2024年03月21日
admin
34
0 评论
Java
暂无标签

很多时候,我们需要在开发中对某些数据进行加密。比如登录对密码进行 RSA 加密。RSA 加密算法是一种非对称加密算法,公钥加密私钥解密。

(RSA 是 1977 年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的。当时他们三人都在麻省理工学院工作。RSA 就是他们三人姓氏开头字母拼在一起组成的。但是,如果加密数据比较长的话,可能会出现问题,如:javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes)

1、问题重现
我们可以编写一个 RSA 的简单实现,如:

import java.io.UnsupportedEncodingException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;

import javax.crypto.Cipher;

import org.apache.commons.codec.binary.Base64;

public final class RsaUtils {

  private RsaUtils() {
  }

  /**
   * 获取公钥和私钥对,key为公钥,value为私钥
   * 
   * @return
   * @throws NoSuchAlgorithmException
   */
  public static Map<String, String> genKeyPair() throws NoSuchAlgorithmException {
    KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
    keyPairGen.initialize(1024, new SecureRandom());
    KeyPair keyPair = keyPairGen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    String publicKeyString = null;
    String privateKeyString = null;

    try {
      publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()), "UTF-8");
      privateKeyString = new String(Base64.encodeBase64(privateKey.getEncoded()), "UTF-8");
    } catch (UnsupportedEncodingException var7) {
      var7.printStackTrace();
    }
    Map<String, String> keyPairMap = new HashMap<>();
    keyPairMap.put("publicKey", publicKeyString);
    keyPairMap.put("privateKey", privateKeyString);
    return keyPairMap;
  }

  public static String encrypt(String str, String publicKey) throws Exception {
    byte[] decoded = Base64.decodeBase64(publicKey);
    RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
        .generatePublic(new X509EncodedKeySpec(decoded));
    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(1, pubKey);
    String outStr = Base64.encodeBase64String(cipher.doFinal(str.getBytes("UTF-8")));
    return outStr;
  }

  public static String decrypt(String str, String privateKey) throws Exception {
    byte[] inputByte = Base64.decodeBase64(str.getBytes("UTF-8"));
    byte[] decoded = Base64.decodeBase64(privateKey);
    RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA")
        .generatePrivate(new PKCS8EncodedKeySpec(decoded));
    Cipher cipher = Cipher.getInstance("RSA");
    cipher.init(2, priKey);
    String outStr = new String(cipher.doFinal(inputByte), "UTF-8");
    return outStr;
  }
}

写一个简单的测试:

public class Main {

  public static void main(String[] args) throws Exception {
    
    
    Map<String, String> keyMap = RsaUtils.genKeyPair();
    String publicKey = keyMap.get("publicKey");
    String privateKey = keyMap.get("privateKey");
    System.out.println("publicKey = " + publicKey);
    System.out.println("privateKey = " + privateKey);
    String originValue = "原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111";
    // 加密前:原数据123456,测试一下
    System.out.println("加密前:" + originValue);

    String encrypt = RsaUtils.encrypt(originValue, publicKey);
    System.out.println("加密后:" + encrypt);
    String decrypt = RsaUtils.decrypt(encrypt, privateKey);
    System.out.println("解密后:" + decrypt);
  }
}

错误重现:

Exception in thread "main" javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes
  at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:346)
  at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:391)
  at javax.crypto.Cipher.doFinal(Cipher.java:2168)
  at com.********.crypto.rsa.RsaUtils.encrypt(RsaUtils.java:58)
  at Main.main(Main.java:19)

2、原因
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
表示,使用 RSA 算法,并且加 PAD 的方式按照 PKCS1 的标准。

即输入数据长度小于等于密钥的位数/8-11,例如:1024 位密钥,1024/8-11 =117。不足的部分,程序会自动补齐。加密后的数据还是等于密钥的位数/8。

Cipher 提供加解密 API,其中 RSA 非对称加密解密内容长度是有限制的,加密长度不超过 117Byte,解密长度不超过 128Byte,报错如下:javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes。

3、解决
既然 Cipher 加解密有长度限制,那么如果超过 117 bytes,我们可以采用分段加密、分段解密的方式进行。

import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;

import javax.crypto.Cipher;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.ArrayUtils;

public final class RsaUtils {

  // RSA最大加密明文大小
  private static final int MAX_ENCRYPT_BLOCK = 117;

  // RSA最大解密密文大小
  private static final int MAX_DECRYPT_BLOCK = 128;

  private RsaUtils() {
  }

  /**
   * 获取公钥和私钥对,key为公钥,value为私钥
   * 
   * @return
   * @throws NoSuchAlgorithmException
   */
  public static Map<String, String> genKeyPair() throws NoSuchAlgorithmException {
    KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
    keyPairGen.initialize(1024, new SecureRandom());
    KeyPair keyPair = keyPairGen.generateKeyPair();
    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
    String publicKeyString = null;
    String privateKeyString = null;

    try {
      publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()), "UTF-8");
      privateKeyString = new String(Base64.encodeBase64(privateKey.getEncoded()), "UTF-8");
    } catch (UnsupportedEncodingException var7) {
      var7.printStackTrace();
    }

    Map<String, String> keyPairMap = new HashMap<>();
    keyPairMap.put("publicKey", publicKeyString);
    keyPairMap.put("privateKey", privateKeyString);
    return keyPairMap;
  }

  public static String encrypt(String str, String publicKey) throws Exception {
    byte[] decoded = Base64.decodeBase64(publicKey);
    RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA")
        .generatePublic(new X509EncodedKeySpec(decoded));
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(1, pubKey);
    // 分段加密
    // URLEncoder编码解决中文乱码问题
    byte[] data = URLEncoder.encode(str, "UTF-8").getBytes("UTF-8");
    // 加密时超过117字节就报错。为此采用分段加密的办法来加密
    byte[] enBytes = null;
    for (int i = 0; i < data.length; i += MAX_ENCRYPT_BLOCK) {
      // 注意要使用2的倍数,否则会出现加密后的内容再解密时为乱码
      byte[] doFinal = cipher.doFinal(ArrayUtils.subarray(data, i, i + MAX_ENCRYPT_BLOCK));
      enBytes = ArrayUtils.addAll(enBytes, doFinal);
    }
    String outStr = Base64.encodeBase64String(enBytes);
    return outStr;
  }

  /**
   * 公钥分段解密
   * 
   * @param str
   * @param privateKey
   * @return
   * @throws Exception
   */
  public static String decrypt(String str, String privateKey) throws Exception {
    // 获取公钥
    byte[] decoded = Base64.decodeBase64(privateKey);
    RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA")
        .generatePrivate(new PKCS8EncodedKeySpec(decoded));
    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
    cipher.init(2, priKey);
    byte[] data = Base64.decodeBase64(str.getBytes("UTF-8"));

    // 返回UTF-8编码的解密信息
    int inputLen = data.length;
    ByteArrayOutputStream out = new ByteArrayOutputStream();
    int offSet = 0;
    byte[] cache;
    int i = 0;
    // 对数据分段解密
    while (inputLen - offSet > 0) {
      if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
        cache = cipher.doFinal(data, offSet, MAX_DECRYPT_BLOCK);
      } else {
        cache = cipher.doFinal(data, offSet, inputLen - offSet);
      }
      out.write(cache, 0, cache.length);
      i++;
      offSet = i * 128;
    }
    byte[] decryptedData = out.toByteArray();
    out.close();
    return URLDecoder.decode(new String(decryptedData, "UTF-8"), "UTF-8");
  }

}

再次测试一下,把测试数据长度加大很多:

public class Main {

  public static void main(String[] args) throws Exception {
    
    
    Map<String, String> keyMap = RsaUtils.genKeyPair();
    String publicKey = keyMap.get("publicKey");
    String privateKey = keyMap.get("privateKey");
    System.out.println("publicKey = " + publicKey);
    System.out.println("privateKey = " + privateKey);
    String originValue = "原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111";
    // 加密前:原数据123456,测试一下
    System.out.println("加密前:" + originValue);

    String encrypt = RsaUtils.encrypt(originValue, publicKey);
    System.out.println("加密后:" + encrypt);
    String decrypt = RsaUtils.decrypt(encrypt, privateKey);
    System.out.println("解密后:" + decrypt);
  }
}

可以发现,能够正常加解密,至此问题解决。

参考:https://xie.infoq.cn/article/9bd4cb832b9d21229ea4779ef

评论已关闭

博客信息

阿新运维 Www.Aihew.Net的头像
admin

Your description here.

71

文章数

1

评论数

565天

运行天数

最新文章