前言
公司项目需要对接国家市抽(器检市抽)表示必须使用3des加密来data(响应重要数据)以及使用rsa进行验证签名。
3des是什么?
DES全称为Data Encryption Standard,对称加密
,即数据加密标准,是一种使用密钥加密的块算法,1977年被美国联邦政府的国家标准局确定为联邦资料处理标准(FIPS),并授权在非密级政府通信中使用,随后该算法在国际上广泛流传开来。
3DES就是三重DES,它相当于是对每个数据块应用三次DES加密算法,
3DES加密过程为:C=Ek3(Dk2(Ek1(M)))
3DES解密过程为:M=Dk1(EK2(Dk3(C)))
3des代码示例演示
代码语言:java复制public class DesUtil {
private static final Logger logger = Logger.getLogger(DesUtil.class);
private static final String ALGORITHM = "DESede";
/**
* 获取16进制随机数
* 密钥key
*
* @param len
* @return
*/
public static String randomHexString(int len) {
try {
StringBuilder result = new StringBuilder();
for (int i = 0; i < len; i ) {
result.append(Integer.toHexString(new Random().nextInt(16)));
}
return result.toString().toUpperCase();
} catch (Exception e) {
// TODO: handle exception
e.printStackTrace();
}
return null;
}
@Test
public void one() {
// 获取私钥
// String s1 = randomHexString(48);
// 48 位 key
String privateKey = "E825FD03506807064F4526D9033BB643DC8D118E8D7B761C";
try {
String s = encryptMode("yangbuyi", privateKey);
System.out.println("加密:" s);
String s1 = decryptMode(s, privateKey);
System.out.println("解密:" s1);
} catch (Exception e) {
e.printStackTrace();
}
}
}
/***************************************************市抽提供************************************************/
/**
* * @Description: 3DES加密,用户对请求体加密
* * @param data 待加密内容
* * @param desKey 密钥
* <p>
* * @return String
*/
public static String encryptMode(String data, String desKey) throws Exception {
Date startDate = new Date();
logger.info("encryptMode begin : " startDate);
SecretKey deskey = new SecretKeySpec(Hex.decodeHex(desKey.toCharArray()), ALGORITHM);
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, deskey);
byte[] bytes = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8));
String encryptTxt = Base64.encodeBase64String(bytes);
logger.info("encryptMode run end(s) : " startDate);
return encryptTxt;
}
/****
* 3DES解密
* @param encryptTxt 待解密内容
* @return String
* @date 2019/8/1
* */
public static String decryptMode(String encryptTxt, String desKey) throws Exception {
Date startDate = new Date();
logger.info("decryptMode begin : " startDate);
SecretKey deskey = new SecretKeySpec(Hex.decodeHex(desKey.toCharArray()), ALGORITHM);
Cipher cipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");
cipher.init(Cipher.DECRYPT_MODE, deskey);
// 进行解密
byte[] bytes = cipher.doFinal(Base64.decodeBase64(encryptTxt));
String decryptTxt = new String(bytes, StandardCharsets.UTF_8);
logger.info("decryptMode run end(s) : " startDate);
return decryptTxt;
}
ras加密是什么?
RSA又叫非对称加密算法,这类加密算法有一对秘钥,其中一个用来加密一个用来解密。这一对秘钥中你可以选择一个作为私钥(自己保存),另一个作为公钥(对外公开)。用私钥加密的内容只能用对应的公钥解密,反之用公钥加密的内容只能用对应的私钥解密。还有一种对称加密算法,其加密秘钥和解密秘钥为同一个秘钥,比如DES。
代码示例
代码语言:java复制public class RsaSignUtil {
private static final Logger logger = Logger.getLogger(RsaSignUtil.class);
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 获取密钥对
*
* @return 密钥对
*/
public static KeyPair getKeyPair() throws Exception {
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
return generator.generateKeyPair();
}
/***
* 获取私钥
* @param privateKey 私钥字符串
* @return PrivateKey
**/
public static PrivateKey getPrivateKey(String privateKey) throws Exception {
Date startDate = new Date();
logger.info("getPrivateKey begin : " startDate);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] decodedKey = Base64.decodeBase64(privateKey.getBytes());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey);
logger.info("getPrivateKey run end(s) : " startDate);
return keyFactory.generatePrivate(keySpec);
}
/***
* 获取公钥
* @param publicKey 公钥字符串
* @return PublicKey
* */
public static PublicKey getPublicKey(String publicKey) throws Exception {
Date startDate = new Date();
logger.info("getPublicKey begin : " startDate);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
byte[] decodedKey = Base64.decodeBase64(publicKey.getBytes());
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey);
logger.info("getPublicKey run end(s) : " (startDate));
return keyFactory.generatePublic(keySpec);
}
/***
* 生成签名
* @param data 待签名数据
* @param privateKey 私钥
* @return 签名
* */
public static String sign(String data, PrivateKey privateKey) throws Exception {
Date startDate = new Date();
logger.info("sign begin : " startDate);
byte[] keyBytes = privateKey.getEncoded();
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey key = keyFactory.generatePrivate(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(key);
signature.update(data.getBytes());
logger.info("sign run end(s) : " (startDate));
return new String(Base64.encodeBase64(signature.sign()));
}
/***
* 验签
* @param publicMap 原始待签名组装字符串
* @param publicKey 公钥
* @return 是否验签通过
* */
public static boolean verify(Map publicMap, PublicKey publicKey) throws Exception {
String sign = String.valueOf(publicMap.get("sign"));
String appid = String.valueOf(publicMap.get("appId"));
String data = String.valueOf(publicMap.get("data"));
String timestamp = String.valueOf(publicMap.get("timestamp"));
String waitData = appid data timestamp;
Date startDate = new Date();
logger.info("verify begin : " startDate);
byte[] keyBytes = publicKey.getEncoded();
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey key = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance("MD5withRSA");
signature.initVerify(key);
signature.update(waitData.getBytes());
logger.info("verify run end(s) : " (startDate));
return signature.verify(Base64.decodeBase64(sign.getBytes()));
}
}
模拟数据传输的格式
代码语言:javascript复制{
"appId": "test",
"data": "真正要传输的数据经过3DES加密后密文",
"timestamp": 123213123,
"sign": "AppId&3DES加密后密文×tamp => 生成签名值"
}
传输结果反馈的格式:以下内容整体使用3DES加密传回的3DES密文!
代码语言:javascript复制{
"code": 20000,
"msg": "数据处理成功",
"data": "如有必要数据则加密回传"
}
测试ras加密
代码语言:java复制 // 3desc 私钥 可自行生成
String descPrivate = "E825FD03506807064F4526D9033BB643DC8D118E8D7B761C";
@Test
public void test() throws Exception {
// 生成密钥对
KeyPair keyPair = getKeyPair();
String privateKey = new String(Base64.encodeBase64(keyPair.getPrivate().getEncoded()));
String publicKey = new String(Base64.encodeBase64(keyPair.getPublic().getEncoded()));
System.out.println("私钥:" privateKey);
System.out.println("公钥:" publicKey);
Map<String, Object> map = new HashMap<>();
// 组装数据传输
String appid = "test";
Timestamp timestamp = DateUtil.date().toTimestamp();
map.put("appId", appid);
// 加密data数据(3des)
String s = DesUtil.encryptMode("你要对称加密的敏感数据", descPrivate);
map.put("data", s);
map.put("timestamp", timestamp.getTime());
// 组装签名 私钥签名
// 获取签名
String waitingSign = appid s timestamp.getTime();
try {
// 生成签名
map.put("sign", sign(waitingSign, getPrivateKey(privateKey)));
} catch (Exception e) {
e.printStackTrace();
}
System.out.println("最终加密:" JsonUtils.toJsonStr(map));
// 解密
String publicJson = JsonUtils.toJsonStr(map);
Map publicMap = JsonUtils.toObject(publicJson, map.getClass());
// 获取data数据
String publicData = DesUtil.decryptMode(publicMap.get("data").toString(), descPrivate);
System.out.println("最终解密:" publicData);
// RSA验签
boolean result = verify(publicMap, getPublicKey(publicKey));
System.out.print("验签结果:" result);
}