java.security.*篇(1) RSA 加密与解密demo

下一篇介绍《java.security.*篇(2) RSA签名与校验demo》 

涉及类：KeyPairGenerator KeyPair SAPrivateKey RSAPublicKey X509EncodedKeySpec X509EncodedKeySpec PKCS8EncodedKeySpec Cipher

rsa 公钥加密,私钥解密常用使用场景

 1.客户端-服务端通讯发送消息，客户端消息公钥加密，服务端私钥解密
 2.机密文件加密存储，服务端解密在线显示
 3.机密数据库数据内容加密存储，服务端解密显示
 4.文章关键页加密，付费后服务端解密查看等等

rsa 公钥加密私钥解密demo

<dependency>
    <groupId>commons-codec</groupId>
    <artifactId>commons-codec</artifactId>
    <version>1.11</version>
</dependency>

公钥加密私钥解密测试方法

    private static final String ALGORITHM_NAME = "RSA";
    public static final String CHARSET = "UTF-8";

 /**
     * @description: demos of jdk8 java.security KeyPairGenerator KeyPair
     * RSAPrivateKey RSAPublicKey X509EncodedKeySpec X509EncodedKeySpec PKCS8EncodedKeySpec Cipher
     * ras public_key encode and private_key decode  用ras 公钥加密 私钥解密
     */
    @Test
    public void testPublicEncryptAndPrivateDecrypt() throws Exception {

        String originMessage = "需要加密的字符串";
        // KeyPairGenerator类用于生成公钥和私钥对，基于RSA算法生成对象
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");

        // 初始化生成器大小
        keyPairGenerator.initialize(1024);

        // 生成密钥对
        KeyPair keyPair =  keyPairGenerator.generateKeyPair();

        // 获取私钥
        PrivateKey privateKey = keyPair.getPrivate();

        // 获取公钥
        PublicKey publicKey = keyPair.getPublic();

        // 公钥字符串
        String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());

        // 私钥字符串
        String privateKeyStr =Base64.encodeBase64URLSafeString(privateKey.getEncoded());


        System.out.println("public key str is:"+ publicKeyStr);
        System.out.println("private key str is:"+ privateKeyStr);

        // 加密后bytes
        byte[] encryptedBytes = publicKeyEncrypt(originMessage,publicKeyStr);

        // 解密后bytes
        byte[] decryptedBytes = privateKeydecrypt(encryptedBytes,privateKeyStr);

        //输出加密后字符串
        System.out.println("public encrypted str:"+ new String(encryptedBytes));

        //输出解密后内容
        System.out.println("private decrypted str:"+ new String(decryptedBytes,CHARSET));


    }

公钥加密方法

 /**
     * @description public key encrypt
     * 公钥加密：实际情况一般是私钥和公钥是提前生成好的，我们需要读取配置文件或者输入值获取公钥私钥字符串去加密解密，因为传入参数需要是字符串，
     * privateKey publicKey 对象进行后续操作
     **/
    public byte[] publicKeyEncrypt(String message ,String publicKeyStr) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, UnsupportedEncodingException {

        // 初始化rsa密钥factory
        KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);

        // 根据公钥字符串初始化X509的keySpec对象
        X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyStr));

        // 根据keySpec初始化rsa公钥，以及Cipher密码器
        RSAPublicKey rsaPublicKey = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);
        Cipher cipher =Cipher.getInstance("RSA");
        cipher.init(Cipher.ENCRYPT_MODE,rsaPublicKey);

        // 返回加密后的内容
        return cipher.doFinal(message.getBytes(CHARSET));
    }

私钥解密方法 

/**
     * @description private key decrypt
     * 私钥解密：实际情况一般是私钥和公钥是提前生成好的，我们需要读取配置文件或者输入值获取公钥私钥字符串去加密解密，因为传入参数需要是字符串，
     * privateKey publicKey 对象进行后续操作
     **/
    public byte[] privateKeydecrypt(byte[] encryptBytes ,String privateKeyStr) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchPaddingException, BadPaddingException, IllegalBlockSizeException, InvalidKeySpecException {

        // 初始化rsa密钥factory
        KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);

        // 根据私钥初始化PKCS8的keySpec对象
        PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyStr));

        // 根据keySpec初始化rsa私钥，以及Cipher密码器
        RSAPrivateKey privateKey = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);
        Cipher cipher =Cipher.getInstance("RSA");
        cipher.init(Cipher.DECRYPT_MODE,privateKey);

        // 返回解密后的内容
        return cipher.doFinal(encryptBytes);
    }