go語言RSA API使用示例

go語言RSA API使用示例

第零步: 常用的包

import (
    "os"
    "fmt"
    "log"
    "errors"
    "io/ioutil"
    "crypto/rsa"
    "crypto/rand"
    "crypto/x509"
    "crypto/sha256"
    "encoding/pem"
    "encoding/base64"
)

第一步:生成RSA密鑰對, 包括private和public key

// Generate RSA private/public key
func GenerateKey() (*rsa.PrivateKey, *rsa.PublicKey, error) {
    privatekey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        return nil, nil, err
    }

    publickey := &privatekey.PublicKey
    return privatekey, publickey, nil
}

第二步:Dump key到文件
這樣生成的key文件就是我們平常使用命令行工具openssl時用的key文件,比如key.pem,pub.key

// Dump private key into file
// This has same output as DumpPrivateKeyBuffer(), but dump to a file:
//  -----BEGIN RSA PRIVATE KEY-----
//  MIIEoQIBAAKCAQEAuql1lFYgKmKA1x5lQyadktbkeRRO0qrsmAkhvTtiz2p0Y+Ur
//  xWSYqDlmoY6vdkxj0Ex0z4zisoPnI+K89hV69O9v/83Yz7hYkLBHuwGiiSOiPZU7
//  ...
//  PfKnburLQLE50wPkglfnGYfqQxtIiqn1hGTQO1xBxu03g+KM/Q==
//  -----END RSA PRIVATE KEY-----
func DumpPrivateKeyFile(privatekey *rsa.PrivateKey, filename string) error {
    var keybytes []byte = x509.MarshalPKCS1PrivateKey(privatekey)
    block := &pem.Block{
        Type  : "RSA PRIVATE KEY",
        Bytes :  keybytes,
    }
    file, err := os.Create(filename)
    if err != nil {
        return err
    }
    err = pem.Encode(file, block)
    if err != nil {
        return err
    }
    return nil
}

// Dump public key into file
//  -----BEGIN PUBLIC KEY-----
//  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y8mEdCRE8siiI7udpge
//  5y1hrlSJzV7Xj0UojL/hi9u7s6TjYQQDA4M++/FezwkO5lBby2C+wK8bY7lgphuP
//  ...
//  OZPrh/jItinhdzhyIXuYn6ohesPlM9i5TMpeBfpBmCwQQTfsAjBnXTTQzT4m4cmo
//  2QIDAQAB
//  -----END PUBLIC KEY-----
func DumpPublicKeyFile(publickey *rsa.PublicKey, filename string) error {
    keybytes, err := x509.MarshalPKIXPublicKey(publickey)
    if err != nil {
        return err
    }
    block := &pem.Block{
        Type  : "PUBLIC KEY",
        Bytes :  keybytes,
    }
    file, err := os.Create(filename)
    if err != nil {
        return err
    }
    err = pem.Encode(file, block)
    if err != nil {
        return err
    }
    return nil
}

第三步:Dump key到緩存
Dump到緩存和Dump到文件的內(nèi)容時一樣的,只是是否輸出到文件,還是輸出到內(nèi)存而已。

// Dump private key to buffer.
func DumpPrivateKeyBuffer(privatekey *rsa.PrivateKey) (string, error) {
    var keybytes []byte = x509.MarshalPKCS1PrivateKey(privatekey)
    block := &pem.Block{
        Type  : "RSA PRIVATE KEY",
        Bytes :  keybytes,
    }

    var keybuffer []byte = pem.EncodeToMemory(block)
    return string(keybuffer), nil
}

func DumpPublicKeyBuffer(publickey *rsa.PublicKey) (string, error) {
    keybytes, err := x509.MarshalPKIXPublicKey(publickey)
    if err != nil {
        return "", err
    }

    block := &pem.Block{
        Type  : "PUBLIC KEY",
        Bytes :  keybytes,
    }

    var keybuffer []byte = pem.EncodeToMemory(block)
    return string(keybuffer), nil
}

第四步:Dump到字符串
以Base64的編碼方式輸出key,這個key是一個用戶可見的單行字符串,方便key在API之間相互傳遞。

// Dump private key to base64 string
// Compared with DumpPrivateKeyBuffer this output:
//  1. Have no header/tailer line
//  2. Key content is merged into one-line format
// The output is:
//  MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2y8mEdCRE8siiI7udpge......2QIDAQAB
func DumpPrivateKeyBase64(privatekey *rsa.PrivateKey) (string, error) {
    var keybytes []byte = x509.MarshalPKCS1PrivateKey(privatekey)

    keybase64 := base64.StdEncoding.EncodeToString(keybytes)
    return keybase64, nil
}

func DumpPublicKeyBase64(publickey *rsa.PublicKey) (string, error) {
    keybytes, err := x509.MarshalPKIXPublicKey(publickey)
    if err != nil {
        return "", err
    }

    keybase64 := base64.StdEncoding.EncodeToString(keybytes)
    return keybase64, nil
}

第五步,從文件加載key

// Load private key from private key file
func LoadPrivateKeyFile(keyfile string) (*rsa.PrivateKey, error) {
    keybuffer, err := ioutil.ReadFile(keyfile)
    if err != nil {
        return nil, err
    }

    block, _ := pem.Decode([]byte(keybuffer))
    if block == nil {
        return nil, errors.New("private key error!")
    }

    privatekey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
    if err != nil {
        return nil, errors.New("parse private key error!")
    }

    return privatekey, nil
}


func LoadPublicKeyFile(keyfile string) (*rsa.PublicKey, error) {
    keybuffer, err := ioutil.ReadFile(keyfile)
    if err != nil {
        return nil, err
    }

    block, _ := pem.Decode(keybuffer)
    if block == nil {
        return nil, errors.New("public key error")
    }

    pubkeyinterface, err := x509.ParsePKIXPublicKey(block.Bytes)
    if err != nil {
        return nil, err
    }

    publickey := pubkeyinterface.(*rsa.PublicKey)
    return publickey, nil
}

第六步:從Base64字符串加載key

// Load private key from base64
func LoadPrivateKeyBase64(base64key string) (*rsa.PrivateKey, error) {
    keybytes, err := base64.StdEncoding.DecodeString(base64key)
    if err != nil {
        return nil, fmt.Errorf("base64 decode failed, error=%s\n", err.Error())
    }

    privatekey, err := x509.ParsePKCS1PrivateKey(keybytes)
    if err != nil {
        return nil, errors.New("parse private key error!")
    }

    return privatekey, nil
}


func LoadPublicKeyBase64(base64key string) (*rsa.PublicKey, error) {
    keybytes, err := base64.StdEncoding.DecodeString(base64key)
    if err != nil {
        return nil, fmt.Errorf("base64 decode failed, error=%s\n", err.Error())
    }

    pubkeyinterface, err := x509.ParsePKIXPublicKey(keybytes)
    if err != nil {
        return nil, err
    }

    publickey := pubkeyinterface.(*rsa.PublicKey)
    return publickey, nil
}

第七步:加密字符串
并把解密后的字符串按照Base64編碼。

// encrypt
func Encrypt(plaintext string, publickey *rsa.PublicKey) (string, error) {
    label := []byte("")
    sha256hash := sha256.New()
    ciphertext, err := rsa.EncryptOAEP(sha256hash, rand.Reader, publickey, []byte(plaintext), label)

    decodedtext := base64.StdEncoding.EncodeToString(ciphertext)
    return decodedtext, err
}

第八步:解密字符串
解密已經(jīng)經(jīng)過Base64編碼的密文,輸出解密后的字符串。

// decrypt
func Decrypt(ciphertext string, privatekey *rsa.PrivateKey) (string, error) {
    decodedtext, err := base64.StdEncoding.DecodeString(ciphertext)
    if err != nil {
        return "", fmt.Errorf("base64 decode failed, error=%s\n", err.Error())
    }

    sha256hash := sha256.New()
    decryptedtext, err := rsa.DecryptOAEP(sha256hash, rand.Reader, privatekey, decodedtext, nil)
    if err != nil {
        return "", fmt.Errorf("RSA decrypt failed, error=%s\n", err.Error())
    }

    return string(decryptedtext), nil
}

第十步:把它們串起來測試
把前面定義的API串起來成一個可執(zhí)行程序。

func main() {
    // generate key
    privatekey, publickey, err := GenerateKey()
    if err != nil {
        log.Fatalf("Cannot generate RSA key\n")
    }

    // dump private key to file
    err = DumpPrivateKeyFile(privatekey, "private.pem")
    if err != nil {
        log.Fatalf("Cannot dump private key file\n")
    }
    // dump public key to file
    err = DumpPublicKeyFile(publickey, "public.pem")
    if err != nil {
        log.Fatalf("Cannot dump public key file\n")
    }

    // encrypt message use public key
    message := "abcd"
    cipher, err := Encrypt(message, publickey)
    if err != nil {
        log.Fatalf("Cannot encrypt message\n")
    }

    // load private key
    privatekey, err = LoadPrivateKeyFile("private.pem")
    if privatekey == nil {
        fmt.Printf("Cannot load private key\n");
    }

    // decrypt use private
    plain, err := Decrypt(cipher, privatekey)
    if err != nil {
        log.Fatalf("Cannot decrypt message\n")
    }
    fmt.Printf("decrypt result is (%s)\n", plain)
}
最后編輯于
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點(diǎn),簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

  • Spring Cloud為開發(fā)人員提供了快速構(gòu)建分布式系統(tǒng)中一些常見模式的工具(例如配置管理,服務(wù)發(fā)現(xiàn),斷路器,智...
    卡卡羅2017閱讀 136,525評論 19 139
  • 凌晨,暴雨就下個不停。六點(diǎn)鐘,天就已經(jīng)亮了,但雨卻越下越大。我因為有急事當(dāng)天上午10點(diǎn)前一定要趕去鄰市,所以很著急...
    繁花落盡深眸閱讀 606評論 19 11
  • Vocabulary 1. She watched tiny crinkles form around the c...
    棕二閱讀 283評論 0 0
  • hive在跑數(shù)據(jù)時經(jīng)常會出現(xiàn)數(shù)據(jù)傾斜的情況。使的作業(yè)經(jīng)常reduce時卡住較長時間,有時完成任務(wù)的百分百比甚至?xí)?..
    原來是個圓閱讀 2,397評論 0 5
  • 篇一:兩種思維的碰撞 一天,富有的父親帶著兒子從城里去鄉(xiāng)下旅行,想讓他見識一下窮人是怎樣生活的。在農(nóng)場一戶最窮的人...
    馬克斯基閱讀 8,097評論 0 1

友情鏈接更多精彩內(nèi)容