NO3.openssl生成证书，测试证书的公钥加密私钥解密

一、取公钥，例子中server.crt放在D盘根路径下

//获得给定格式的证书工厂
CertificateFactory cf = CertificateFactory.getInstance("X.509");
//读取证书的输入流
FileInputStream fis = new FileInputStream("D:/server.crt");
//获取证书对象
Certificate cert = cf.generateCertificate(fis);
//关闭输入流
fis.close();
//获取公钥
PublicKey publicKey = cert.getPublicKey();

 二、获取私钥

     1.直接读取server.key文件会报错：

      

 java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence

 

       

        需要把server.key文件转换为PKCS8格式：

        命令：

openssl pkcs8 -topk8 -nocrypt -in server.key -out myrsakey_pcks8

 

        生成一个PKCS8格式的秘钥myrsakey_pcks8

        myrsakey_pcks8的内容：

       

-----BEGIN PRIVATE KEY-----
MIICXQIBAAKBgQDB49bqrPV4BEmoWmBsLy/JNVbWC1Rz/tkKAjvszeE+8cQwxmYQ
oJMKXcmYSV9NF/Ftxj+Fydu9iHM8FzEQjDoB9pxPIfV8n4+F1R0y5rrTzBwYXuAm
JSo0OnLGXVhJSjwOGu0vRu4SoSH+g0QKHuPDoOAfiKdnNQuJF0TGug5yGwIDAQAB
AoGAVqOd9K2m3qNj2qPP9Ge9fbak/+5+JXsatvs6ld2Fql/UYEs3bnSiX/56x975
g/SQAJKW7gy+cVoYzCA8330ZqeBq4GFhisXeCL7YDakFraFHALcYo19BWSc02N96
cuq9qU9E0ZMNDBPlLrUrJ34i33B4eX+h1CLhO7rJzoyMPZkCQQD62T5uZqTR/5Aw
Uw3F/IGctwVUMRu9VeLVYnDSIKZasalDXujGtFjyhk9df+mjSq6reH/gg5PLBSPv
WErT5B6lAkEAxd8nbXERRqLhQlnzL6CnoqpwjPL6E7pnb7qIrgYchaONUQvlCEaH
31uy1VyDxueB1UwfY6VjZGIkd6SmkqYxvwJBAO2PKVnCaVra7UFmlkemz1SL20cV
TtDq8mvk0zWcaA7B66t6yXXMu+PKIIVKqwfSpUKMVoZX9XIyBwsXEZ5DjmUCQQDB
9v1cT/DicDomY6x6rJ6HW1JXKLux6REKOi1PgdglvGyD3QgXc6QvdGE6u6TFrxzb
bPJ8KJzkwzwCOFm8+cNbAkBue461A4i616SH7Q/VQ3In0qGTZ5QwHksHV86vbfmM
S/v6T/SOYqP/zDmMuZhsa+FyBrV8feYOb4vgbXoDaJtM
-----END PRIVATE KEY-----

 

 

     2.假设myrsakey_pcks8在D盘根目录下，

 

//获得指定格式的KEY工厂
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
//读取PKCS8文件
BufferedReader br = new BufferedReader(new FileReader("D:/rsakey_pcks8"));
//rsakey_pcks8首行注释-----BEGIN PRIVATE KEY-----
String s = br.readLine();
StringBuffer sb = new StringBuffer();
//读取rsakey_pcks8第二行
s = br.readLine();
//循环读取直到最后一行
while (s.charAt(0) != '-') {
	sb.append(s + "\r");
	s = br.readLine();
	}
//使用base64解码，这里使用org.apache.commons.codec.binary.Base64
byte[] keybyte = Base64.decodeBase64(sb.toString());
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keybyte);
//获取私钥
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

 三、使用公钥加密

//公钥加密解密方法
 public static byte[] cryptByPublicKey(PublicKey publicKey, int cipherMode,
                                          byte[] bytes) throws NoSuchAlgorithmException,
            NoSuchPaddingException, InvalidKeyException,
            IllegalBlockSizeException, BadPaddingException {

        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(cipherMode, publicKey);
        return cipher.doFinal(bytes);
    }

 使用公钥加密“12345”

byte[] b =cryptByPublicKey(publicKey, Cipher.ENCRYPT_MODE, "12345".getBytes());

 四、使用私钥解密

//使用私钥加密解密方法
  public static byte[] cryptByPrivateKey(PrivateKey privateKey,
                                           int cipherMode, byte[] plainTextBytes)
            throws NoSuchAlgorithmException, NoSuchPaddingException,
            InvalidKeyException, IllegalBlockSizeException, BadPaddingException {

        Cipher cipher = Cipher.getInstance("RSA");
        cipher.init(cipherMode, privateKey);
        return cipher.doFinal(plainTextBytes);
    }

 使用私钥解密

byte[] t = RSAUtil.cryptByPrivateKey(privateKey, Cipher.DECRYPT_MODE, b);
String out = new String(t, "utf-8");
System.out.println(out);

 结束。