Android RSA加密+AES加密+RSA&AES加密

最近項目涉及到傳輸加密,對于現(xiàn)在比較安全和流行的加密技術(shù)做一個記錄和分享。

Demo地址

RSA對稱加密

所謂對稱加密,我的理解可以用這副圖表達(靈魂畫手)

RSA.png

client和service分別拿著一把這樣的帶鑰匙的鎖(也可以稱為帶鎖的鑰匙)
我用我的鎖可以加密這個數(shù)據(jù),可是我的鑰匙打不開我鎖上的東西,只有你的鑰匙能打開。同理,用你的鎖加密的東西,你自己打不開,只有我能打開。

這個帶鑰匙的鎖就是公鑰&私鑰

首先生成公鑰需要openssl生成工具來生成。

生成秘鑰步驟:

1.雙擊打開bin文件夾下的openssl.exe,打開之后是一個命令行窗口;
2.通過如下命令生成私鑰:

    genrsa -out rsa_private_key.pem 1024

執(zhí)行完命令后就可在bin文件夾下看到rsa_private_key.pem文件了。
3.通過如下命令生成公鑰:

    rsa -in rsa_private_key.pem -out rsa_public_key.pem -pubout

4.這樣密鑰對的私鑰是無法在代碼中直接使用的,要想使用它需要借助RSAPrivateKeyStructure這個類,java是不自帶的。所以為了方便使用,我們需要對私鑰進行PKCS#8編碼

    pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt

在bin文件夾生成了pkcs8_rsa_private_key.pem文件

注意:生成的秘鑰使用的時候不包含第一行和最后一行

RSA工具代碼:

    public class RsaUtils {
private static String RSA = "RSA";

/**
 * 隨機生成RSA密鑰對(默認密鑰長度為1024)
 *
 * @return
 */
public static KeyPair generateRSAKeyPair()
{
    return generateRSAKeyPair(1024);
}

/**
 * 隨機生成RSA密鑰對
 *
 * @param keyLength
 *            密鑰長度,范圍:512~2048<br>
 *            一般1024
 * @return
 */
public static KeyPair generateRSAKeyPair(int keyLength)
{
    try
    {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA);
        kpg.initialize(keyLength);
        return kpg.genKeyPair();
    } catch (NoSuchAlgorithmException e)
    {
        e.printStackTrace();
        return null;
    }
}

/**
 * 用公鑰加密 <br>
 * 每次加密的字節(jié)數(shù),不能超過密鑰的長度值減去11
 *
 * @param data
 *            需加密數(shù)據(jù)的byte數(shù)據(jù)
 * @param publicKey
 *            公鑰
 * @return 加密后的byte型數(shù)據(jù)
 */
public static byte[] encryptData(byte[] data, PublicKey publicKey)
{
    try
    {
        Cipher cipher = Cipher.getInstance(RSA);
        // 編碼前設(shè)定編碼方式及密鑰
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        // 傳入編碼數(shù)據(jù)并返回編碼結(jié)果
        return cipher.doFinal(data);
    } catch (Exception e)
    {
        e.printStackTrace();
        return null;
    }
}

/**
 * 用私鑰解密
 *
 * @param encryptedData
 *            經(jīng)過encryptedData()加密返回的byte數(shù)據(jù)
 * @param privateKey
 *            私鑰
 * @return
 */
public static byte[] decryptData(byte[] encryptedData, PrivateKey privateKey)
{
    try
    {
        Cipher cipher = Cipher.getInstance(RSA);
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        return cipher.doFinal(encryptedData);
    } catch (Exception e)
    {
        return null;
    }
}

/**
 * 通過公鑰byte[](publicKey.getEncoded())將公鑰還原,適用于RSA算法
 *
 * @param keyBytes
 * @return
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeySpecException
 */
public static PublicKey getPublicKey(byte[] keyBytes) throws NoSuchAlgorithmException,
        InvalidKeySpecException
{
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
    KeyFactory keyFactory = KeyFactory.getInstance(RSA);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);
    return publicKey;
}

/**
 * 通過私鑰byte[]將公鑰還原,適用于RSA算法
 *
 * @param keyBytes
 * @return
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeySpecException
 */
public static PrivateKey getPrivateKey(byte[] keyBytes) throws NoSuchAlgorithmException,
        InvalidKeySpecException
{
    PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
    KeyFactory keyFactory = KeyFactory.getInstance(RSA);
    PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
    return privateKey;
}

/**
 * 使用N、e值還原公鑰
 *
 * @param modulus
 * @param publicExponent
 * @return
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeySpecException
 */
public static PublicKey getPublicKey(String modulus, String publicExponent)
        throws NoSuchAlgorithmException, InvalidKeySpecException
{
    BigInteger bigIntModulus = new BigInteger(modulus);
    BigInteger bigIntPrivateExponent = new BigInteger(publicExponent);
    RSAPublicKeySpec keySpec = new RSAPublicKeySpec(bigIntModulus, bigIntPrivateExponent);
    KeyFactory keyFactory = KeyFactory.getInstance(RSA);
    PublicKey publicKey = keyFactory.generatePublic(keySpec);
    return publicKey;
}

/**
 * 使用N、d值還原私鑰
 *
 * @param modulus
 * @param privateExponent
 * @return
 * @throws NoSuchAlgorithmException
 * @throws InvalidKeySpecException
 */
public static PrivateKey getPrivateKey(String modulus, String privateExponent)
        throws NoSuchAlgorithmException, InvalidKeySpecException
{
    BigInteger bigIntModulus = new BigInteger(modulus);
    BigInteger bigIntPrivateExponent = new BigInteger(privateExponent);
    RSAPublicKeySpec keySpec = new RSAPublicKeySpec(bigIntModulus, bigIntPrivateExponent);
    KeyFactory keyFactory = KeyFactory.getInstance(RSA);
    PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
    return privateKey;
}

/**
 * 從字符串中加載公鑰
 *
 * @param publicKeyStr
 *            公鑰數(shù)據(jù)字符串
 * @throws Exception
 *             加載公鑰時產(chǎn)生的異常
 */
public static PublicKey loadPublicKey(String publicKeyStr) throws Exception
{
    try
    {
        byte[] buffer = Base64Utils.decode(publicKeyStr);
        KeyFactory keyFactory = KeyFactory.getInstance(RSA);
        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
        return (RSAPublicKey) keyFactory.generatePublic(keySpec);
    } catch (NoSuchAlgorithmException e)
    {
        throw new Exception("無此算法");
    } catch (InvalidKeySpecException e)
    {
        throw new Exception("公鑰非法");
    } catch (NullPointerException e)
    {
        throw new Exception("公鑰數(shù)據(jù)為空");
    }
}

/**
 * 從字符串中加載私鑰<br>
 * 加載時使用的是PKCS8EncodedKeySpec(PKCS#8編碼的Key指令)。
 *
 * @param privateKeyStr
 * @return
 * @throws Exception
 */
public static PrivateKey loadPrivateKey(String privateKeyStr) throws Exception
{
    try
    {
        byte[] buffer = Base64Utils.decode(privateKeyStr);
        // X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
        PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
        KeyFactory keyFactory = KeyFactory.getInstance(RSA);
        return (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
    } catch (NoSuchAlgorithmException e)
    {
        throw new Exception("無此算法");
    } catch (InvalidKeySpecException e)
    {
        throw new Exception("私鑰非法");
    } catch (NullPointerException e)
    {
        throw new Exception("私鑰數(shù)據(jù)為空");
    }
}

/**
 * 從文件中輸入流中加載公鑰
 *
 * @param in
 *            公鑰輸入流
 * @throws Exception
 *             加載公鑰時產(chǎn)生的異常
 */
public static PublicKey loadPublicKey(InputStream in) throws Exception
{
    try
    {
        return loadPublicKey(readKey(in));
    } catch (IOException e)
    {
        throw new Exception("公鑰數(shù)據(jù)流讀取錯誤");
    } catch (NullPointerException e)
    {
        throw new Exception("公鑰輸入流為空");
    }
}

/**
 * 從文件中加載私鑰
 *
 * @param in
 *            私鑰文件名
 * @return 是否成功
 * @throws Exception
 */
public static PrivateKey loadPrivateKey(InputStream in) throws Exception
{
    try
    {
        return loadPrivateKey(readKey(in));
    } catch (IOException e)
    {
        throw new Exception("私鑰數(shù)據(jù)讀取錯誤");
    } catch (NullPointerException e)
    {
        throw new Exception("私鑰輸入流為空");
    }
}

/**
 * 讀取密鑰信息
 *
 * @param in
 * @return
 * @throws IOException
 */
private static String readKey(InputStream in) throws IOException
{
    BufferedReader br = new BufferedReader(new InputStreamReader(in));
    String readLine = null;
    StringBuilder sb = new StringBuilder();
    while ((readLine = br.readLine()) != null)
    {
        if (readLine.charAt(0) == '-')
        {
            continue;
        } else
        {
            sb.append(readLine);
            sb.append('\r');
        }
    }

    return sb.toString();
}

/**
 * 打印公鑰信息
 *
 * @param publicKey
 */
public static void printPublicKeyInfo(PublicKey publicKey)
{
    RSAPublicKey rsaPublicKey = (RSAPublicKey) publicKey;
    System.out.println("----------RSAPublicKey----------");
    System.out.println("Modulus.length=" + rsaPublicKey.getModulus().bitLength());
    System.out.println("Modulus=" + rsaPublicKey.getModulus().toString());
    System.out.println("PublicExponent.length=" + rsaPublicKey.getPublicExponent().bitLength());
    System.out.println("PublicExponent=" + rsaPublicKey.getPublicExponent().toString());
}

public static void printPrivateKeyInfo(PrivateKey privateKey)
{
    RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) privateKey;
    System.out.println("----------RSAPrivateKey ----------");
    System.out.println("Modulus.length=" + rsaPrivateKey.getModulus().bitLength());
    System.out.println("Modulus=" + rsaPrivateKey.getModulus().toString());
    System.out.println("PrivateExponent.length=" + rsaPrivateKey.getPrivateExponent().bitLength());
    System.out.println("PrivatecExponent=" + rsaPrivateKey.getPrivateExponent().toString());

}
}
在代碼中使用:
    case R.id.btn_encode:
            //rsa加密
            String s = et_str.getText().toString();
            if (!TextUtils.isEmpty(s)) {
                try {
                    PublicKey publicKey = RsaUtils.loadPublicKey(Global.PUBLIC_KEY);
                    byte[] bytes = RsaUtils.encryptData(s.getBytes(), publicKey);
                    String encode = Base64Utils.encode(bytes);
                    tv_str.setText(encode);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            break;
        case R.id.btn_decode:
            //rsa解密
            String s1 = tv_str.getText().toString().trim();
            if (!TextUtils.isEmpty(s1)) {
                try {
                    PrivateKey privateKey = RsaUtils.loadPrivateKey(Global.PRIVATE_KEY);
                    byte[] bytes = RsaUtils.decryptData(Base64Utils.decode(s1), privateKey);
                    if (null != bytes)
                        tv_str.setText(new String(bytes));

                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            break;
rsa.gif

AES加密:

AES加密需要client和service通過相同的AESkey來加密和解密。
工具類中有生成方法:

     AesUtil.generateKey();

AES工具類:

    public class AesUtil {
private final static String HEX = "0123456789ABCDEF";
private  static final String CBC_PKCS5_PADDING = "AES/CBC/PKCS5Padding";//AES是加密方式 CBC是工作模式 PKCS5Padding是填充模式
private  static final String AES = "AES";//AES 加密
private  static final String  SHA1PRNG="SHA1PRNG";//// SHA1PRNG 強隨機種子算法, 要區(qū)別4.2以上版本的調(diào)用方法
/*
     * 生成隨機數(shù),可以當做動態(tài)的密鑰 加密和解密的密鑰必須一致,不然將不能解密
     */
public static String generateKey() {
    try {
        SecureRandom localSecureRandom = SecureRandom.getInstance(SHA1PRNG);
        byte[] bytes_key = new byte[20];
        localSecureRandom.nextBytes(bytes_key);
        String str_key = toHex(bytes_key);
        return str_key;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

// 對密鑰進行處理
private static byte[] getRawKey(byte[] seed) throws Exception {
    KeyGenerator kgen = KeyGenerator.getInstance(AES);
    //for android
    SecureRandom sr = null;
    // 在4.2以上版本中,SecureRandom獲取方式發(fā)生了改變
    if (android.os.Build.VERSION.SDK_INT >= 17) {
        sr = SecureRandom.getInstance(SHA1PRNG, "Crypto");
    } else {
        sr = SecureRandom.getInstance(SHA1PRNG);
    }
    // for Java
    // secureRandom = SecureRandom.getInstance(SHA1PRNG);
    sr.setSeed(seed);
    kgen.init(128, sr); //256 bits or 128 bits,192bits
    //AES中128位密鑰版本有10個加密循環(huán),192比特密鑰版本有12個加密循環(huán),256比特密鑰版本則有14個加密循環(huán)。
    SecretKey skey = kgen.generateKey();
    byte[] raw = skey.getEncoded();
    return raw;
}

/*
 * 加密
 */
public static String encrypt(String key, String cleartext) {
    if (TextUtils.isEmpty(cleartext)) {
        return cleartext;
    }
    try {
        byte[] result = encrypt(key, cleartext.getBytes());
        return Base64Utils.encode(result);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

/*
* 加密
*/
private static byte[] encrypt(String key, byte[] clear) throws Exception {
    byte[] raw = getRawKey(key.getBytes());
    SecretKeySpec skeySpec = new SecretKeySpec(raw, AES);
    Cipher cipher = Cipher.getInstance(CBC_PKCS5_PADDING);
    cipher.init(Cipher.ENCRYPT_MODE, skeySpec, new IvParameterSpec(new byte[cipher.getBlockSize()]));
    byte[] encrypted = cipher.doFinal(clear);
    return encrypted;
}

/*
     * 解密
     */
public static String decrypt(String key, String encrypted) {
    if (TextUtils.isEmpty(encrypted)) {
        return encrypted;
    }
    try {
        byte[] enc = Base64Utils.decode(encrypted);
        byte[] result = decrypt(key, enc);
        return new String(result);
    } catch (Exception e) {
        e.printStackTrace();
    }
    return null;
}

/*
 * 解密
 */
private static byte[] decrypt(String key, byte[] encrypted) throws Exception {
    byte[] raw = getRawKey(key.getBytes());
    SecretKeySpec skeySpec = new SecretKeySpec(raw, AES);
    Cipher cipher = Cipher.getInstance(CBC_PKCS5_PADDING);
    cipher.init(Cipher.DECRYPT_MODE, skeySpec, new IvParameterSpec(new byte[cipher.getBlockSize()]));
    byte[] decrypted = cipher.doFinal(encrypted);
    return decrypted;
}//二進制轉(zhuǎn)字符
public static String toHex(byte[] buf) {
    if (buf == null)
        return "";
    StringBuffer result = new StringBuffer(2 * buf.length);
    for (int i = 0; i < buf.length; i++) {
        appendHex(result, buf[i]);
    }
    return result.toString();
}

private static void appendHex(StringBuffer sb, byte b) {
    sb.append(HEX.charAt((b >> 4) & 0x0f)).append(HEX.charAt(b & 0x0f));
}
}
AES加密代碼中使用:
     String secretKey = AesUtil.generateKey();

代碼:

    case R.id.btn_aesencode:
            //aes加密
            String str1 = et_str.getText().toString();
            if(!TextUtils.isEmpty(str1)){
                String encrypt = AesUtil.encrypt(secretKey, str1);
                tv_str.setText(encrypt);
            }
            break;
        case R.id.btn_aesdecode:
            //aes解密
            String str2 = tv_str.getText().toString();
            if(!TextUtils.isEmpty(str2)){
                String decrypt = AesUtil.decrypt(secretKey, str2);
                tv_str.setText(decrypt);
            }
            break;
aes.gif

RSA&AES

了解了兩種加密方法,將他們配合起來用就容易多了,同時安全性更高。
talk is cheap ,show you the code.

    case R.id.btn_allencode:
            //rsa+aes加密
            String ar1 = et_str.getText().toString();
            if(!TextUtils.isEmpty(ar1)){
                String encrypt = AesUtil.encrypt(secretKey, ar1);
                if(!TextUtils.isEmpty(encrypt)){
                    try {
                        PublicKey publicKey = RsaUtils.loadPublicKey(Global.PUBLIC_KEY);
                        byte[] bytes = RsaUtils.encryptData(encrypt.getBytes(), publicKey);
                        String encode = Base64Utils.encode(bytes);
                        tv_str.setText(encode);
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
            break;
        case R.id.btn_alldecode:
            //rsa+aes解密
            String ar2 = tv_str.getText().toString().trim();
            if (!TextUtils.isEmpty(ar2)) {
                try {
                    PrivateKey privateKey = RsaUtils.loadPrivateKey(Global.PRIVATE_KEY);
                    byte[] bytes = RsaUtils.decryptData(Base64Utils.decode(ar2), privateKey);
                    if (null != bytes)
                        tv_str.setText(AesUtil.decrypt(secretKey,new String(bytes)));

                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            break;

效果圖:

rsa&aes.gif

Base64工具類:

    public class Base64Utils
    {
private static char[] base64EncodeChars = new char[]
        { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
                'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
                'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5',
                '6', '7', '8', '9', '+', '/' };
private static byte[] base64DecodeChars = new byte[]
        { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
                -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53,
                54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
                12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29,
                30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1,
                -1, -1, -1 };

/**
 * 加密
 *
 * @param data
 * @return
 */
public static String encode(byte[] data)
{
    StringBuffer sb = new StringBuffer();
    int len = data.length;
    int i = 0;
    int b1, b2, b3;
    while (i < len)
    {
        b1 = data[i++] & 0xff;
        if (i == len)
        {
            sb.append(base64EncodeChars[b1 >>> 2]);
            sb.append(base64EncodeChars[(b1 & 0x3) << 4]);
            sb.append("==");
            break;
        }
        b2 = data[i++] & 0xff;
        if (i == len)
        {
            sb.append(base64EncodeChars[b1 >>> 2]);
            sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
            sb.append(base64EncodeChars[(b2 & 0x0f) << 2]);
            sb.append("=");
            break;
        }
        b3 = data[i++] & 0xff;
        sb.append(base64EncodeChars[b1 >>> 2]);
        sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
        sb.append(base64EncodeChars[((b2 & 0x0f) << 2) | ((b3 & 0xc0) >>> 6)]);
        sb.append(base64EncodeChars[b3 & 0x3f]);
    }
    return sb.toString();
}

/**
 * 解密
 *
 * @param str
 * @return
 */
public static byte[] decode(String str)
{
    try
    {
        return decodePrivate(str);
    } catch (UnsupportedEncodingException e)
    {
        e.printStackTrace();
    }
    return new byte[]
            {};
}

private static byte[] decodePrivate(String str) throws UnsupportedEncodingException
{
    StringBuffer sb = new StringBuffer();
    byte[] data = null;
    data = str.getBytes("US-ASCII");
    int len = data.length;
    int i = 0;
    int b1, b2, b3, b4;
    while (i < len)
    {

        do
        {
            b1 = base64DecodeChars[data[i++]];
        } while (i < len && b1 == -1);
        if (b1 == -1)
            break;

        do
        {
            b2 = base64DecodeChars[data[i++]];
        } while (i < len && b2 == -1);
        if (b2 == -1)
            break;
        sb.append((char) ((b1 << 2) | ((b2 & 0x30) >>> 4)));

        do
        {
            b3 = data[i++];
            if (b3 == 61)
                return sb.toString().getBytes("iso8859-1");
            b3 = base64DecodeChars[b3];
        } while (i < len && b3 == -1);
        if (b3 == -1)
            break;
        sb.append((char) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));

        do
        {
            b4 = data[i++];
            if (b4 == 61)
                return sb.toString().getBytes("iso8859-1");
            b4 = base64DecodeChars[b4];
        } while (i < len && b4 == -1);
        if (b4 == -1)
            break;
        sb.append((char) (((b3 & 0x03) << 6) | b4));
    }
    return sb.toString().getBytes("iso8859-1");
}

}
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容