min.js"></script>
<script src="${request.contextPath}/js/jsencrypt.js?v=123"></script>
<script src="${request.contextPath}/js/RsaJs.js?v=321123"></script>
<script type="text/javascript">
$(function() {
$('#submit').click(function() {
var data = $('#msg').val();
// 公鑰
var publickey = $('#publickey').val();
// 使用jsencrypt庫加密前端參數(shù)
var jsencrypt = new JSEncrypt();
jsencrypt.setPublicKey(publickey);
// 這里調(diào)用長文本的加密方法
var ecodeMsg = jsencrypt.encryptLong(data);
$('#ecodeMsg').val(ecodeMsg);
});
});
</script>
</head>
<body>
需要加密的內(nèi)容:</br><textarea id="msg" name="msg" rows="10" cols="60"></textarea></br>
公鑰:</br><textarea id="publickey" rows="10" cols="60"></textarea></br>
密文:</br><textarea id="ecodeMsg" rows="10" cols="60"></textarea>
<br/>
<br/>
<input id="submit" type="button" value="加密" />
</body>
</body>
</html>
簡單的測試旬痹,頁面獲取密文
image.png
后臺main解密一下
import com.wzh.config.utils.RsaUtils;
/**
* <一句話功能描述>
* <功能詳細(xì)描述>
* @author wzh
* @version 2018-12-16 23:31
* @see [相關(guān)類/方法] (可選)
**/
public class RsaManTest {
public static void main(String[] args) {
String msg = RsaUtils.decryptDataByPrivate("XsM6CYaNhdx2pJXebCgl3g3pF7FX9KrPY+gtwgbQs0Q1mqJL4VHqQytxOJfUwXHLP/hLck80AWSctJ29/dB4IQ2mSbcO4OInAJMkPwqWsnh1E9bFlFP2KjQ5RBVngb//IiSgBSFo8NR00y1/h47CrNch6ljW1nCLG82Qk2olhfI=",
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIlXVcewyLHiE9aidGpcR7hMT5opgXTGUfWX2idJnr2b++Edzg8Id6FOFgmzAWBkoSfAZodkTgZcOUjc/F/ZDQbuSDSBiakVb6T+WK53oVKb8a9Y9Ouq63Bwqihq9kqp9+aLSRcRqyLkF/tGg87dGMEMGeHq2djOI8rrbXGlyQNhAgMBAAECgYAHMCD3MJNwa+qp4xrArk+6n5PS97UkzXRgrC/ounuqZM2L/KlaNBE+yf1xSIMb7mhY0kMLdv52asE8xQQYaB28WVJHxExgcMDDdhtOp+4++WEe2xPWrJSUWSvLQWxrJ01yw9smezt1N0qrA4psJ+eq3JP366wZ3GLFhq0BOW8wGQJBANZyo2Dm1aP4aBHfLSa51YQJ+izFJyC53Hn43CPhXNDT08GO6tuZ9KiIJkk7rNdDrkAFnR4cDwEZT0C6Fk/VWA8CQQCj8+/fGGV+z3D0VCFkPf+VlZdNuITFD+wzlaalJZq5mYtzdHAZ3AGxpNs+Qbykq4TSb5XhfQoZuBeMD3brCv2PAkEA1Wuby4mP3zMOJ5MrtVnG9DSVxU6kxT4T/VO9ivvzSmU2XnDkrY7H3Z46NDHurwHNfivYFSopiJdut2U7ZVJW4wJAc/FsLq7IB9eXH5HnU0Zs2lHBgBr++YT7Gre3844WTy6AaZNsOz1UjVXyHaLLTwBkm5SBv8Z3QBzpugitpiZNjQJAR9SqcarmoE7xNxOJ0gqj2Pht26rAfcQogpoVvbvJTgGlpvEnnV2wEX47mzLFewzQ2nxjwAJPdzr+rOKXKnDCFA==");
System.out.println(msg);
}
}
前臺加密附井,后臺解密成功
image.png
