Android网络数据传输安全——实现RSA公钥加密私钥解密

2022-01-11 16:23:13 浏览数 (1)

一,整体流程

后台生成一个RSA秘钥对,包括公钥和私钥 后台将公钥字符串下发给客户端, 然后客户端用此公钥生成一个RSAPublicKey对象,再将手机号密码等数据用此对象加密, 客户端将加密的数据发送给后台, 后台将加密的数据用私钥解密。

图片来自https://blog.csdn.net/SImple_a/article/details/80185363

二,公私钥

你可以利用工具一键生成密钥对 访问支付宝官网,进入如下页面,该页面的URL:https://docs.open.alipay.com/291/105971

一般默认的公钥格式是这样的

-----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiwMSxbRias7DmFkp6V0Qx2nMG "/n AuhhR7H/wj62aufaDlUwhzaWQOKXHi SBVcTM0n qzhtt4Kmr44MHAqW8NE9Pgzx UY8S7WVLn9wEGKGpZKlSHlZUdOKUabBFbS7dyBoVTYTkhrfXnOvtJJz5KGeYPT2x dEwA78dYEmHxvmwhrwIDAQAB -----END PUBLIC KEY-----

私钥是这样的

-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKLAxLFtGJqzsOYW SnpXRDHacwYC6GFHsf/CPrZq59oOVTCHNpZA4pceL5IFVxMzSf6rOG23gqavjgwc Cpbw0T0 DPFRjxLtZUuf3AQYoalkqVIeVlR04pRpsEVtLt3IGhVNhOSGt9ec6 0k nPkoZ5g9PbF0TADvx1gSYfG bCGvAgMBAAECgYAXWeceudNs5tk7ufkHopuzN2 H bkVfJ8U/N R9kcsgOyw34T6QwlCAdCFJJyD LT6xnmljPJAvUELmM PFElpC34e5 cJUFGhwjDax18tb3LW7/MBB/XH1W 9KS5ninn3Homan1x8VIE9104QMLmj2HwDCH nI9HMXmYVhmzylNFIQJBANgvsTWq3Rw8UOXTY9uMR65Ia4Rz4fr0jyD9UIhF7j5 dEycncrI9d7XjxgEObcegR8eoCGCALMzEmXyjcDbov8CQQDAuemo/OmHLqpA8tQm MHhvSdLxV0lruez3ok1gFuqwTtMxBsipLFVkTZMnMqnKY/ZDqFDrXOpom7yvEy5p BXFRAkAxDTEyMiCVRYI9g2dG619gRgJPPVPq8w5 t7tMEEHsYBjXQTn0RwCynUpU crD9wagefX5r2 l4v3/PLefH I3VAkBvcpLmP qjW57klAeOVfUvFde/7CPvAcNA qEBqUpZAgjSqYyvieFqg CMiRa/d89RS56BzmnWLLJP Ae Sl60hAkEAuhheSdjL vaVUq5UZPEtqZAuIRbQHETU7/INSViJeKvaSg9MuXJUG0f98HweMRLxHr1TjcX1c MGojP9s2ME7b3A== -----END PRIVATE KEY-----

可以看到都有一个头部和尾部用来表示是公私钥。 但是java中用收到的用于生成加密的对象接收的公钥自串是要把头和尾去掉的也就是这样 去掉头和尾

代码语言:javascript复制
public static final String publickkey =MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCiwMSxbRias7DmFkp6V0Qx2nMG 
AuhhR7H/wj62aufaDlUwhzaWQOKXHi SBVcTM0n qzhtt4Kmr44MHAqW8NE9Pgzx
UY8S7WVLn9wEGKGpZKlSHlZUdOKUabBFbS7dyBoVTYTkhrfXnOvtJJz5KGeYPT2x
dEwA78dYEmHxvmwhrwIDAQAB

三,执行代码

下面是RSAUtil 工具类的代码

代码语言:javascript复制
/**
 * @author: 程龙 on 2019/3/13.
 * bolg:  https://me.csdn.net/qq_25749749
 * RSA算法,实现数据的加密解密。 
 */
public class RSAUtil {

    /**
     *  使用私钥解密
     * @param content
     * @param private_key
     * @param input_charset
     * @return
     * @throws Exception
     */
    public static String decrypt(String content, String private_key, String input_charset) throws Exception {
        PrivateKey prikey = getPrivateKey(private_key);

        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(Cipher.DECRYPT_MODE, prikey);

        InputStream ins = new ByteArrayInputStream(Base64Util.decode(content));
        ByteArrayOutputStream writer = new ByteArrayOutputStream();
        byte[] buf = new byte[128];
        int bufl;

        while ((bufl = ins.read(buf)) != -1) {
            byte[] block = null;

            if (buf.length == bufl) {
                block = buf;
            } else {
                block = new byte[bufl];
                for (int i = 0; i < bufl; i  ) {
                    block[i] = buf[i];
                }
            }

            writer.write(cipher.doFinal(block));
        }

        return new String(writer.toByteArray(), input_charset);
    }

    /**
     * 获得私钥
     *
     * @param key
     *            私钥
     * @throws Exception
     */
    public static PrivateKey getPrivateKey(String key) throws Exception {

        byte[] keyBytes;

        keyBytes = Base64Util.decode(key);

        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

        return privateKey;
    }

    /**
     * 得到公钥
     *
     * @param bysKey
     * @return
     */
    private static PublicKey getPublicKeyFromX509(String bysKey) throws NoSuchAlgorithmException, Exception {
        byte[] decodedKey = Base64Util.decode(bysKey);
        X509EncodedKeySpec x509 = new X509EncodedKeySpec(decodedKey);

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        return keyFactory.generatePublic(x509);
    }

    /**
     * 使用公钥加密
     *
     * @param content 密文
     * @param pub_key 公钥
     * @return
     */
    public static String encryptByPublic(String content, String pub_key) {
        try {
            PublicKey pubkey = getPublicKeyFromX509(pub_key);

            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(Cipher.ENCRYPT_MODE, pubkey);

            byte plaintext[] = content.getBytes("UTF-8");
            byte[] output = cipher.doFinal(plaintext);

            String s = new String(Base64Util.encode(output));

            return s;

        } catch (Exception e) {
            return null;
        }
    }
}

在这里提供Base64Util 的工具类

代码语言:javascript复制
public final class Base64Util {

    static private final int     BASELENGTH           = 128;
    static private final int     LOOKUPLENGTH         = 64;
    static private final int     TWENTYFOURBITGROUP   = 24;
    static private final int     EIGHTBIT             = 8;
    static private final int     SIXTEENBIT           = 16;
    static private final int     FOURBYTE             = 4;
    static private final int     SIGN                 = -128;
    static private final char    PAD                  = '=';
    static private final boolean fDebug               = false;
    static final private byte[]  base64Alphabet       = new byte[BASELENGTH];
    static final private char[]  lookUpBase64Alphabet = new char[LOOKUPLENGTH];

    static {
        for (int i = 0; i < BASELENGTH;   i) {
            base64Alphabet[i] = -1;
        }
        for (int i = 'Z'; i >= 'A'; i--) {
            base64Alphabet[i] = (byte) (i - 'A');
        }
        for (int i = 'z'; i >= 'a'; i--) {
            base64Alphabet[i] = (byte) (i - 'a'   26);
        }

        for (int i = '9'; i >= '0'; i--) {
            base64Alphabet[i] = (byte) (i - '0'   52);
        }

        base64Alphabet[' '] = 62;
        base64Alphabet['/'] = 63;

        for (int i = 0; i <= 25; i  ) {
            lookUpBase64Alphabet[i] = (char) ('A'   i);
        }

        for (int i = 26, j = 0; i <= 51; i  , j  ) {
            lookUpBase64Alphabet[i] = (char) ('a'   j);
        }

        for (int i = 52, j = 0; i <= 61; i  , j  ) {
            lookUpBase64Alphabet[i] = (char) ('0'   j);
        }
        lookUpBase64Alphabet[62] = (char) ' ';
        lookUpBase64Alphabet[63] = (char) '/';

    }

    private static boolean isWhiteSpace(char octect) {
        return (octect == 0x20 || octect == 0xd || octect == 0xa || octect == 0x9);
    }

    private static boolean isPad(char octect) {
        return (octect == PAD);
    }

    private static boolean isData(char octect) {
        return (octect < BASELENGTH && base64Alphabet[octect] != -1);
    }

    /**
     * Encodes hex octects into Base64
     *
     * @param binaryData Array containing binaryData
     * @return Encoded Base64 array
     */
    public static String encode(byte[] binaryData) {

        if (binaryData == null) {
            return null;
        }

        int lengthDataBits = binaryData.length * EIGHTBIT;
        if (lengthDataBits == 0) {
            return "";
        }

        int fewerThan24bits = lengthDataBits % TWENTYFOURBITGROUP;
        int numberTriplets = lengthDataBits / TWENTYFOURBITGROUP;
        int numberQuartet = fewerThan24bits != 0 ? numberTriplets   1 : numberTriplets;
        char encodedData[] = null;

        encodedData = new char[numberQuartet * 4];

        byte k = 0, l = 0, b1 = 0, b2 = 0, b3 = 0;

        int encodedIndex = 0;
        int dataIndex = 0;
        if (fDebug) {
            System.out.println("number of triplets = "   numberTriplets);
        }

        for (int i = 0; i < numberTriplets; i  ) {
            b1 = binaryData[dataIndex  ];
            b2 = binaryData[dataIndex  ];
            b3 = binaryData[dataIndex  ];

            if (fDebug) {
                System.out.println("b1= "   b1   ", b2= "   b2   ", b3= "   b3);
            }

            l = (byte) (b2 & 0x0f);
            k = (byte) (b1 & 0x03);

            byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0);
            byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0);
            byte val3 = ((b3 & SIGN) == 0) ? (byte) (b3 >> 6) : (byte) ((b3) >> 6 ^ 0xfc);

            if (fDebug) {
                System.out.println("val2 = "   val2);
                System.out.println("k4   = "   (k << 4));
                System.out.println("vak  = "   (val2 | (k << 4)));
            }

            encodedData[encodedIndex  ] = lookUpBase64Alphabet[val1];
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[val2 | (k << 4)];
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[(l << 2) | val3];
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[b3 & 0x3f];
        }

        // form integral number of 6-bit groups
        if (fewerThan24bits == EIGHTBIT) {
            b1 = binaryData[dataIndex];
            k = (byte) (b1 & 0x03);
            if (fDebug) {
                System.out.println("b1="   b1);
                System.out.println("b1<<2 = "   (b1 >> 2));
            }
            byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0);
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[val1];
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[k << 4];
            encodedData[encodedIndex  ] = PAD;
            encodedData[encodedIndex  ] = PAD;
        } else if (fewerThan24bits == SIXTEENBIT) {
            b1 = binaryData[dataIndex];
            b2 = binaryData[dataIndex   1];
            l = (byte) (b2 & 0x0f);
            k = (byte) (b1 & 0x03);

            byte val1 = ((b1 & SIGN) == 0) ? (byte) (b1 >> 2) : (byte) ((b1) >> 2 ^ 0xc0);
            byte val2 = ((b2 & SIGN) == 0) ? (byte) (b2 >> 4) : (byte) ((b2) >> 4 ^ 0xf0);

            encodedData[encodedIndex  ] = lookUpBase64Alphabet[val1];
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[val2 | (k << 4)];
            encodedData[encodedIndex  ] = lookUpBase64Alphabet[l << 2];
            encodedData[encodedIndex  ] = PAD;
        }

        return new String(encodedData);
    }

    /**
     * Decodes Base64 data into octects
     *
     * @param encoded string containing Base64 data
     * @return Array containind decoded data.
     */
    public static byte[] decode(String encoded) {

        if (encoded == null) {
            return null;
        }

        char[] base64Data = encoded.toCharArray();
        // remove white spaces
        int len = removeWhiteSpace(base64Data);

        if (len % FOURBYTE != 0) {
            return null;//should be divisible by four
        }

        int numberQuadruple = (len / FOURBYTE);

        if (numberQuadruple == 0) {
            return new byte[0];
        }

        byte decodedData[] = null;
        byte b1 = 0, b2 = 0, b3 = 0, b4 = 0;
        char d1 = 0, d2 = 0, d3 = 0, d4 = 0;

        int i = 0;
        int encodedIndex = 0;
        int dataIndex = 0;
        decodedData = new byte[(numberQuadruple) * 3];

        for (; i < numberQuadruple - 1; i  ) {

            if (!isData((d1 = base64Data[dataIndex  ])) || !isData((d2 = base64Data[dataIndex  ]))
                || !isData((d3 = base64Data[dataIndex  ]))
                || !isData((d4 = base64Data[dataIndex  ]))) {
                return null;
            }//if found "no data" just return null

            b1 = base64Alphabet[d1];
            b2 = base64Alphabet[d2];
            b3 = base64Alphabet[d3];
            b4 = base64Alphabet[d4];

            decodedData[encodedIndex  ] = (byte) (b1 << 2 | b2 >> 4);
            decodedData[encodedIndex  ] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
            decodedData[encodedIndex  ] = (byte) (b3 << 6 | b4);
        }

        if (!isData((d1 = base64Data[dataIndex  ])) || !isData((d2 = base64Data[dataIndex  ]))) {
            return null;//if found "no data" just return null
        }

        b1 = base64Alphabet[d1];
        b2 = base64Alphabet[d2];

        d3 = base64Data[dataIndex  ];
        d4 = base64Data[dataIndex  ];
        if (!isData((d3)) || !isData((d4))) {//Check if they are PAD characters
            if (isPad(d3) && isPad(d4)) {
                if ((b2 & 0xf) != 0)//last 4 bits should be zero
                {
                    return null;
                }
                byte[] tmp = new byte[i * 3   1];
                System.arraycopy(decodedData, 0, tmp, 0, i * 3);
                tmp[encodedIndex] = (byte) (b1 << 2 | b2 >> 4);
                return tmp;
            } else if (!isPad(d3) && isPad(d4)) {
                b3 = base64Alphabet[d3];
                if ((b3 & 0x3) != 0)//last 2 bits should be zero
                {
                    return null;
                }
                byte[] tmp = new byte[i * 3   2];
                System.arraycopy(decodedData, 0, tmp, 0, i * 3);
                tmp[encodedIndex  ] = (byte) (b1 << 2 | b2 >> 4);
                tmp[encodedIndex] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
                return tmp;
            } else {
                return null;
            }
        } else { //No PAD e.g 3cQl
            b3 = base64Alphabet[d3];
            b4 = base64Alphabet[d4];
            decodedData[encodedIndex  ] = (byte) (b1 << 2 | b2 >> 4);
            decodedData[encodedIndex  ] = (byte) (((b2 & 0xf) << 4) | ((b3 >> 2) & 0xf));
            decodedData[encodedIndex  ] = (byte) (b3 << 6 | b4);

        }

        return decodedData;
    }

    /**
     * remove WhiteSpace from MIME containing encoded Base64 data.
     *
     * @param data  the byte array of base64 data (with WS)
     * @return      the new length
     */
    private static int removeWhiteSpace(char[] data) {
        if (data == null) {
            return 0;
        }

        // count characters that's not whitespace
        int newSize = 0;
        int len = data.length;
        for (int i = 0; i < len; i  ) {
            if (!isWhiteSpace(data[i])) {
                data[newSize  ] = data[i];
            }
        }
        return newSize;
    }
}

以上是安卓实现RSA公钥加密私钥解密的过程,有什么问题欢迎大家来讨论

0 人点赞