Java安全:java非对称加密源代码(RSA)
<p >鉴于rsa加密的重要性和相关源代码的匮乏,经过整理特此贴出。需要到http://www.bouncycastle.org下载bcprov-jdk14-123.jar。 <BR><BR>import javax.crypto.Cipher;<BR>import java.security.*;<BR>import java.security.spec.RSAPublicKeySpec;<BR>import java.security.spec.RSAPrivateKeySpec;<BR>import java.security.spec.InvalidKeySpecException;<BR>import java.security.interfaces.RSAPrivateKey;<BR>import java.security.interfaces.RSAPublicKey;<BR>import java.io.*;<BR>import java.math.BigInteger;<BR><BR>/**<BR> * RSA 工具类。提供加密,解密,生成密钥对等方法。<BR> * 需要到http://www.bouncycastle.org下载bcprov-jdk14-123.jar。 <BR> * @author xiaoyusong <BR> * mail: xiaoyusong@etang.com <BR> * msn:xiao_yu_song@hotmail.com <BR> * @since 2004-5-20<BR> * <BR> */ <BR>public class RSAUtil {<BR><BR> /**<BR> * 生成密钥对<BR> * @return KeyPair<BR> * @throws EncryptException<BR> */<BR> public static KeyPair generateKeyPair() throws EncryptException {<BR> try {<BR> KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA",<BR> new org.bouncycastle.jce.provider.BouncyCastleProvider());<BR> final int KEY_SIZE = 1024;//没什么好说的了,这个值关系到块加密的大小,可以更改,但是不要太大,否则效率会低<BR> keyPairGen.initialize(KEY_SIZE, new SecureRandom());<BR> KeyPair keyPair = keyPairGen.genKeyPair();<BR> return keyPair;<BR> } catch (Exception e) {<BR> throw new EncryptException(e.getMessage());<BR> }<BR> }<BR> /**<BR> * 生成公钥<BR> * @param modulus<BR> * @param publicExponent<BR> * @return RSAPublicKey<BR> * @throws EncryptException<BR> */<BR> public static RSAPublicKey generateRSAPublicKey(byte[] modulus, byte[] publicExponent) throws EncryptException {<BR> KeyFactory keyFac = null;<BR> try {<BR> keyFac = KeyFactory.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider());<BR> } catch (NoSuchAlgorithmException ex) {<BR> throw new EncryptException(ex.getMessage());<BR> }<BR><BR> RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(modulus), new BigInteger(publicExponent));<BR> try {<BR> return (RSAPublicKey) keyFac.generatePublic(pubKeySpec);<BR> } catch (InvalidKeySpecException ex) {<BR> throw new EncryptException(ex.getMessage());<BR> }<BR> }<BR> /**<BR> * 生成私钥<BR> * @param modulus<BR> * @param privateExponent<BR> * @return RSAPrivateKey<BR> * @throws EncryptException<BR> */<BR> public static RSAPrivateKey generateRSAPrivateKey(byte[] modulus, byte[] privateExponent) throws EncryptException {<BR> KeyFactory keyFac = null;<BR> try {<BR> keyFac = KeyFactory.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider());<BR> } catch (NoSuchAlgorithmException ex) {<BR> throw new EncryptException(ex.getMessage());<BR> }<BR><BR> RSAPrivateKeySpec priKeySpec = new RSAPrivateKeySpec(new BigInteger(modulus), new BigInteger(privateExponent));<BR> try {<BR> return (RSAPrivateKey) keyFac.generatePrivate(priKeySpec);<BR> } catch (InvalidKeySpecException ex) {<BR> throw new EncryptException(ex.getMessage());<BR> }<BR> }<BR> /**<BR> * 加密<BR> * @param key 加密的密钥<BR> * @param data 待加密的明文数据<BR> * @return 加密后的数据<BR> * @throws EncryptException<BR> */<BR> public static byte[] encrypt(Key key, byte[] data) throws EncryptException {<BR> try {<BR> Cipher cipher = Cipher.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider());<BR> cipher.init(Cipher.ENCRYPT_MODE, key);<BR> int blockSize = cipher.getBlockSize();//获得加密块大小,如:加密前数据为128个byte,而key_size=1024 加密块大小为127 byte,加密后为128个byte;因此共有2个加密块,第一个127 byte第二个为1个byte<BR> int outputSize = cipher.getOutputSize(data.length);//获得加密块加密后块大小<BR> int leavedSize = data.length % blockSize;<BR> int blocksSize = leavedSize != 0 ? data.length / blockSize + 1 : data.length / blockSize;<BR> byte[] raw = new byte;<BR> int i = 0;<BR> while (data.length - i * blockSize > 0) {<BR> if (data.length - i * blockSize > blockSize)<BR> cipher.doFinal(data, i * blockSize, blockSize, raw, i * outputSize);<BR> else<BR> cipher.doFinal(data, i * blockSize, data.length - i * blockSize, raw, i * outputSize);<BR>//这里面doUpdate方法不可用,查看源代码后发现每次doUpdate后并没有什么实际动作除了把byte[]放到ByteArrayOutputStream中,而最后doFinal的时候才将所有的byte[]进行加密,可是到了此时加密块大小很可能已经超出了OutputSize所以只好用dofinal方法。<BR><BR> i++;<BR> }<BR> return raw;<BR> } catch (Exception e) {<BR> throw new EncryptException(e.getMessage());<BR> }<BR> }<BR> /**<BR> * 解密<BR> * @param key 解密的密钥<BR> * @param raw 已经加密的数据<BR> * @return 解密后的明文<BR> * @throws EncryptException<BR> */<BR> public static byte[] decrypt(Key key, byte[] raw) throws EncryptException {<BR> try {<BR> Cipher cipher = Cipher.getInstance("RSA", new org.bouncycastle.jce.provider.BouncyCastleProvider());<BR> cipher.init(cipher.DECRYPT_MODE, key);<BR> int blockSize = cipher.getBlockSize();<BR> ByteArrayOutputStream bout = new ByteArrayOutputStream(64);<BR> int j = 0;<BR><BR> while (raw.length - j * blockSize > 0) {<BR> bout.write(cipher.doFinal(raw, j * blockSize, blockSize));<BR> j++;<BR> }<BR> return bout.toByteArray();<BR> } catch (Exception e) {<BR> throw new EncryptException(e.getMessage());<BR> }<BR> }<BR> /**<BR> *<BR> * @param args<BR> * @throws Exception<BR> */<BR> public static void main(String[] args) throws Exception {<BR> File file = new File("test.html");<BR> FileInputStream in = new FileInputStream(file);<BR> ByteArrayOutputStream bout = new ByteArrayOutputStream();<BR> byte[] tmpbuf = new byte;<BR> int count = 0;<BR> while ((count = in.read(tmpbuf)) != -1) {<BR> bout.write(tmpbuf, 0, count);<BR> tmpbuf = new byte;<BR> }<BR> in.close();<BR> byte[] orgData = bout.toByteArray();<BR> KeyPair keyPair = RSAUtil.generateKeyPair();<BR> RSAPublicKey pubKey = (RSAPublicKey) keyPair.getPublic();<BR> RSAPrivateKey priKey = (RSAPrivateKey) keyPair.getPrivate();<BR><BR> byte[] pubModBytes = pubKey.getModulus().toByteArray();<BR> byte[] pubPubExpBytes = pubKey.getPublicExponent().toByteArray();<BR> byte[] priModBytes = priKey.getModulus().toByteArray();<BR> byte[] priPriExpBytes = priKey.getPrivateExponent().toByteArray();<BR> RSAPublicKey recoveryPubKey = RSAUtil.generateRSAPublicKey(pubModBytes,pubPubExpBytes);<BR> RSAPrivateKey recoveryPriKey = RSAUtil.generateRSAPrivateKey(priModBytes,priPriExpBytes);<BR><BR><BR> byte[] raw = RSAUtil.encrypt(priKey, orgData);<BR> file = new File("encrypt_result.dat");<BR> OutputStream out = new FileOutputStream(file);<BR> out.write(raw);<BR> out.close();<BR> byte[] data = RSAUtil.decrypt(recoveryPubKey, raw);<BR> file = new File("decrypt_result.html");<BR> out = new FileOutputStream(file);<BR> out.write(data);<BR> out.flush();<BR> out.close();<BR> }<BR>}<BR><BR><BR>加密可以用公钥,解密用私钥;或者加密用私钥。通常非对称加密是非常消耗资源的,因此可以对大数据用对称加密如:des(具体代码可以看我以前发的贴子),而对其对称密钥进行非对称加密,这样既保证了数据的安全,还能保证效率。<BR><FONT face="Times New Roman" size=3> </FONT><p align="center"></p></p>
页:
[1]