Java实现非对称加密算法-RSA加解密

RSA是由三位数学家Rivest、Shamir 和 Adleman 发明的非对称加密算法，这种算法非常可靠，秘钥越长，就越难破解。

目前被破解的最长RSA秘钥是768个二进制位，长度超过768位的秘钥还无法破解，但随着计算能力的增强，以后被破解到多少位还是未知数。就目前而言，1024位的秘钥属于基本安全，2048位的秘钥属于极其安全。

RSA是一种非对称加密算法，也就是加密和解密使用的不是同一把秘钥：公钥加密-私钥解密、私钥加密-公钥解密。

RSA算法在计算机网络中被普遍应用，如：https、ssh等。

该算法还可以实现应用许可证（license），有以下几个步骤：

甲方构建密钥对（公钥和私钥，公钥给对方，私钥留给自己）。

甲方使用私钥加密许可证，然后用私钥对加密的许可证进行签名，并把这些发送给乙方。

乙方使用公钥、签名来验证待解密许可证是否有效（许可的来源是否有效、许可的内容是否被篡改），如果有效使用公钥对许可证解密。

乙方使用公钥加密数据，向甲方发送经过加密后的数据；甲方获得加密数据，通过私钥解密。

注意：RSA加密要求明文最大长度117字节，解密要求密文最大长度为秘钥长度除以8（1024位秘钥 / 8 = 128，2048位秘钥 / 8 = 256），所以在加密和解密的过程中需要分块进行。

Java实现RSA：

import mons.codec.binary.Base64;import mons.codec.binary.Hex;import mons.lang3.StringUtils;import javax.crypto.Cipher;import java.io.ByteArrayOutputStream;import java.security.*;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;public class RSAUtil {private static final String KEY_ALGORITHM = "RSA"; //加密算法RSAprivate static final String SIGNATURE_ALGORITHM = "MD5withRSA"; //签名算法//RSA本身的限制：最大加密明文大小 = 117private static final int MAX_ENCRYPT_BLOCK = 117;//RSA本身的限制：最大解密密文大小 = keySize / 8 = 128 或 256private static int MAX_DECRYPT_BLOCK = 128;private enum KeyType {PUBLIC_KEY, PRIVATE_KEY}/*** 指定字符串生成密钥对(公钥和私钥)** @param randomKey 加密的密码* @param keySize 秘钥的长度：1024 或 2048* @return* @throws Exception*/public static Map<KeyType, Object> genKeyPair(String randomKey, int keySize) throws Exception {MAX_DECRYPT_BLOCK = keySize / 8;KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);if (StringUtils.isBlank(randomKey)) { //不指定密码keyPairGen.initialize(keySize);} else { //指定密码SecureRandom random = SecureRandom.getInstance("SHA1PRNG");random.setSeed(randomKey.getBytes());keyPairGen.initialize(keySize, random);}KeyPair keyPair = keyPairGen.generateKeyPair();RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();Map<KeyType, Object> keyMap = new HashMap<>(2);keyMap.put(KeyType.PUBLIC_KEY, publicKey);keyMap.put(KeyType.PRIVATE_KEY, privateKey);return keyMap;}/*** 用私钥对数据生成数字签名** @param data 已加密数据* @param privateKey 私钥(BASE64编码)* @return* @throws Exception*/public static String sign(byte[] data, String privateKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(privateKey);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);signature.initSign(privateK);signature.update(data);return Base64.encodeBase64String(signature.sign());}/*** 用公钥校验数字签名** @param data已加密数据* @param publicKey 公钥(BASE64编码)* @param sign数字签名* @return* @throws Exception*/public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {byte[] keyBytes = Base64.decodeBase64(publicKey);X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);PublicKey publicK = keyFactory.generatePublic(keySpec);Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);signature.initVerify(publicK);signature.update(data);return signature.verify(Base64.decodeBase64(sign));}/*** 私钥加密** @param data 数据* @param privateKey 私钥(BASE64编码)* @return* @throws Exception*/public static byte[] encryptByPrivateKey(byte[] data, String privateKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(privateKey);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); //获取算法cipher.init(Cipher.ENCRYPT_MODE, privateK); //设置加密模式，并指定私钥// 对数据分段加密int inputLen = data.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;byte[] buffer;int i = 0;while (inputLen - offSet > 0) {if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {buffer = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);} else {buffer = cipher.doFinal(data, offSet, inputLen - offSet);}out.write(buffer, 0, buffer.length);i++;offSet = i * MAX_ENCRYPT_BLOCK;}byte[] encryptedData = out.toByteArray();out.close();return encryptedData;}/*** 私钥解密** @param encryptedData 已加密数据* @param privateKey 私钥(BASE64编码)* @return* @throws Exception*/public static byte[] decryptByPrivateKey(byte[] encryptedData, String privateKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(privateKey);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); //获取算法cipher.init(Cipher.DECRYPT_MODE, privateK); //设置解密模式，并指定私钥// 对数据分段解密int inputLen = encryptedData.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;byte[] buffer;int i = 0;while (inputLen - offSet > 0) {if (inputLen - offSet > MAX_DECRYPT_BLOCK) {buffer = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);} else {buffer = cipher.doFinal(encryptedData, offSet, inputLen - offSet);}out.write(buffer, 0, buffer.length);i++;offSet = i * MAX_DECRYPT_BLOCK;}byte[] decryptedData = out.toByteArray();out.close();return decryptedData;}/*** 公钥加密** @param data数据* @param publicKey 公钥(BASE64编码)* @return* @throws Exception*/public static byte[] encryptByPublicKey(byte[] data, String publicKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(publicKey);X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key publicK = keyFactory.generatePublic(x509KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); //获取算法cipher.init(Cipher.ENCRYPT_MODE, publicK); //设置加密模式，并指定公钥// 对数据分段加密int inputLen = data.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;byte[] buffer;int i = 0;while (inputLen - offSet > 0) {if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {buffer = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);} else {buffer = cipher.doFinal(data, offSet, inputLen - offSet);}out.write(buffer, 0, buffer.length);i++;offSet = i * MAX_ENCRYPT_BLOCK;}byte[] encryptedData = out.toByteArray();out.close();return encryptedData;}/*** 公钥解密** @param encryptedData 已加密数据* @param publicKey公钥(BASE64编码)* @return* @throws Exception*/public static byte[] decryptByPublicKey(byte[] encryptedData, String publicKey) throws Exception {byte[] keyBytes = Base64.decodeBase64(publicKey);X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);Key publicK = keyFactory.generatePublic(x509KeySpec);Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); //获取算法cipher.init(Cipher.DECRYPT_MODE, publicK); //设置解密模式，并指定公钥// 对数据分段解密int inputLen = encryptedData.length;ByteArrayOutputStream out = new ByteArrayOutputStream();int offSet = 0;byte[] buffer;int i = 0;while (inputLen - offSet > 0) {if (inputLen - offSet > MAX_DECRYPT_BLOCK) {buffer = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);} else {buffer = cipher.doFinal(encryptedData, offSet, inputLen - offSet);}out.write(buffer, 0, buffer.length);i++;offSet = i * MAX_DECRYPT_BLOCK;}byte[] decryptedData = out.toByteArray();out.close();return decryptedData;}/*** 获取私钥** @param keyMap* @return* @throws Exception*/public static String getPrivateKey(Map<KeyType, Object> keyMap) {Key key = (Key) keyMap.get(KeyType.PRIVATE_KEY);return Base64.encodeBase64String(key.getEncoded());}/*** 获取公钥** @param keyMap* @return* @throws Exception*/public static String getPublicKey(Map<KeyType, Object> keyMap) throws Exception {Key key = (Key) keyMap.get(KeyType.PUBLIC_KEY);return Base64.encodeBase64String(key.getEncoded());}public static void main(String[] args) throws Exception {String password = "123456";//加解密的密码int keySize = 2048;//秘钥的长度：1024 或 2048Map<KeyType, Object> keyMap = RSAUtil.genKeyPair(password, keySize);String publicKey = RSAUtil.getPublicKey(keyMap);String privateKey = RSAUtil.getPrivateKey(keyMap);System.out.println("publicKey : " + publicKey);System.out.println("privateKey : " + privateKey);System.out.println();System.out.println("公钥加密 -- 私钥解密");String data = "RSA 非对称加密算法：公钥加密 -- 私钥解密";System.out.println("明文 ：" + data);byte[] encryptData = RSAUtil.encryptByPublicKey(data.getBytes(), publicKey);System.out.println("公钥加密 ：" + Hex.encodeHexString(encryptData));byte[] decryptData = RSAUtil.decryptByPrivateKey(encryptData, privateKey);System.out.println("私钥解密 ：" + new String(decryptData));System.out.println();System.out.println("私钥加密 -- 公钥解密");String data2 = "RSA 非对称加密算法：私钥加密 -- 公钥解密";System.out.println("明文 ：" + data2);byte[] encryptData2 = RSAUtil.encryptByPrivateKey(data2.getBytes(), privateKey);System.out.println("私钥加密 ：" + Hex.encodeHexString(encryptData2));byte[] decryptData2 = RSAUtil.decryptByPublicKey(encryptData2, publicKey);System.out.println("公钥解密 ：" + new String(decryptData2));System.out.println();System.out.println("私钥签名 -- 公钥验证签名");String sign = RSAUtil.sign(encryptData2, privateKey);System.out.println("私钥签名 ：" + sign);boolean status = RSAUtil.verify(encryptData2, publicKey, sign);System.out.println("公钥验证签名 ：" + status);}}