摘自:https://www.cnblogs.com/leeego-123/p/10450339.html
首先科普一波:
RSA的1024位是指公钥及私钥分别是1024bit,也就是1024/8=128 Bytes
RSA算法密钥长度的选择是安全性和程序性能平衡的结果,密钥长度越长,安全性越好,加密解密所需时间越长。
RSA的1024位是指公钥及私钥分别是1024bit,也就是1024/8=128 Bytes
1. 非对称加密算法中1024 bit密钥的强度相当于对称加密算法80bit密钥的强度。有资料上说以当前的软硬件水平,破解1024bit的RSA加密密文,需要一套10亿美金的系 统使用若干 十年的时间,所以2015年前,1024bit的还无需太担心暴力破解的危险。
2. 密钥长度增长一倍,公钥操作所需时间增加约4倍,私钥操作所需时间增加约8倍,公私钥生成时间约增长16倍。
3. 一次能加密的密文长度与密钥长度成正比, len_in_byte(raw_data) = len_in_bit(key)/8 -11,如1024bit的密钥,一次能加密的内容长度为 1024/8 -11 = 117 byte。所以非对称加密 一般都用于加密对称加密算法的密钥,而不是直接加密内容。
4. 加密后密文的长度为密钥的长度,如密钥长度为1024b(128Byte),最后生成的密文固定为 1024b(128ByteRSA的1024位是指公钥及私钥分别是1024bit,也就是1024/8=128 Bytes
package com.handsight.platform.fras.util; import org.apache.commons.codec.binary.Base64; import org.apache.commons.io.IOUtils; import javax.crypto.Cipher; import java.io.ByteArrayOutputStream; import java.security.*; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; public class RSAUtils { public static final String CHARSET = "UTF-8"; public static final String RSA_ALGORITHM = "RSA"; public static Map<String, String> createKeys(int keySize){ //为RSA算法创建一个KeyPairGenerator对象 KeyPairGenerator kpg; try{ kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM); }catch(NoSuchAlgorithmException e){ throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]"); } //初始化KeyPairGenerator对象,密钥长度 kpg.initialize(keySize); //keySize 可以为1024 //生成密匙对 KeyPair keyPair = kpg.generateKeyPair(); //得到公钥 Key publicKey = keyPair.getPublic(); String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded()); //得到私钥 Key privateKey = keyPair.getPrivate(); String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded()); Map<String, String> keyPairMap = new HashMap<String, String>(); keyPairMap.put("publicKey", publicKeyStr); keyPairMap.put("privateKey", privateKeyStr); return keyPairMap; } /** * 得到公钥 * @param publicKey 密钥字符串(经过base64编码) * @throws Exception */ public static RSAPublicKey getPublicKey(String publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException { //通过X509编码的Key指令获得公钥对象 KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey)); RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec); return key; } /** * 得到私钥 * @param privateKey 密钥字符串(经过base64编码) * @throws Exception */ public static RSAPrivateKey getPrivateKey(String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException { //通过PKCS#8编码的Key指令获得私钥对象 KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey)); RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec); return key; } /** * 公钥加密 * @param data * @param publicKey * @return */ public static String publicEncrypt(String data, RSAPublicKey publicKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), publicKey.getModulus().bitLength())); }catch(Exception e){ throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e); } } /** * 私钥解密 * @param data * @param privateKey * @return */ public static String privateDecrypt(String data, RSAPrivateKey privateKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, privateKey); return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), privateKey.getModulus().bitLength()), CHARSET); }catch(Exception e){ throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e); } } /** * 私钥加密 * @param data * @param privateKey * @return */ public static String privateEncrypt(String data, RSAPrivateKey privateKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return Base64.encodeBase64URLSafeString(rsaSplitCodec(cipher, Cipher.ENCRYPT_MODE, data.getBytes(CHARSET), privateKey.getModulus().bitLength())); }catch(Exception e){ throw new RuntimeException("加密字符串[" + data + "]时遇到异常", e); } } /** * 公钥解密 * @param data * @param publicKey * @return */ public static String publicDecrypt(String data, RSAPublicKey publicKey){ try{ Cipher cipher = Cipher.getInstance(RSA_ALGORITHM); cipher.init(Cipher.DECRYPT_MODE, publicKey); return new String(rsaSplitCodec(cipher, Cipher.DECRYPT_MODE, Base64.decodeBase64(data), publicKey.getModulus().bitLength()), CHARSET); }catch(Exception e){ throw new RuntimeException("解密字符串[" + data + "]时遇到异常", e); } } private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){ int maxBlock = 0; if(opmode == Cipher.DECRYPT_MODE){ maxBlock = keySize / 8; }else{ maxBlock = keySize / 8 - 11; } ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] buff; int i = 0; try{ while(datas.length > offSet){ if(datas.length-offSet > maxBlock){ buff = cipher.doFinal(datas, offSet, maxBlock); }else{ buff = cipher.doFinal(datas, offSet, datas.length-offSet); } out.write(buff, 0, buff.length); i++; offSet = i * maxBlock; } }catch(Exception e){ throw new RuntimeException("加解密阀值为["+maxBlock+"]的数据时发生异常", e); } byte[] resultDatas = out.toByteArray(); IOUtils.closeQuietly(out); return resultDatas; } }
测试:
公钥加密-----------私钥解密
package com.handsight.platform.fras.aapp; import com.handsight.platform.fras.util.RSAUtils; import java.util.Map; public class TestRsa { public static void main (String[] args) throws Exception { Map<String, String> keyMap = RSAUtils.createKeys(1024); String publicKey = keyMap.get("publicKey"); String privateKey = keyMap.get("privateKey"); System.out.println("公钥: " + publicKey); System.out.println("私钥: " + privateKey); System.out.println("公钥加密——私钥解密"); String str = "站在大明门前守卫的禁卫军,事先没有接到 " + "有关的命令,但看到大批盛装的官员来临,也就 " + "以为确系举行大典,因而未加询问。进大明门即 " + "为皇城。文武百官看到端门午门之前气氛平静, " + "城楼上下也无朝会的迹象,既无几案,站队点名 " + "的御史和御前侍卫“大汉将军”也不见踪影,不免 " + "心中揣测,互相询问:所谓午朝是否讹传?"; System.out.println(" 明文: " + str); System.out.println(" 明文大小: " + str.getBytes().length); //公钥加密 String encodedData = RSAUtils.publicEncrypt(str, RSAUtils.getPublicKey(publicKey)); System.out.println("密文: " + encodedData); //私钥解密 String decodedData = RSAUtils.privateDecrypt(encodedData, RSAUtils.getPrivateKey(privateKey)); System.out.println("解密后文字: " + decodedData); } }
// 单元测试 - 私钥加密 --- 公钥解密 @Test public void test2() throws NoSuchAlgorithmException, InvalidKeySpecException { Map<String, String> keyMap = RSA1024Util.createKeys(1024); String publicKey = keyMap.get("publicKey"); String privateKey = keyMap.get("privateKey"); System.out.println("公钥:("+ Base64.decodeBase64(publicKey).length +"个字节) " + publicKey); System.out.println("私钥:("+ Base64.decodeBase64(privateKey).length +"个字节) " + privateKey); System.out.println("私钥加密 --- 公钥解密"); String str = "china"; System.out.println("明文:" + str); System.out.println("明文大小:" + str.getBytes().length); //私钥加密 String encodedData = RSA1024Util.privateEncrypt(str, RSA1024Util.getPrivateKey(privateKey)); System.out.println("密文("+ Base64.decodeBase64(encodedData).length +"个字节) " + encodedData); //公钥解密 String decodedData = RSA1024Util.publicDecrypt(encodedData, RSA1024Util.getPublicKey(publicKey)); System.out.println("解密后文字:" + decodedData); }
公钥:(162个字节) MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCD1q0F_6K3HV7ZREy9Ab6lroYC6JYP4MMMurdkx-Gra5CbE2Vxb54IDD8IlAgC1YxrnRrqhScEtDh8YIUjBCqli0k3ub92yrdFuyZWl04rineRoC94XjdweWipzAIRtlJSP7_tIcdn2DTZtAsoI2MnXhQqGcjj0YxyOlXmMNA3BwIDAQAB 私钥:(633个字节) MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAIPWrQX_orcdXtlETL0BvqWuhgLolg_gwwy6t2TH4atrkJsTZXFvnggMPwiUCALVjGudGuqFJwS0OHxghSMEKqWLSTe5v3bKt0W7JlaXTiuKd5GgL3heN3B5aKnMAhG2UlI_v-0hx2fYNNm0CygjYydeFCoZyOPRjHI6VeYw0DcHAgMBAAECgYBG8YRV0AP9SX66p3gr1P6EJW_TrNjjXm1XMjpxruWO2ukLqdpSul9tsTlSImZVMBjJ59aOEGy4qUokE8RQ3XMcsCCq7AyUvykWjHxs5u7pf9coXSIZ5i4nnZBsqiJjhPS9Ff1nFWizIvdm_W2qEmmQENRPhxkiOY_DQVEELnovIQJBALsYa0lTQMhVvOCvpeZWf1M_IWdtfsDwKStScFoP2DRZGjRmomzhlRHhTiSjNwL_Zh6ZfRpp90pfvsB2h9Qa7jkCQQC0ZJPXhTDqT5tPI7zKJLg7OQSCQple9z2yLNtOCPK8b8KOuIJVqOLoKhiOI2A754TVslYJoWD5RgPTn02kDE8_AkAakGADPC_RgeLcX_QFHTjcv_TlM3WwvSiLPxw2nVNMM252DDB5lxnMPRoUN5xC77I3HAHYMz1qMOfreajVY7F5AkAhGhuu_rfdJ0J-oTYxec98vpe_N21hackeevC7PxUb0v5GpkD0awtIQwFCg-dS1scfV5xGJCDhXSGyoZbjtYaNAkBD0eWTmKRkBMzSAaD4M7n7MdDbfB0olDlFLVo7A6Q9fqejFe83wl5rbJVJOo_YLux-RnrCpxmiosLFTwrQJmgf 私钥加密 --- 公钥解密 明文:china 明文大小:5 密文(128个字节) KdeTut-HqwPKjg85a5T5YstlGdrcR05MnfFoILZh4ngrZ6QEiWWuZHpJymxIaFBeqsRGf7HS4mSnuHsgLFsHr6DKDQ89RuLdLdNds8wVhD14ThOciTlKwO4-FiOc9ScklMsdFJNI1hPnT1c7ViPrvSxGNLFD3jZu2e9DZ7a30E0 解密后文字:china
公钥:(162个字节) MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC4PiKoYTUY36hb4zzyoPVM4zSFbFJituXzven8j7THzAkybgZLriGwsABPY03gzjmp0ZZRUDUyxtVdfJPyBPjL1JTuBYD6ismtj-3e-NvYGxaV2f4nCCqZ8wGL0YcaIRXmyJvyMcAeSQUuzd7PtqlaoPd2yxliUbg6rvwQjjNflwIDAQAB 私钥:(637个字节) MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBALg-IqhhNRjfqFvjPPKg9UzjNIVsUmK25fO96fyPtMfMCTJuBkuuIbCwAE9jTeDOOanRllFQNTLG1V18k_IE-MvUlO4FgPqKya2P7d7429gbFpXZ_icIKpnzAYvRhxohFebIm_IxwB5JBS7N3s-2qVqg93bLGWJRuDqu_BCOM1-XAgMBAAECgYEAm4Lu0_sAy1b1D2I1roIHqvdX_Ipa27GPVPXnC2Ps7nudA7D0pWp8S1uzV071jBvldh5O56Fw1cQYkkk1wyFJMawWhnPOeRUQpN6lVulNQjE3438Z0mSVJicpVBydq9_mjLEJHVwlsCK2hXRmeQYhBjxUQcQzzUzsygc6TzPwcpkCQQDgDD71xLq9NqFAUMiqWVwcHoU0xrYrFWv47NTuvUlU4fMLav8fa4pRriJPZFGdf9UIxMNUJqJjVluWO0d__DCdAkEA0oSlVQdg7UWfxH1T_kVX34ud5bfnWDIMqyxoaB0cRDAUmU2OouVH7tl3UdCy2A_LOB8DfNidIq51Vfpuytg4wwJBANEF279CmM1qKCpus6dp0utQ9gl00gOD6sXDfix1X_LXEf63Bel0VQk7IjtbZmFAH6ocl_bsTFfM-4k_KMeYqmkCQQCUexphrqKet8zIOd1UKnSgJ0lnDR8PBb4JvXimdmHJdmARALLqEe16ece-3QRHgFxFaRp8pAuwunvn-IrMZ1UhAkEAivAbSAkTp6xucwk7Dkezd8fhLGfcCzd7OWJEfAAJLOgpFqHX-tu0m-OjjC0qhVJ67U6VNC5fszrxKgNj-teiMQ 私钥加密 --- 公钥解密 明文:china 明文大小:5 密文(128个字节) QFs_7an9gg6IDbzyvMI--UHHBaLztcFFi39OLDtDK8IQMoO6Ts1nG4MAA98hN7F0YvJS9RiU-rlZwYJPAKNomOcCIB6mY4FtoKupiPYDB-7PaXmPv0K65NxKojSy-LYliu0pO8WxeIHBjqvBK7l-5-_hadmsQsxQkENuX4Gw2ZU 解密后文字:china