1. 首页
  2. 问答
  3. 如何在Java非对称加密中保存和重用密钥对?

如何在Java非对称加密中保存和重用密钥对?

2017-10-18 233 views
0

我已经编写了生成密钥对的代码,但想知道是否有任何方法可以保存并重新使用它们?如何在Java非对称加密中保存和重用密钥对?

下面是generaes该对代码:

公共静态无效的主要(字串[] args)抛出异常{

String plainText = "Hello world"; 

    Map<String, Object> keys = getRSAKeys(); 

    PrivateKey privateKey = (PrivateKey) keys.get("private"); 
    PublicKey publicKey = (PublicKey) keys.get("public"); 

    System.out.println(privateKey.getEncoded()); 

    System.out.println(publicKey.getEncoded()); 



    String encrypted = encryptMessage(plainText, privateKey); 


    System.out.println(encrypted); 

    String decrypted = decryptMessage(plainText, publicKey, encrypted); 

    System.out.println(decrypted); 

} 

private static Map<String, Object> getRSAKeys() throws Exception { 

    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); 
    keyPairGenerator.initialize(2048); 
    KeyPair keyPair = keyPairGenerator.generateKeyPair(); 
    PrivateKey privateKey = keyPair.getPrivate(); 
    PublicKey publicKey = keyPair.getPublic(); 
    Map<String, Object> keys = new HashMap<String, Object>(); 
    keys.put("private", privateKey); 
    keys.put("public", publicKey); 

    return keys; 

}

来源

2017-10-18 TheRealJoeWilson

+0

肯定。只是保持数据。在程序的整个生命周期内,只保留参考。在程序的生命周期之外 - 它们是可序列化的,所以序列化它们。 (当然,你必须考虑保持序列化密钥的安全......) –

+0

另外:为什么把它们放到一个Map中,只要返回'KeyPair'对象? –

+0

谢谢安迪,你会怎么做呢? – TheRealJoeWilson

回答

-1

https://docs.oracle.com/javase/tutorial/security/apisign/step2.html - 良好的入口点。

另外这里的一些示例代码,做你想要什么:

package mx.playground.security; 

import java.io.File; 
import java.io.FileOutputStream; 
import java.io.IOException; 
import java.nio.file.Files; 
import java.security.KeyFactory; 
import java.security.PrivateKey; 
import java.security.PublicKey; 
import java.security.spec.PKCS8EncodedKeySpec; 
import java.security.spec.X509EncodedKeySpec; 
import java.util.Base64; 

import javax.crypto.Cipher; 

public class AppForStackOverflow { 

    public static final int KEY_SIZE = 2048; 

    public static final String PUBLIC_KEY_X509 = "C:\\workspace\\rsa-pair\\public-key"; 
    public static final String PUBLIC_KEY_PKCS1 = "C:\\workspace\\rsa-pair\\public-key-pkcs1"; 
    public static final String PUBLIC_KEY_PEM = "C:\\workspace\\rsa-pair\\public-key-pem"; 

    public static final String PRIVATE_KEY_PKCS8 = "C:\\workspace\\rsa-pair\\private-key"; 
    public static final String PRIVATE_KEY_PKCS1 = "C:\\workspace\\rsa-pair\\private-key-pkcs1"; 
    public static final String PRIVATE_KEY_PEM = "C:\\workspace\\rsa-pair\\private-key-pem"; 

    public static final String SIGNATURE_PATH = "C:\\workspace\\rsa-pair\\signature"; 

    public static final String PRIVATE_KEY_PATH = PRIVATE_KEY_PKCS8; 
    public static final String PUBLIC_KEY_PATH = PUBLIC_KEY_X509; 

    public static void main(String[] args) { 
     generateRsaKeysPair(); 
     encryptDecryptTest(); 

     // symmetric encryption example, use it to store your Private Key in safe manner 
     String message = "test message"; 
     String rightPass = "ABCDEF"; // for AES password should be at least 16 chars 
     String wrongPass = "zzz"; 

     byte[] encryptedMessage = symmetricEncrypt(message.getBytes(), rightPass); 
     System.out.print(new String(encryptedMessage)); 

     byte[] decryptedMessage = symmetricDecrypt(encryptedMessage, rightPass); 
     System.out.println(new String(decryptedMessage)); 

    }  

    public static void generateRsaKeysPair() { 
     try { 
      KeyPairGeneratorJdk kpg = new KeyPairGeneratorJdk(KEY_SIZE, "RSA"); 

      PublicKey publicKey = kpg.getPublicKey(); 
      PrivateKey privateKey = kpg.getPrivateKey(); 

      save(PUBLIC_KEY_PATH, publicKey.getEncoded()); 
      save(PRIVATE_KEY_PATH, privateKey.getEncoded()); 
     } catch (Exception e) { 
      throw new RuntimeException("Failed to execute generateRsaKeysPair()", e);   
     } 
    } 

    public static void encryptDecryptTest() { 
     try { 
      byte[] privateKeyBytes = read(PRIVATE_KEY_PATH); 
      byte[] publicKeyBytes = read(PUBLIC_KEY_PATH); 

      KeyFactory kf = KeyFactory.getInstance("RSA"); 
      PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes); 
      PrivateKey privateKey = kf.generatePrivate(privateKeySpec); 

      X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes); 
      PublicKey publicKey = kf.generatePublic(spec); 

      Cipher cipher = Cipher.getInstance("RSA"); 

      // doing encryption 
      String message = "test message"; 
      cipher.init(Cipher.ENCRYPT_MODE, publicKey); 
      byte[] encodedMessage = cipher.doFinal(message.getBytes("UTF-8")); 
      System.out.println("ENCRYPTED: " + new String(encodedMessage)); 

      // doing decryption 
      cipher.init(Cipher.DECRYPT_MODE, privateKey); 
      byte[] decodedMessage = cipher.doFinal(encodedMessage); 
      System.out.println("DECRYPTED: " + new String(decodedMessage)); 
     } catch (Exception e) { 
      throw new RuntimeException("Failed to execute encryptDecryptTest()", e); 
     } 
    } 

    private static void save(String path, byte[] data) { 
     try { 
      File file = new File(path); 
      file.getParentFile().mkdirs(); 

      try (FileOutputStream fos = new FileOutputStream(file)){ 
       fos.write(Base64.getEncoder().encode(data)); 
       fos.flush(); 
      }; 
     } catch (IOException e) { 
      throw new RuntimeException("Failed to save data to file: " + path, e); 
     } 
    } 

    private static byte[] read(String path) { 
     try { 
      return Base64.getDecoder().decode(Files.readAllBytes(new File(path).toPath())); 
     } catch (IOException e) { 
      throw new RuntimeException("Failed to read data from file: " + path, e); 
     } 
    } 

    /* 
    * Use this to encrypt your private key before saving it to disk 
    */ 
    public static byte[] symmetricEncrypt(byte[] data, String password) { 
     try { 
      SecretKeySpec secretKey = new SecretKeySpec(password.getBytes(), "AES"); 
      Cipher cipher = Cipher.getInstance("AES"); 
      cipher.init(Cipher.ENCRYPT_MODE, secretKey); 
      byte[] result = cipher.doFinal(data); 
      return result; 
     } catch (Exception e) { 
      throw new RuntimeException("Failed to execute symmetricEncrypt()", e); 
     } 
    } 

    public static byte[] symmetricDecrypt(byte[] data, String password) { 
     try { 
      SecretKeySpec secretKey = new SecretKeySpec(password.getBytes(), "AES"); 
      Cipher cipher = Cipher.getInstance("AES"); 
      cipher.init(Cipher.DECRYPT_MODE, secretKey); 
      byte[] result = cipher.doFinal(data); 
      return result; 
     } catch (Exception e) { 
      throw new RuntimeException("Failed to execute symmetricEncrypt()", e); 
     } 
    } 

}

来源

2017-10-18 12:05:50

+0

没有安全感。不能接受的。 – EJP

+0

只是为了好玩,我添加了一些代码,用私钥进行一些对称加密,使其不那么不安全,有点可以接受。 –

相关问题

 相关问题