前言
密钥是成对存在的,加密和解密是采用不同的密钥(公开密钥),也就是非对称密钥密码系统,每个通信方均需要两个密钥,即公钥和私钥,使用公钥进行加密操作,使用私钥进行解密操作。公钥是公开的,不需要保密,而私钥是由个人自己持有,并且必须妥善保管和注意保密。密码学里面博大精深,下面的实例仅供参考
公钥(Public Key)与私钥(Private Key)是通过一种算法得到的一个密钥对(即一个公钥和一个私钥),公钥是密钥对中公开的部分,私钥则是非公开的部分。公钥通常用于加密会话密钥、验证数字签名,或加密可以用相应的私钥解密的数据。通过这种算法得到的密钥对能保证在世界范围内是唯一的。使用这个密钥对的时候,如果用其中一个密钥加密一段数据,必须用另一个密钥解密。比如用公钥加密数据就必须用私钥解密,如果用私钥加密也必须用公钥解密,否则解密将不会成功。
下面是java使用公私钥加解密的实例,仅供参考
/** * 数据加密 plainTextData要加密的字符串 * @param plainTextData * @return * @throws Exception */ public static Mapencrypt(String plainTextData) throws Exception { HashMap result = new HashMap(); // keySpec 生成对称密钥 KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); SecretKey secretKey = keyGenerator.generateKey(); SecretKeySpec keySpec = new SecretKeySpec(secretKey.getEncoded(), "AES"); // RSA 用对方公钥对‘对称密钥’进行加密 Cipher cipher = Cipher.getInstance("RSA"); String keyFilePathName = pertery.getProperty("bsbank_Key_path")+"PublicKey.keystore"; cipher.init(Cipher.WRAP_MODE, loadPublicKeyByStr(loadKeyByFile(keyFilePathName))); byte[] wrappedKey = cipher.wrap(keySpec); result.put("wrappedKey", Base64.encodeBase64String(wrappedKey)); // 加密数据 cipher = Cipher.getInstance("AES"); cipher.init(Cipher.ENCRYPT_MODE, keySpec); byte[] encryptedData = cipher.doFinal(plainTextData.getBytes("UTF-8")); result.put("encryptedData", Base64.encodeBase64String(encryptedData)); return result; } /** * 数据解密 encryptedData * @param encryptedData * @return * @throws Exception */ public static Map decrypt(Map encryptedData) throws Exception { // 获取密钥 byte[] wrappedKey = Base64.decodeBase64(encryptedData.get("wrappedKey") .toString()); HashMap result = new HashMap(); // RSA解密密钥 Cipher cipher = Cipher.getInstance("RSA"); String keyFilePathName = pertery.getProperty("bsbank_Key_path")+"privateKey.keystore";//使用对方的私钥解密 cipher.init(Cipher.UNWRAP_MODE, loadPrivateKeyByStr(loadKeyByFile(keyFilePathName))); Key key = cipher.unwrap(wrappedKey, "AES", Cipher.SECRET_KEY); // 解密数据 cipher = Cipher.getInstance("AES"); cipher.init(Cipher.DECRYPT_MODE, key); byte[] decryptedData = cipher.doFinal(Base64.decodeBase64(encryptedData .get("encryptedData").toString())); result.put("decryptedData", new String(decryptedData, "UTF-8")); result.put("wrappedKey", Base64.encodeBase64String(wrappedKey)); return result; } private static String loadKeyByFile(String filePathName) throws Exception { BufferedReader br = null; StringBuilder sb = new StringBuilder(); try { br = new BufferedReader(new FileReader(filePathName)); String readLine = null; while ((readLine = br.readLine()) != null) { sb.append(readLine); } } catch (Exception e) { throw e; } finally { if (null != br) { br.close(); } } return sb.toString(); } private static RSAPublicKey loadPublicKeyByStr(String publicKeyStr) throws Exception { RSAPublicKey publicKey = null; try { byte[] buffer = Base64.decodeBase64(publicKeyStr); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer); publicKey = (RSAPublicKey) keyFactory.generatePublic(keySpec); } catch (Exception e) { logger.error("failed to load pubKey", e); throw e; } return publicKey; } private static RSAPrivateKey loadPrivateKeyByStr(String privateKeyStr) throws Exception { RSAPrivateKey privateKey = null; try { byte[] buffer = Base64.decodeBase64(privateKeyStr); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer); privateKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec); } catch (Exception e) { logger.error("failed to loadPrivateKeyByStr", e); throw e; } return privateKey; } /** * 输出公私钥对 * @param filePath * @throws Exception */ private static void genKeyPair(String filePath) throws Exception { KeyPairGenerator keyPairGen = null; try { keyPairGen = KeyPairGenerator.getInstance("RSA"); } catch (NoSuchAlgorithmException e) { logger.error("failed to do key gen", e); throw e; } keyPairGen.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGen.generateKeyPair(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); try { String publicKeyString = Base64.encodeBase64String(publicKey .getEncoded()); String privateKeyString = Base64.encodeBase64String(privateKey .getEncoded()); FileWriter pubfw = new FileWriter(filePath + "/PublicKey.keystore"); FileWriter prifw = new FileWriter(filePath + "/PrivateKey.keystore"); BufferedWriter pubbw = new BufferedWriter(pubfw); BufferedWriter pribw = new BufferedWriter(prifw); pubbw.write(publicKeyString); pribw.write(privateKeyString); pubbw.flush(); pubbw.close(); pubfw.close(); pribw.flush(); pribw.close(); prifw.close(); } catch (IOException e) { logger.error("failed to genKeypair", e); } }