码迷,mamicode.com
首页 > 其他好文 > 详细

使用SHA-256和RSA 2048进行加密和签名

时间:2019-05-14 19:26:29      阅读:503      评论:0      收藏:0      [点我收藏+]

标签:创建   with   str   static   ext   new   签名   mon   tin   

介绍

由于SHA-1和RSA-1024已过时且安全性较低,因此SHA-256和RSA 2048是当前的标准。SHA-256是一种非常好的安全散列算法,非常适合在证书上使用,而2048位RSA是一种很好的签名算法(注意签名与加密不同)。使用带有SHA-256的2048位RSA是证书的安全签名方案。这将允许您生成可用于加密和解密数据的公钥和私钥。为了演示这个我创建了测试类,你可以按照指南并检查下面的代码。

RSACipher

package com.common.util;

import com.common.util.sign.encrypt.Base64;

import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;

public class RSACipher {
    private final static String CRYPTO_METHOD = "RSA";
    private final static String CYPHER = "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING";
    private final static int CRYPTO_BITS = 2048;
    private static String PUB_KEY = "PUB_KEY";
    private static String PRIVATE_KEY = "PRIVATE_KEY";
    private static String CHARSET = "UTF-8";
    /*private final static int CRYPTO_BITS = 4096; This will encrypt in 4093bits, note however that is slower.*/

    public RSACipher() {
        KeyPair kp = getKeyPair();
        PublicKey publicKey = kp.getPublic();
        byte[] publicKeyBytes = publicKey.getEncoded();
        PUB_KEY = new String(Base64.encode(publicKeyBytes));
        //Save the public key so it is not generated each and every time
        PrivateKey privateKey = kp.getPrivate();
        byte[] privateKeyBytes = privateKey.getEncoded();
        PRIVATE_KEY = new String(Base64.encode(privateKeyBytes));
        //Also Save the private key so it is not generated each and every time
    }

    public static KeyPair getKeyPair() {
        KeyPair kp = null;
        try {
            KeyPairGenerator kpg = KeyPairGenerator.getInstance(CRYPTO_METHOD);
            kpg.initialize(CRYPTO_BITS);
            kp = kpg.generateKeyPair();
        } catch (Exception e) {
            e.printStackTrace();
        }
        return kp;
    }

    public static String encrypt(String clearText) {
        String encryptedBase64 = "";
        try {
            KeyFactory keyFac = KeyFactory.getInstance(CRYPTO_METHOD);
            KeySpec
                    keySpec =
                    new X509EncodedKeySpec(Base64.decode(PUB_KEY.trim()));
            Key key = keyFac.generatePublic(keySpec);
            final Cipher cipher = Cipher.getInstance(CYPHER);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] encryptedBytes = cipher.doFinal(clearText.getBytes(CHARSET));
            encryptedBase64 = new String(Base64.encode(encryptedBytes));
        } catch (Exception e) {
            e.printStackTrace();
        }
        return encryptedBase64.replaceAll("(\\r|\\n)", "");
    }

    public static String decrypt(String encryptedBase64) {
        String decryptedString = "";
        try {
            KeyFactory keyFac = KeyFactory.getInstance(CRYPTO_METHOD);
            KeySpec keySpec = new PKCS8EncodedKeySpec(
                    Base64.decode(PRIVATE_KEY.trim()));
            Key key = keyFac.generatePrivate(keySpec);
            final Cipher cipher = Cipher.getInstance(CYPHER);
            cipher.init(Cipher.DECRYPT_MODE, key);
            byte[] encryptedBytes = Base64.decode(encryptedBase64);
            byte[] decryptedBytes = cipher.doFinal(encryptedBytes);
            decryptedString = new String(decryptedBytes);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return decryptedString;
    }

    public static void main(String[] args) {
        RSACipher rsaCipher = new RSACipher();
        System.out.println("pub_key:" + PUB_KEY);
        System.out.println("private_key:" + PRIVATE_KEY);
        System.out.println("========================");
        String encrpytMsg = rsaCipher.encrypt("helllo");
        System.out.println(encrpytMsg);
        String decryptMsg = rsaCipher.decrypt(encrpytMsg);
        System.out.println(decryptMsg);
    }
}

使用SHA-256和RSA 2048进行加密和签名

标签:创建   with   str   static   ext   new   签名   mon   tin   

原文地址:https://www.cnblogs.com/xjknight/p/10863818.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!