RSA 非对称加密，解密，签名，验签

大家好，欢迎来到IT知识分享网。

1.rsa  基础概念

 RSA是一种非对称加密算法,由罗纳德·李维斯特（Ron Rivest）、阿迪·萨莫尔（Adi Shamir）和伦纳德·阿德曼（Leonard Adleman）于1977年提出，他们的姓氏首字母组合成了RSA的名称。 在数据通信过程当中不进行密钥的传送，只传送加密后的数据，RSA为不对称加密，具有两个密钥，包括一个公钥、一个私钥。 2.公钥 公钥：公钥用来给数据加密，用公钥加密的数据只能用私钥解密。 公钥也可用来进行签名数据的验签。 3.私钥：私钥针对加密后的数据，进行数据的解密。 私钥也可用于数据的签名。 4.加密与解密 通常使用RSA算法的加密与解密 就是指使用公钥进行加密，私钥进行解密，加密是为了防止信息被泄漏。 5.数据的签名与验签 在传送数据过程当中，当获取了公钥后，数据可进行恶意的篡改，导致恶意攻击，所以可以进行数据的签名与验证签名。简而言之，加签是为了防止传输的信息被篡改。 6.算法的使用场景 网络通信安全、数字签名、身份认证、数据加密等。 7.使用例子 场景介绍 服务端A 发送数据给服务端B，服务端B 接收数据,进行加密通信 7.1 准备工作 服务端A生成一组RSA秘钥，并将公钥A预先给服务端B 服务端B生成一组RSA秘钥，并将公钥B预先给服务端A 7.2 流程 在此场景中， 1.A端先使用B端给的公钥，进行数据的加密 2.A端针对加密后的数据，使用A组的私钥进行签名。 3.A端将签名和数据传送给B端。 4.B端先使用B端的自己的私钥对加密后的数据进行解密。 5.B端将使用A端给的公钥进行针对解密后的数据、以及签名进行验证签名。 6.如果验证签名一致，就进行业务处后，进行回复消息，回复消息流程以上述一致，不同的是使用B端自己的私钥进行签名，A端的公钥进行加密，A端使用A端自己的私钥进行解密，使用B端给的公钥进行验证签名。 上代码： public class RSAUtils { / * RSA密钥算法 */ private static final String KEY_ALGORITHM = "RSA"; / * 签名算法 */ public static final String SIGNATURE_ALGORITHM = "SHA256withRSA"; private static final String CHARSET = "UTF-8"; // 生成密钥 public static KeyPair generateRSAKey() throws Exception { KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); keyPairGen.initialize(2048); KeyPair keyPair = keyPairGen.generateKeyPair(); return keyPair; } //加密 public static String encryptRSA(String data, String key) throws Exception { KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); byte[] keyBytes = Base64.getDecoder().decode(key); PublicKey publicKeyObj = keyFactory.generatePublic(new X509EncodedKeySpec(keyBytes)); Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, publicKeyObj); byte[] cipherText = cipher.doFinal(data.getBytes()); return Base64.getEncoder().encodeToString(cipherText); } // 解密 RSA public static String decryptRSA(String data, String key) throws Exception { KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); byte[] keyBytes = Base64.getDecoder().decode(key); PrivateKey privateKeyObj = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(keyBytes)); Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, privateKeyObj); byte[] plainText = cipher.doFinal(Base64.getDecoder().decode(data)); return new String(plainText); } public static String sign(String str, String keyPrivate) throws NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, InvalidKeyException { byte[] data = str.getBytes(); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(decryptBASE64(keyPrivate)); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); // 获取签名对象 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); byte[] bytes = signature.sign(); return encryptBASE64(bytes); } public static boolean verify(String str, String publicKey, String sign) throws Exception { byte[] data = str.getBytes(); byte[] signBytes = decryptBASE64(sign); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(decryptBASE64(publicKey)); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey pubKey = keyFactory.generatePublic(x509KeySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data); return signature.verify(signBytes); } private static byte[] decryptBASE64(String str) { return Base64.getDecoder().decode(str); } private static String encryptBASE64(byte[] bytes) { return Base64.getEncoder().encodeToString(bytes); } public static void main(String[] args) throws Exception { KeyPair keyPair = generateRSAKey(); //公钥 String keyPublic = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded()); //私钥 String keyPrivate = Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded()); System.out.println("keyPublic\n" + keyPublic); System.out.println("keyPrivate\n" + keyPrivate); /加密，生成签名， 验证签名，解密过程/ test01(); } public static void test01() throws Exception { String keyPublicA = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/TUfiSB5o4UOcKcNMxA0jxjVPksVSoY8QE3B87LNMhoX9UB/7SEzU541hScH9oqvLKEa0hUJnrwPg3HovvYBFGFza46LNRNMHRE3KuxwoeM8OXUIu19pHZLJvKJx0CRY1mZ0a8o/8v+1KxsI93B0BAX6Ypd9VDYo3jNu5U1mz74YPikp123wyHU8RTpgfXUlo1WSMxpgWIU4/N12rHBj/3ZLggU7Yg0GeWJtKC3UkUT3H4vgRPek7g/bZ7NJeFB9VWSnrmE7hYPvi2ojkGxR+rdzPclsw3ZDrOUhGfG9uXIYsNZJW2DaE5FTrM+qZZxrBsIOldpZACnAs6/3wOomQIDAQAB"; String keyPrivateA = "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCH9NR+JIHmjhQ5wpw0zEDSPGNU+SxVKhjxATcHzss0yGhf1QH/tITNTnjWFJwf2iq8soRrSFQmevA+Dcei+9gEUYXNrjos1E0wdETcq7HCh4zw5dQi7X2kdksm8onHQJFjWZnRryj/y/7UrGwj3cHQEBfpil31UNijeM27lTWbPvhg+KSnXbfDIdTxFOmB9dSWjVZIzGmBYhTj83XascGP/dkuCBTtiDQZ5Ym0oLdSRRPcfi+BE96TuD9tns0l4UH1VZKeuYTuFg++LaiOQbFH6t3M9yWzDdkOs5SEZ8b25chiw1klbYNoTkVOsz6plnGsGwg6V2lkAKcCzr/fA6iZAgMBAAECggEAPbyvwZhSZJ+gD5qP1GnsBYvmj2+W8hVrvgUPODxvikh3HQ1dGwCeTZyUwqIZQ12OiqGGADGYBOFOtt8LCLfUICHk4MF9KV4+rwIdQxe0YOGs3rd+3V168HPHLKh2aESpwLOvZchklcPMtEaX1LGekRy9vw9WG0/bEGCLC+N1tEj2FLPlki/+0aQlig/z2g9wYGubrDKcg+g+YAoroTeETesbI2lmRGLIgpfO0FotVxFFZlnaO8uCkCCVtQgQfWVXLMASOuGnFCIR3HQ0IF72PGjRXQTBBEQpEKKMP7A6U3bRfKjJQkMPopUue7FV/9w0TukPK+X//EFFOtaMyuRpAQKBgQDqumh0peaXoorMxj32hOoW1tE6LIK6KfhjhBWNBNBM2yK79ZcW2Erb4wN6VL0RjgDn8kesHwf18LoJbtQPJ+wexKNf178CYSnJAYkJ9yGEyWqLsXCZcGCdGtZGHrV8vXvb/86cEgnqhbosnzwz6ZC2Fff0LSR6wgrIei6pjDQxMwKBgQCURvWJI/a0NTWpoL6+U3Oz+mbPYYhfC2XRyPIt1Houvc6mLfEvPMzsibx5SGn/oZgorwldNa3H6s+j6rdtBBnYtkbaLyJoNmjr6S82XJq/zYL0d0ZtWk4m2nCaE7JXZ8lmKb/WB7jGznFECGDeSKylvp/Kpldw0L7NgCDY7RaXAwKBgEzJRCh8qQ2Lx7orU9PUMTvddD6ClxVNa4sqh15FZ9rsiNVSBuYbRYnfHqEjHWKjwJogAOBGmnUTFdjGH6sBlVWPYB6XVk3x+RhfXzQaWyW0Oh2Oo1YelAxw3g28OAShe+ZBLZaStBm7O2cjhC87RfK7Bw0iw19BIQPqLF+clOpPAoGAUs/WrgMx86+MCvLF1RJSmoAND2GPglWhRisOZt42ZwiG83TRMOIKlEZBA3cxfTHVW0yyQBrJfN4+RhETerH8edhpmwg7dvneIcBiZuHxUuQE6lPMmkwDpbjRHXFs3WQ4Kpq2WgoxgFVlO/liXMlr0CDXIdf9p11dvrfHvdk/UCgYB6N9yCkkJhXJt1tPlKn+q+dg32g7BY4JISP8YhJLS/eeXFd5+rU//xb5h9by/5RXiYuYo7tiB2D16RyqDhjftZPcVGmIiQYbyfnE7H27KrEAOd0ymb1M25b2eRz1jXD/j3gnbhdoIl2DExzRJvRQwzhPSFhOXFglJrNlpeXvs3Yw=="; //1 使用A 的公钥针对消息内容进行Rsa加密 String encrypt_data = encryptRSA("我们", keyPublicA); String keyPublicB = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBsbgJV2O0PWU3AerbqwQP9dS1c5f9Fmty1xFS6eLmgCa4sUVtwbDdx6+WIvk8jEVlS890pi577BsWwKi2TKmcuirvvbQbCa3Z1rmlPPxroQUzue2nbz4LAliGz8eMPC8l/Xwoxxe7w9DDN9lkJRqgVZWbaR0DTA2henEU3Ne2lgAtkBkZie741VtIpkpIhxrHCi9XpJXrF7m399ipOGCQo6WEiK1u8fiy4uvOgoOGCHgy0RdvZED1IKu2+Aw0gKii4pwK8otTV8qQPwda++d27XROrhHbb3el2n4qYZ7jQkXspuH9aKFsxzI7RWmMqtga4NaLRmmJlnWdAZlcnqIwIDAQAB"; String keyPrivateB = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCwGxuAlXY7Q9ZTcB6turBA/11LVzl/0Wa3LXEVLp4uaAJrixRW3BsN3Hr5Yi+TyMRWVLz3SmLnvsGxbAqLZMqZy6Ku+9tBsJrdnWuaU8/GuhBTO57advPgsCWIbPx4w8LyX9fCjHF7vD0MM32WQlGqBVlZtpHQNMDaF6cRTc17aWAC2QGRmJ7vjVW0imSkiHGscKL1eklesXubf32Kk4YJCjpYSIrW7x+LLi686Cg4YIeDLRF29kQPUgq7b4DDSAqKLinAryi1NXypA/B1r753btdE6uEdtvd6XafiphnuNCReym4f1ooWzHMjtFaYyq2Brg1otGaYmWdZ0BmVyeojAgMBAAECggEAT2CokNjNpgD5xjovWddgQqvX/XGfdUGJrt9IrWeJ3Rj8nkTeMhicCS9sLqRXFaHU/aTMWBqrYhHVdIdiaVpRB+mFtqHHPmDALUwbiEBm0whi+2FQROCBJLHA+TFGy5hRcrZIpmRvcnpyeeFrpiLWdHBcyddE+jgNBUDMCTysdgdVYttyOLAC4NH66L/rE2DL6P7N2x2Tv12ifBFZtYM/H1ShRZbeTGaytwipS2Y8ytLsSh651HcpLdED8PRXLq4Ugr/DaJi3H+8amNymvW9ADNyN8CMwaoWZoRXELEul6ijDpOQG5VIbDVT87K83ouLudPmYwKVYdqlA/LnFVO9+wQKBgQDjq7a8j6UAqIDv3Rbnr8eLdUXGVTQl7X64vk5WyJDHfw+5DHeQH0LtWkXtrsS6cKdquZQVmpD36MnjxVRhdMvbJ6e7tjhfDJOvW+g/7aGTVEigM6pu/xtFxum76nxEpuxxdhOHvjvr9LKKr22hZtBV+arnBkRG+KDXzQ3t5slTeQKBgQDGBNUPwuB8rhmA5CYMXuX/MX5YQk1tjCfTYmkVyCw7jYQ5LIwiy9+leKs9uhSFcnMze+MzpMjgF3fhD1brAXvGsJaHwlNLF3ibW+YRwFhmO4kb6e/ugyvCiwJ5YkQ5UXAb7OLGtdw/N61FTQSPA+KE1aOUXJwo006zJCS9qHewKBgE3hyNI6RVSzT+A9/n7lR9qyFFtjfEJZOxdRqpTPaY+FLMi9tgzsVMXDMta7CXtJ3EuLDlhRlrPnw2CSeWoZPT9MEnoJPMFvGPpM82cjEDnJBEshQXVU+WxmPkDVVwtZGts5bDbsYa02+PiuSE+FT1GJ5ee/4g1xMfyAnfo7D7XpAoGAFJE17BAqruiKX5fS1+AXdX0XiWVBk4pGLK+BCLEk3v6g6CtXVtnkHdS9vIiSTxYHHybT/24zKwtk+SxVs80QpR98Uxd8/USv0hPxI5gEiBJgUzBYIz2IspRWiY1jC9s1JhGZVuLIOBH9PRnGwWeCBIK9Hgzq0bzyW7e+HaKxTPcCgYEA3whSr2kxwCye27VdCmZdW6rm8rzc7xwtLVOBOdGPS+f+ZCS1QtdKOHfVeY5Q9CV7p0AiZvfDyxS2eeyfRLnywBg0gJoy1tdrLZe53zLLOGH9yncvAaojPFhEjZtNMs4/iTkQc9+RCpHUyhpmdr6g8oC30YCo3b3Amyfy6u1OJeE="; // 2 使用 B 组私钥进行签名 String sign = sign(encrypt_data, keyPrivateB); // 将sign 和加密的报文消息内容 encrypt_data发送到另一方 // 先进行验签过程 if(verify(encrypt_data, keyPublicB, sign)){ String decrypt_data = decryptRSA(encrypt_data, keyPrivateA); System.out.println("验证签名成功后，进行解密：" + decrypt_data); } } }