Java中使用私钥加密和解密
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/23831200/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Encryption and decryption with private key in Java
提问by Nadendla
After I have read articles about Cryptography(Symmetric and Asymmetric) methods.Many articles are telling that Private key is used to encrypt and decrypt data.Public key is used to encrypt data.But When I try to start implementing in Java I can't able to use private key to encrypt and decrypt data(I am using RSA Algorithm)? If it is possible please provide me a link .If it doesn't support, please answer why it doesn't support?
在我阅读了关于密码学(对称和非对称)方法的文章后。很多文章都说私钥用于加密和解密数据。公钥用于加密数据。但是当我尝试开始在 Java 中实现时,我不能能够使用私钥加密和解密数据(我使用的是 RSA 算法)?如果可能,请给我一个链接。如果不支持,请回答为什么不支持?
//Encrypt
//加密
Cipher encrypt=Cipher.getInstance("RSA");
encrypt.init(Cipher.ENCRYPT_MODE, privatekey);
byte[] encryptedMessage=encrypt.doFinal(msg.getBytes());
//Decrypt
//解密
Cipher decrypt=Cipher.getInstance("RSA");
decrypt.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decryptedMessage=decrypt.doFinal(encryptedMessage);
回答by dharr
How Public Private Key Encryption is working:
公钥私钥加密的工作原理:
- IF you encrypt something with your private key anyone with your public key can decrypt it.
- IF you encrypt something with your public key only your private key can decrypt it.
- 如果你用你的私钥加密某些东西,任何拥有你公钥的人都可以解密它。
- 如果您使用公钥加密某些内容,则只有您的私钥才能对其进行解密。
You have to generate public private key pair. Private key is just for you and public key can be given to people you trust.
您必须生成公钥私钥对。私钥只给你,公钥可以给你信任的人。
How to generate key pairs?
如何生成密钥对?
$ openssl genrsa -out private_key.pem 1024
$ openssl rsa -pubout -in private_key.pem -out public_key.pem
Or go here in do it in java -> JAVA RSAWhen you do that come back and ask more questions
或者去这里用 java -> JAVA RSA当你这样做时回来问更多问题
回答by Maarten Bodewes
To perform RSA encryption you need to encrypt with the public key and decrypt with the private key. Furthermore, you shoulduse a well defined padding method, such as PKCS#1 v1.5 compatible padding or - if available - OAEP padding.
要执行 RSA 加密,您需要使用公钥加密并使用私钥解密。此外,您应该使用定义明确的填充方法,例如 PKCS#1 v1.5 兼容填充或 - 如果可用 - OAEP 填充。
Encryption with an RSA private key makes no sense, as anybody with the public key can decrypt. There is something called "raw RSA" which is basically modular exponentiation, but that should only be used with another padding schemeto generate signatures. In that case you want everybody with a public key to "decrypt" to verify the signature.
使用 RSA 私钥加密毫无意义,因为任何拥有公钥的人都可以解密。有一种叫做“原始 RSA”的东西,它基本上是模幂运算,但这只能与另一个填充方案一起使用来生成签名。在这种情况下,您希望每个拥有公钥的人“解密”以验证签名。
More information hereand here.
So encryption is:
所以加密是:
// specify mode and padding instead of relying on defaults (use OAEP if available!)
Cipher encrypt=Cipher.getInstance("RSA/ECB/PKCS1Padding");
// init with the *public key*!
encrypt.init(Cipher.ENCRYPT_MODE, publicKey);
// encrypt with known character encoding, you should probably use hybrid cryptography instead
byte[] encryptedMessage = encrypt.doFinal(msg.getBytes(StandardCharsets.UTF_8));
and decryption is:
和解密是:
Cipher decrypt=Cipher.getInstance("RSA/ECB/PKCS1Padding");
decrypt.init(Cipher.DECRYPT_MODE, privateKey);
String decryptedMessage = new String(decrypt.doFinal(encryptedMessage), StandardCharsets.UTF_8);
回答by ship shuk - www.shipshuk.com
When you encrypt with private key it is called certificate. And your public keys are distributed to the clients so that they can open it and verify the issuer of the certificate. The same way client can create its own signature by encrypting with public key. The same way the server/issuer can verify it by decrypting it with private key.
当您使用私钥加密时,它被称为证书。并且您的公钥会分发给客户端,以便他们可以打开它并验证证书的颁发者。客户端可以通过使用公钥加密来创建自己的签名的方式相同。与服务器/发行者可以通过用私钥解密来验证它的方式相同。
S: Private Key P: Public Key
S:私钥 P:公钥
S + Data = Certificate => Client (opens/verifies it with public key) P + Data = Signature => Server / Issuer (opens/verifies it with private key)
S + 数据 = 证书 => 客户端(用公钥打开/验证) P + 数据 = 签名 => 服务器/发行者(用私钥打开/验证)
