前言
密钥是成对存在的,加密和解密是采用不同的密钥(公开密钥),也就是非对称密钥密码系统,每个通信方均需要两个密钥,即公钥和私钥,使用公钥进行加密操作,使用私钥进行解密操作。公钥是公开的,不需要保密,而私钥是由个人自己持有,并且必须妥善保管和注意保密。密码学里面博大精深,下面的实例仅供参考
百科的诠释如下:
公钥(Public Key)与私钥(Private Key)是通过一种算法得到的一个密钥对(即一个公钥和一个私钥),公钥是密钥对中公开的部分,私钥则是非公开的部分。公钥通常用于加密会话密钥、验证数字签名,或加密可以用相应的私钥解密的数据。通过这种算法得到的密钥对能保证在世界范围内是唯一的。使用这个密钥对的时候,如果用其中一个密钥加密一段数据,必须用另一个密钥解密。比如用公钥加密数据就必须用私钥解密,如果用私钥加密也必须用公钥解密,否则解密将不会成功。
下面是java使用公私钥加解密的实例,仅供参考
代码语言:javascript复制 /**
* 数据加密 plainTextData要加密的字符串
* @param plainTextData
* @return
* @throws Exception
*/
public static Map encrypt(String plainTextData)
throws Exception {
HashMap result = new HashMap();
// keySpec 生成对称密钥
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(128);
SecretKey secretKey = keyGenerator.generateKey();
SecretKeySpec keySpec = new SecretKeySpec(secretKey.getEncoded(), "AES");
// RSA 用对方公钥对‘对称密钥’进行加密
Cipher cipher = Cipher.getInstance("RSA");
String keyFilePathName = pertery.getProperty("bsbank_Key_path") "PublicKey.keystore";
cipher.init(Cipher.WRAP_MODE,
loadPublicKeyByStr(loadKeyByFile(keyFilePathName)));
byte[] wrappedKey = cipher.wrap(keySpec);
result.put("wrappedKey", Base64.encodeBase64String(wrappedKey));
// 加密数据
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
byte[] encryptedData = cipher.doFinal(plainTextData.getBytes("UTF-8"));
result.put("encryptedData", Base64.encodeBase64String(encryptedData));
return result;
}
/**
* 数据解密 encryptedData
* @param encryptedData
* @return
* @throws Exception
*/
public static Map decrypt(Map encryptedData)
throws Exception {
// 获取密钥
byte[] wrappedKey = Base64.decodeBase64(encryptedData.get("wrappedKey")
.toString());
HashMap result = new HashMap();
// RSA解密密钥
Cipher cipher = Cipher.getInstance("RSA");
String keyFilePathName = pertery.getProperty("bsbank_Key_path") "privateKey.keystore";//使用对方的私钥解密
cipher.init(Cipher.UNWRAP_MODE,
loadPrivateKeyByStr(loadKeyByFile(keyFilePathName)));
Key key = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY);
// 解密数据
cipher = Cipher.getInstance("AES");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] decryptedData = cipher.doFinal(Base64.decodeBase64(encryptedData
.get("encryptedData").toString()));
result.put("decryptedData", new String(decryptedData, "UTF-8"));
result.put("wrappedKey", Base64.encodeBase64String(wrappedKey));
return result;
}
private static String loadKeyByFile(String filePathName) throws Exception {
BufferedReader br = null;
StringBuilder sb = new StringBuilder();
try {
br = new BufferedReader(new FileReader(filePathName));
String readLine = null;
while ((readLine = br.readLine()) != null) {
sb.append(readLine);
}
} catch (Exception e) {
throw e;
} finally {
if (null != br) {
br.close();
}
}
return sb.toString();
}
private static RSAPublicKey loadPublicKeyByStr(String publicKeyStr)
throws Exception {
RSAPublicKey publicKey = null;
try {
byte[] buffer = Base64.decodeBase64(publicKeyStr);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
publicKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (Exception e) {
logger.error("failed to load pubKey", e);
throw e;
}
return publicKey;
}
private static RSAPrivateKey loadPrivateKeyByStr(String privateKeyStr)
throws Exception {
RSAPrivateKey privateKey = null;
try {
byte[] buffer = Base64.decodeBase64(privateKeyStr);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
privateKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (Exception e) {
logger.error("failed to loadPrivateKeyByStr", e);
throw e;
}
return privateKey;
}
/**
* 输出公私钥对
* @param filePath
* @throws Exception
*/
private static void genKeyPair(String filePath) throws Exception {
KeyPairGenerator keyPairGen = null;
try {
keyPairGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
logger.error("failed to do key gen", e);
throw e;
}
keyPairGen.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
try {
String publicKeyString = Base64.encodeBase64String(publicKey
.getEncoded());
String privateKeyString = Base64.encodeBase64String(privateKey
.getEncoded());
FileWriter pubfw = new FileWriter(filePath "/PublicKey.keystore");
FileWriter prifw = new FileWriter(filePath "/PrivateKey.keystore");
BufferedWriter pubbw = new BufferedWriter(pubfw);
BufferedWriter pribw = new BufferedWriter(prifw);
pubbw.write(publicKeyString);
pribw.write(privateKeyString);
pubbw.flush();
pubbw.close();
pubfw.close();
pribw.flush();
pribw.close();
prifw.close();
} catch (IOException e) {
logger.error("failed to genKeypair", e);
}
}