关于如何使用Java模拟出区块链(联盟链设计)的公私钥加密。
1.技术:前端Vue.js+服务端Spring boot
2.想要实现的效果:
当一个节点登录网站,并完成下单交易。此时需要加密交易的订单信息,然后储存进MySql内。当超级节点确认交易信息时,网页上需要显示已经解密的交易信息。
首先需要生成RSA公私钥对,保存成全局,然后前端使用jsEncrypt设置全局公钥加密订单信息,后端用私钥解密。
前端首先下载JsEncrypt.js文件 然后在main.js内挂成全局。就可以在每个组件内调用jsEncrypt
main.js文件:
import JsEncrypt from 'jsencrypt/bin/jsencrypt'
Vue.prototype.$jsEncrypt = JsEncrypt
组件内使用:
let jse = this.$jsEncrypt;
jse.prototype.setPublicKey( this.pubKey);//设置公钥
jse.prototype.encrypt("123456")//加密内容
这样前端就加密成功了。
后端解密需要注意的地方:
1.一定要先把私钥依据Base64加密,然后才能使用Base64加密后的私钥解密
2.如果密文过长,需要分段解密。
3.一定要注意公私钥是一对。
这里记录一个遇到的小问题:
1.在写单元测试的时候,由于代码热部署,导致每次系统重新加载,导致我设置的公私钥一直发生变化,一直无法解密成功。
2.还有就是前段加密的时候,设置公钥被我改成这样,导致公私钥对应不上,无法解密成功。
jse.prototype.setPublicKey('-----BEGIN PUBLIC KEY-----' + this.pubKey+ '-----END PUBLIC KEY-----');
出现:javax.crypto.BadPaddingException: Decryption error这个错误
的根本原因就是解密的数据发生错误了。
根据源码来说,要想解密需要提供2个参数,一个是密文,一个私钥。
密文的最大长度,分别是加密1024字节下的128bit和2048下的256bit。如果超过这个字节长度,就需要分段解密。
还有就是私钥了。私钥不正确,肯定是也是解密不成功的。
所以如果出现了Decryption error这个错误,不是密文错误,就是你传入的钥匙不正确。
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
Cipher.getInstance("RSA");//是配置RSA加密模式
init是初始化cipher,DECRYPT_MODE有7个模式,用来表明cipher需要传入的钥匙是什么。2是私钥。
密文在传入解密容器前,一定要先使用Base64封装一下。不能直接.getBytes()传入。
关于byte[]与String 相互转化
byte [] a = str.getBytes();
String str = new String(a);
下面给一个RSA加密算法工具类:
public class JsEncryptRSAUtil {
public static final Provider provider = new BouncyCastleProvider();
private static final String PUBLIC_KEY = "RSAPublicKey";
private static final String PRIVATE_KEY = "RSAPrivateKey";
private static final String charSet = "UTF-8";
public static final String KEY_ALGORITHM = "RSA";
// 种子,改变后,生成的密钥对会发生变化
//private static final String seedKey = "seedKey";
/**
* RSA最大加密明文大小
*/
private static final int MAX_ENCRYPT_BLOCK = 117;
/**
* RSA最大解密密文大小
*/
private static final int MAX_DECRYPT_BLOCK = 128;
/**
* 生成密钥对(公钥和私钥)
* @return
* @throws Exception
*/
public static synchronized Map<String, Object> generateKeyPair() throws Exception {
KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_ALGORITHM, provider);
kpg.initialize(1024, new SecureRandom());
KeyPair keyPair = kpg.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
public static PublicKey getPublicRSAKey(String modulus, String exponent)
throws Exception {
RSAPublicKeySpec spec = new RSAPublicKeySpec(
new BigInteger(modulus, 16), new BigInteger(exponent, 16));
KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
return kf.generatePublic(spec);
}
/**
* 获取公钥
* @param key base64加密后的公钥
* @return
* @throws Exception
*/
public static PublicKey getPublicRSAKey(String key) throws Exception {
X509EncodedKeySpec x509 = new X509EncodedKeySpec(decryptBase64(key));
KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
return kf.generatePublic(x509);
}
/**
* 获取私钥
* @param key base64加密后的私钥
* @return
* @throws Exception
*/
public static PrivateKey getPrivateRSAKey(String key) throws Exception {
PKCS8EncodedKeySpec pkgs8 = new PKCS8EncodedKeySpec(decryptBase64(key));
KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
return kf.generatePrivate(pkgs8);
}
/**
* 加密
* @param input 明文
* @param publicKey 公钥
* @return
* @throws Exception
*/
public static byte[] encrypt(String input, PublicKey publicKey)
throws Exception {
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", provider);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] re = cipher.doFinal(input.getBytes(charSet));
return re;
}
/**
* 解密
* @param encrypted
* @param privateKey
* @return
* @throws Exception
*/
public static byte[] decrypt(byte[] encrypted, PrivateKey privateKey)
throws Exception {
Cipher cipher = Cipher.getInstance("RSA");
System.out.println("传递后的私钥:"+privateKey);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
//System.out.println("2解密后的数据:"+encrypted);
//cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] re = cipher.doFinal(encrypted);
return re;
}
private static byte[] rsaSplitCodec(Cipher cipher, int opmode, byte[] datas, int keySize){
int maxBlock = 0;
if(opmode == Cipher.DECRYPT_MODE){
maxBlock = keySize / 8;
}else{
maxBlock = keySize / 8 - 11;
}
ByteArrayOutputStream out = new ByteArrayOutputStream();
int offSet = 0;
byte[] buff;
int i = 0;
try{
while(datas.length > offSet){
if(datas.length-offSet > maxBlock){
buff = cipher.doFinal(datas, offSet, maxBlock);
}else{
buff = cipher.doFinal(datas, offSet, datas.length-offSet);
}
out.write(buff, 0, buff.length);
i++;
offSet = i * maxBlock; }
}catch(Exception e){
throw new RuntimeException("加解密阀值为["+maxBlock+"]的数据时发生异常", e);
}
byte[] resultDatas = out.toByteArray();
IOUtils.closeQuietly(out);
return resultDatas;
}
/**
* base64加密
* @param key
* @return
* @throws Exception
*/
public static byte[] decryptBase64(String key) throws Exception {
return (new BASE64Decoder()).decodeBuffer(key);
}
/**
* base64解密
* @param key
* @return
* @throws Exception
*/
public static String encryptBase64(byte[] key) throws Exception {
return (new BASE64Encoder()).encodeBuffer(key);
}
public static String getPrivateKey(Map<String, Object> keyMap)
throws Exception {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return encryptBase64(key.getEncoded());
}
public static String getPublicKey(Map<String, Object> keyMap)
throws Exception {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return encryptBase64(key.getEncoded());
}
/**
* 分段解密
* @param jsonEncryptStr 密文 格式 base64(rsa(明文)),base64(rsa(明文)),base64(rsa(明文))
* @param privateKey base64加密后的秘钥
* @return
* @throws Exception
*/
public static String segmentdecrypt(String jsonEncryptStr, String privateKey) throws Exception {
String jsonStr = "";
String[] str = jsonEncryptStr.split(",");
System.out.println("数据长度:"+str.length);
if(str !=null && str.length > 0) {
int inputLen = str.length;
ByteArrayOutputStream out = new ByteArrayOutputStream();
byte[] cache;
int i = 0;
// 对数据分段解密
while (inputLen - 1 >= 0) {
byte[] bt = JsEncryptRSAUtil.decryptBase64(str[i]);
System.out.println("Base64解密数据:"+bt.toString());
//cache = JsEncryptRSAUtil.decrypt(bt, JsEncryptRSAUtil.getPrivateKey(privateKey));
cache = JsEncryptRSAUtil.decrypt(bt,getPrivateRSAKey(privateKey));
String a = new String(cache);
System.out.println("解密数据:"+a);
out.write(cache, 0, cache.length);
i++;
inputLen--;
}
byte[] decryptedData = out.toByteArray();
out.close();
jsonStr = new String(decryptedData);
}
return jsonStr;
}
public static void main (String[] args) throws Exception {
try {
Map<String, Object> map = JsEncryptRSAUtil.generateKeyPair();
String publicKey = JsEncryptRSAUtil.getPublicKey(map);
byte[] preStr = "123456".getBytes();
Cipher cipher=Cipher.getInstance("RSA");
//加密
cipher.init(Cipher.ENCRYPT_MODE, JsEncryptRSAUtil.getPublicRSAKey(publicKey));
byte[] enBytes = cipher.doFinal(preStr);
String privateKey = JsEncryptRSAUtil.getPrivateKey(map);
System.out.println("公钥: \n\r" + publicKey);
System.out.println("私钥: \n\r" + privateKey);
Cipher cipher1 =Cipher.getInstance("RSA");
cipher1.init(Cipher.DECRYPT_MODE, JsEncryptRSAUtil.getPrivateRSAKey(privateKey));
byte[] dcStr = cipher1.doFinal(enBytes);
String result = new String(dcStr);
System.out.println(result);
} catch (Exception e) {
// log.error(DataTypeConstant.MOD_CODE_SUBTYPE16, "getTokenServlet", "用户生成公钥接口异常.", e);
// comRes.setErrMsg("用户TOKEN生成失败!");
}
}
}