RSA前后端加解密问题 jsencrypt加密 java解密

1、方案1（jsencrypt加密 java解密 ）

首先要了解到rsa加密后的byte数组类型需要base64加密才能变成String类型；解密的时候也是需要经过base64处理。同理，js这边rsa加密也是一样的，但是使用jsencrypt.js库人就不需要了，因为库里面会自动用base64处理。其次使用rsa处理的明文不能超过公钥的长度，公钥达到1024就属于安全了，如果用2048会是解密的时间变长，所以就用1024。但是这样就需要把所传的参数分段处理，注意使用slice （js）方法。最后就是上代码了。

    //尽量长yidia
    var sRequestData = "在这样雨雪交加的日子里，如果没有什么紧要事，人们宁愿一整天足不出户。因此，县城的大街小巷倒也比平时少了许多嘈杂。";
    $(function () {
        $("#one").on("click", function() {
             $.post("http://192.168.102.136:8080/mxpp-web/servlet/user/getTokenServlet",{},function(result){
                    token = result.token;
                   console.log(token);
               });
        });
 
        $("#two").on("click", function() {
             var encrypt = new JSEncrypt();
             encrypt.setPublicKey(token);
             var arr=Array();
             var arr1=Array();
             var str = "";
 
              var byteData = str2UTF8(sRequestData);
 
              if(byteData.length > 128) {
                 var arr=Array();
                 var arr1=Array();
                 for(var i=0;i<sRequestData.length;i+=37){ //约定好的用37就算中文也不会超过长度
                     arr.push(sRequestData.slice(i,i+37)); //slice比substring更好
                 }
                 console.log(arr);
                 for(var i in arr){
                     arr1.push(encrypt.encrypt(arr[i]));
                    console.log(arr[i]);
                 }
                 str=arr1.join(',');
              } else {
                  str = encrypt.encrypt(sRequestData);
              }
            
             $.post("http://192.168.102.136:8080/mxpp-web/servlet/user/test",{jsonStr:str, token:token},function(result){
                 debugger;
                    token = result.token;
               });
        });
    });
 
    function str2UTF8(str){  
        var bytes = new Array();   
        var len,c;  
        len = str.length;  
        for(var i = 0; i < len; i++){  
            c = str.charCodeAt(i);  
            if(c >= 0x010000 && c <= 0x10FFFF){  
                bytes.push(((c >> 18) & 0x07) | 0xF0);  
                bytes.push(((c >> 12) & 0x3F) | 0x80);  
                bytes.push(((c >> 6) & 0x3F) | 0x80);  
                bytes.push((c & 0x3F) | 0x80);  
            }else if(c >= 0x000800 && c <= 0x00FFFF){  
                bytes.push(((c >> 12) & 0x0F) | 0xE0);  
                bytes.push(((c >> 6) & 0x3F) | 0x80);  
                bytes.push((c & 0x3F) | 0x80);  
            }else if(c >= 0x000080 && c <= 0x0007FF){  
                bytes.push(((c >> 6) & 0x1F) | 0xC0);  
                bytes.push((c & 0x3F) | 0x80);  
            }else{  
                bytes.push(c & 0xFF);  
            }  
        }  
        return bytes;  
    }  
 
    </script>
</html>

 
 
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
 
import javax.crypto.Cipher;
 
import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
 
/**
 * rsa加密
 * 此类主要针对于jsencrypt.js给明文加密，server端java解密
 * @author liangjiawei
 *
 */
@SuppressWarnings("restriction")
public class RSAUtil {
    public static final Provider provider = new BouncyCastleProvider();
 
    private static final String PUBLIC_KEY = "RSAPublicKey";
 
    private static final String PRIVATE_KEY = "RSAPrivateKey";
 
    private static final String charSet = "UTF-8";
    
    public static final String KEY_ALGORITHM = "RSA";
 
    // 种子,改变后,生成的密钥对会发生变化
    //private static final String seedKey = "seedKey";
 
    /**
     * RSA最大加密明文大小
     */
    private static final int MAX_ENCRYPT_BLOCK = 117;
    
    /**
     * RSA最大解密密文大小
     */
    private static final int MAX_DECRYPT_BLOCK = 128;
    
    /**
     * 生成密钥对(公钥和私钥)
     * @return
     * @throws Exception
     */
    public static synchronized Map<String, Object> generateKeyPair() throws Exception {
        KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_ALGORITHM, provider);
        kpg.initialize(1024, new SecureRandom());//seedKey.getBytes()
        KeyPair keyPair = kpg.generateKeyPair();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
        Map<String, Object> keyMap = new HashMap<String, Object>(2);
        keyMap.put(PUBLIC_KEY, publicKey);
        keyMap.put(PRIVATE_KEY, privateKey);
        return keyMap;
    }
 
    public static PublicKey getPublicRSAKey(String modulus, String exponent)
            throws Exception {
        RSAPublicKeySpec spec = new RSAPublicKeySpec(
                new BigInteger(modulus, 16), new BigInteger(exponent, 16));
        KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
        return kf.generatePublic(spec);
    }
 
    /**
     * 获取公钥
     * @param key base64加密后的公钥
     * @return
     * @throws Exception
     */
    public static PublicKey getPublicRSAKey(String key) throws Exception {
        X509EncodedKeySpec x509 = new X509EncodedKeySpec(decryptBase64(key));
        KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
        return kf.generatePublic(x509);
    }
 
    /**
     * 获取私钥
     * @param key base64加密后的私钥
     * @return
     * @throws Exception
     */
    public static PrivateKey getPrivateRSAKey(String key) throws Exception {
        PKCS8EncodedKeySpec pkgs8 = new PKCS8EncodedKeySpec(decryptBase64(key));
        KeyFactory kf = KeyFactory.getInstance(KEY_ALGORITHM, provider);
        return kf.generatePrivate(pkgs8);
    }
 
    /**
     * 加密
     * @param input 明文
     * @param publicKey 公钥
     * @return
     * @throws Exception
     */
    public static byte[] encrypt(String input, PublicKey publicKey)
            throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", provider);
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);
        byte[] re = cipher.doFinal(input.getBytes(charSet));
        return re;
    }
 
    /**
     * 解密
     * @param encrypted 
     * @param privateKey
     * @return
     * @throws Exception
     */
    public static byte[] decrypt(byte[] encrypted, PrivateKey privateKey)
            throws Exception {
        Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", provider);
        cipher.init(Cipher.DECRYPT_MODE, privateKey);
        byte[] re = cipher.doFinal(encrypted);
        return re;
    }
    /**
     * base64加密
     * @param key
     * @return
     * @throws Exception
     */
    public static byte[] decryptBase64(String key) throws Exception {
        return (new BASE64Decoder()).decodeBuffer(key);
    }
    
    /**
     * base64解密
     * @param key
     * @return
     * @throws Exception
     */
    public static String encryptBase64(byte[] key) throws Exception {
        return (new BASE64Encoder()).encodeBuffer(key);
    }
    
    public static String getPrivateKey(Map<String, Object> keyMap)
            throws Exception {
        Key key = (Key) keyMap.get(PRIVATE_KEY);
        return encryptBase64(key.getEncoded());
    }
 
    public static String getPublicKey(Map<String, Object> keyMap)
            throws Exception {
        Key key = (Key) keyMap.get(PUBLIC_KEY);
        return encryptBase64(key.getEncoded());
    }
    
    /**
     * 分段解密
     * @param jsonEncryptStr 密文 格式 base64(rsa(明文)),base64(rsa(明文)),base64(rsa(明文))
     * @param privateKey base64加密后的秘钥
     * @return
     * @throws Exception
     */
    public static String segmentdecrypt(String jsonEncryptStr, String privateKey) throws Exception {
        String jsonStr = "";
        String[] str = jsonEncryptStr.split(",");
        if(str !=null && str.length > 0) {
            int inputLen = str.length;
            ByteArrayOutputStream out = new ByteArrayOutputStream();
            byte[] cache;
            int i = 0;
            // 对数据分段解密
            while (inputLen - 1 >= 0) {
                byte[] bt = RSAUtil.decryptBase64(str[i]);
                cache = RSAUtil.decrypt(bt, RSAUtil.getPrivateRSAKey(privateKey));
                out.write(cache, 0, cache.length);
                i++;
                inputLen--;
            }
            
            
            byte[] decryptedData = out.toByteArray();
            out.close();
            jsonStr = new String(decryptedData);
        }
        return jsonStr;
    }
}

//生成公钥私钥
        try {
            Map<String, Object> map = RSAUtil.generateKeyPair();
            String publicKey = RSAUtil.getPublicKey(map);
            String privateKey = RSAUtil.getPrivateKey(map);
            
            ICacheClient client = WebContextHolder.getCacheClient();
            client.set(publicKey, privateKey);
            
            comRes.setRetCode(GetTokenRes.OPT_RESULT_SUCCESS);
            comRes.setToken(publicKey);
        } catch (Exception e) {
            log.error(DataTypeConstant.MOD_CODE_SUBTYPE16, "getTokenServlet", "用户生成公钥接口异常.", e);
            comRes.setErrMsg("用户TOKEN生成失败！");
        }
        
        String jsonResult = JSON.toJSONString(comRes, SerializerFeature.WriteMapNullValue, 
                SerializerFeature.WriteNullStringAsEmpty, SerializerFeature.WriteNullNumberAsZero);
        
        return writeAjaxResponse(jsonResult);

ICacheClient client = WebContextHolder.getCacheClient();
            String privateKey = client.get(token);
            jsonStr = RSAUtil.segmentdecrypt(jsonEncryptStr, privateKey);

有用回复：

1、我在使用的时候中文参数解码后会出现乱码问题，在RSAUtil中改成 jsonStr = new String(decryptedData,"utf-8")就可以了

2、要注意一点js的rsa和java 生产的rsa不一定对接的上

2、方案2（node-forge加密 java解密）

前端（JavaScript/TypeScript）加密实践

前端进行RSA加密的第三方库采用 node-forge 库

import * as forge from 'node-forge';

      // publicKey需要先通过http从后台获取，后台可以写一些geKey接口供前端调用

      const pki = forge.pki;

      // 规定格式：publicKey之前需要加'-----BEGIN PUBLIC KEY-----\n'，之后需要加'\n-----END PUBLIC KEY-----'
      const publicK = pki.publicKeyFromPem('-----BEGIN PUBLIC KEY-----\n' + publicKey + '\n-----END PUBLIC KEY-----');

      // forge通过公钥加密后一般会是乱码格式，可进行base64编码操作再进行传输，相应的，后台获取到密文的密码后需要先进行base64解码操作再进行解密
      const passwordCrypto =  forge.util.encode64(publicK.encrypt(password));
      
      // ... 后面就是进行常规的发送登录请求，不同的是，也需要将publicKey作为一个参数传输到后台，后台需要以此找到对应的私钥

后端（Java）解密实践

网上后端解密的代码很多，但质量无法确保，正好我使用的 Hutool 这个Java的工具库，其中包含了非对称加密的工具，可以直接使用

/**
  * 获取秘钥-RSA
  * @return
  */
@RequestMapping(value = "/getKey",method = RequestMethod.POST)
@ResponseBody
public Result<String> getKeyOfRSA() {
    Result<String> result = new Result<>();

    RSA rsa = new RSA();
    String privateKeyBase64 = rsa.getPrivateKeyBase64();
    String publicKeyBase64 = rsa.getPublicKeyBase64();

    // 使用当前用户的session进行保存公钥私钥对
    Subject currentUser = SecurityUtils.getSubject();
    Session session = currentUser.getSession();
    session.setAttribute(publicKeyBase64, privateKeyBase64);
    return result.successWithData(publicKeyBase64);
}


/**
     * 解密password
     * @param password
     * @param publicKey
     * @return
     * @throws Exception
     */
    private String checkPassword(String password, String publicKey, String algorithm) throws Exception {
        Subject currentUser = SecurityUtils.getSubject();
        Session session = currentUser.getSession();

        // publicKey需要前端返回
        String privateKey = (String) session.getAttribute(publicKey);
        if(privateKey ==null){
            log.error("session中私钥失效.publickey={},password={}",publicKey,password);
            return null;
        }
        // 获取到私钥之后，需要将session中的该公钥私钥对信息移除
        session.removeAttribute(publicKey);
        // 构建，当只用私钥进行构造对象时，只允许使用该私钥进行加密和解密操作，本文只需要进行私钥解密，故只使用私钥构造对象
        RSA rsa = new RSA(privateKey, null);
        // 密码的密文先进行base64解码，之后再进行解密
        byte[] decrypt = rsa.decrypt(Base64.decode(password), KeyType.PrivateKey);
        String decryptStr = StrUtil.str(decrypt, CharsetUtil.CHARSET_UTF_8);
        
        return decryptStr;
    }

参考：https://blog.csdn.net/u010457492/article/details/78331549

           https://blog.csdn.net/adai_study/article/details/103496795