環(huán)境準(zhǔn)備:下載安裝Win64OpenSSL-1_1_0i.exe和jdk_1.8
一、生成.ssh文件(用于遠(yuǎn)程登陸)
生成 id_rsa 和 id_rsa.pub 文件
ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format] [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa] [-N new_passphrase] [-O option] [-w provider]
可以簡單生成一個(gè)2048位的密鑰對
ssh-keygen -t rsa -b 2048 -m PEM -C "message"
將公鑰發(fā)送到目標(biāo)主機(jī)
ssh-copy-id [ip]
如果修改了22端口為14000,那么可以使用命令
ssh-copy-id -i id_rsa.pub "-p14000" root@home.jianghuan.top
執(zhí)行成功之后,我們在目標(biāo)機(jī)器上查看/root/.ssh目錄已經(jīng)生成,并且多了一個(gè)名為authorized_keys的文件,里面保存的正是原機(jī)器上ssh-keygen生成的id_rsa.pub的內(nèi)容。
- id_rsa:私鑰
- id_rsa.pub:公鑰
- authorized_keys:存儲了可以遠(yuǎn)程登陸本機(jī)的節(jié)點(diǎn)的公鑰
- known_hosts:連接到本機(jī)的節(jié)點(diǎn)的信息,包括遠(yuǎn)程機(jī)器ip、遠(yuǎn)程機(jī)器公鑰。
ssh 遠(yuǎn)程密鑰登陸命令是:
ssh -i /path/to/private/key username@remote_host
二、openssl的證書指令
2.1 基本命令
生成私鑰
openssl genrsa -aes256 -out rsaprivatekey.pem 2048
- 生成rsa私鑰,aes256算法,2048位強(qiáng)度,密鑰文件為server.key。
生成公鑰
openssl rsa -in rsaprivatekey.pem -out rsapublickey.pem -pubout
將私鑰進(jìn)行pkcs8編碼給java用
openssl pkcs8 -topk8 -inform PEM -in rsaprivatekey.pem -outform PEM -out rsaprivatekey_pkcs8.pem -nocrypt
2.2 生成證書
2.2.1 創(chuàng)建自簽名證書
-
生成私鑰
openssl genrsa -aes256 -out server.key 2048 -
生成CSR(證書簽名請求)
Csr是證書請求文件,用于申請證書。openssl req -new -key server.key -out server.csr如果要支持https,Common Name應(yīng)該與域名保持一致,否則會引起瀏覽器警告。
-
刪除私鑰中的密碼
在第1步創(chuàng)建私鑰的過程中,由于必須要指定一個(gè)密碼。而這個(gè)密碼會帶來一個(gè)副作用,那就是在每次啟動Web服務(wù)器時(shí),都會要求輸入密碼,這顯然非常不方便。
要刪除私鑰中的密碼,操作如下:openssl rsa -in server.key -out server.key -
生成自簽名證書CRT
crt是CA認(rèn)證后的證書。用私鑰server.key給csr簽名后得到crt證書。openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
2.2.2 私有CA簽名證書(推薦)
-
創(chuàng)建root CA私鑰
openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crtCN輸入ca.rancher.com
-
為服務(wù)端生成證書簽名請求文件
openssl req -newkey rsa:4096 -nodes -sha256 -keyout demo.rancher.com.key -out demo.rancher.com.csrCN輸入demo.rancher.com;
注意:Commone Name一定要是你要授予證書的FQDN域名或主機(jī)名,并且不能與生成root CA設(shè)置的Commone Name相同
-
用第一步創(chuàng)建的CA證書給第二步生成的簽名請求進(jìn)行簽名
openssl x509 -req -days 365 -in demo.rancher.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out demo.rancher.com.crt
4.如果您使用IP,例如192.168.1.101來連接,則可以改為運(yùn)行以下命令:
echo 'subjectAltName = IP:192.168.1.101' > extfile.cnf
openssl x509 -req -days 365 -in demo.rancher.com.csr -CA ca.crt -CAkey ca.key -CAcreateserial -extfile extfile.cnf -out demo.rancher.com.crt
2.3 驗(yàn)證證書
注意: 因?yàn)槭褂玫氖亲院灻C書,瀏覽器會提示證書的頒發(fā)機(jī)構(gòu)是未知的。
把生成的ca證書和去除密碼的私鑰文件部署到web服務(wù)器后,執(zhí)行以下命令驗(yàn)證:
openssl s_client -connect demo.rancher.com:443 -servername demo.rancher.com -CAfile server-ca.crt
三、java庫的證書指令指令
3.1 基礎(chǔ)命令
3.1.1 增
使用JDK自帶工具keytool生成keystore和自簽名證書
keytool -genkeypair -keystore ./keystore -storepass hxrhxr123 -alias hxr -keypass hxrhxr123 -keyalg RSA -keysize 1024 -validity 365
- -keystore:秘鑰庫文件名,保存了生成的證書
- -storepass:秘鑰庫的訪問密碼
- -alias:秘鑰別名,默認(rèn) "mykey"
- -keypass:秘鑰的訪問密碼
- -keyalg:使用的hash算法,默認(rèn)"DSA"
- -keysize:密鑰長度,默認(rèn)1024
- -validity:有效期,默認(rèn)365天
創(chuàng)建新的密鑰
keytool -genkeypair -alias jetty2 -keypass bigdata123 -keyalg RSA -keysize 1024 -validity 365 -dname "CN=www.chenjie.asia,OU=,L=,ST=,C=" -keystore ./keystore -storepass hxrhxr123
- -dname:指定證書擁有者信息 "CN=名字與姓氏,OU=組織單位名稱,O=組織名稱,L=城市或區(qū)域名稱,ST=州或省份名稱,C=單位的兩字母國家代碼"
導(dǎo)入證書文件到密鑰庫中
keytool -import -alias jetty3 -file ./test.cer -keystore ./keystore -storepass hxrhxr123
導(dǎo)出密鑰庫中的證書密鑰
keytool -export [-rfc] -file ./jwt.crt -keystore ./keystore -storepass hxrhxr123 -alias jetty -keypass hxrhxr123
查看導(dǎo)出的crt證書信息
keytool -printcert -file "test.crt"
3.1.2 查
查看密鑰庫中所有密鑰
keytool -list [-v] -keystore jwtstore -storepass hxrhxr123
- -v:打印所有密鑰的詳細(xì)信息
查看別名是hxr 的證書信息
keytool -list [-v] [-rfc] -alias hxr -keystore jwtstore -storepass hxrhxr123
指定了 -v 選項(xiàng),將以可讀格式打印證書,如果指定了 -rfc 選項(xiàng),將以可打印的編碼格式輸出證書。
openssl查看公鑰
keytool -list -rfc --keystore uaacenter.jks | openssl x509 -inform pem -pubkey
3.1.3 改
修改密鑰庫密碼
keytool -keypasswd -new test1 -keystore ./keystore -storepass hxrhxr123
修改秘鑰庫中秘鑰的密碼
keytool -keypasswd -new testtest1 -keystore jwtstore -storepass hxrhxr123 -alias hxr -keypass hxrhxr123
修改密鑰庫中密鑰的信息
keytool -selfcert -dname "cn=chenjie.asia,ou=,o=,c=" -keystore ./keystore -storepass hxrhxr123 -alias jetty -keypass hxrhxr123
3.1.4 刪
刪除別名是hxr的證書信息
keytool -delete -alias hxr -keystore jwtstore -storepass hxrhxr123
3.1.5 jar包簽名
對InetAddress-1.0-SNAPSHOT.jar包進(jìn)行簽名
jarsigner -verbose -signedjar ./InetAddress-1.0-SNAPSHOT.jar.signed -keystore ./keystore -storepass hxrhxr123 -keypass bigdata123 ./InetAddress-1.0-SNAPSHOT.jar jetty
- -verbose 打印詳細(xì)信息
- -signedjar 簽名后文件存放的路徑
對簽名后的文件進(jìn)行驗(yàn)證
jarsigner -verbose -verify InetAddress-1.0-SNAPSHOT.jar.signed
如果jar包中的文件被篡改,則驗(yàn)證不通過。
如我們修改了jar包中的pom.xml文件的內(nèi)容,再進(jìn)行驗(yàn)證,報(bào)錯如下
D:\>jarsigner -verify InetAddress-1.0-SNAPSHOT.jar
jarsigner: java.lang.SecurityException: SHA-256 digest error for META-INF/maven/org.example/InetAddress/pom.xml
3.2 使自簽名證書受信任
3.2.1 將證書導(dǎo)出
keytool -export -rfc -file ./hxr.cer -alias jetty -keystore ./keystore -storepass hxrhxr123
3.2.2 使客戶端信任服務(wù)器
- 使chrome瀏覽器信任
進(jìn)入瀏覽器的【設(shè)置】-【隱私設(shè)置和安全性】-【安全】-【管理證書】中,添加證書到 "受信任的根證書頒發(fā)機(jī)構(gòu)"即可。
也可以直接雙擊證書安裝到電腦中。
重啟瀏覽器,再次訪問網(wǎng)頁發(fā)現(xiàn)證書已被信任。
可是還是不被信任 NET::ERR_CERT_COMMON_NAME_INVALID???奇怪!!!
- 使centos7.x服務(wù)器信任
將導(dǎo)出的證書內(nèi)容追加到/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem文件中
cat /etc/security/keytab/cos-bigdata-test-hadoop-01.cer >> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
再次請求就不會報(bào)證書不受信任。
- 使jdk信任證書
將證書添加到j(luò)dk的信任庫中,jdk的信任庫文件是cacerts。
這種情況的使用場景就是,有框架是java編寫的程序,在框架中請求一個(gè)自簽名證書配置的https服務(wù),如果不配置證書信任就會導(dǎo)致請求失敗。如hadoop框架中,如果配置了Https-only且證書是自簽名證書,那么默認(rèn)每分鐘Secondarynamenode會發(fā)起fetchImage的https請求,如果不配置自簽名證書可信任,就會導(dǎo)致請求失敗,Secondarynamenode功能失效。keytool -import -v -trustcacerts -alias cos-bigdata-test-hadoop-01 -file /etc/security/keytab/cos-bigdata-test-hadoop-01.crt -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
keytool和openssl的區(qū)別:keytool沒辦法簽發(fā)證書,而openssl能夠進(jìn)行簽發(fā)和證書鏈的管理。
因此,keytool 簽發(fā)的所謂證書只是一種自簽名證書。所謂自簽名就是指證書只能保證自己是完整的,沒有經(jīng)過非法修改的。但是無法保證這個(gè)證書是屬于誰的。
自簽名證書有個(gè)很麻煩地方:對于每一個(gè)要鏈接的服務(wù)器,都要保存一個(gè)證書的驗(yàn)證副本。而且一旦服務(wù)器更換證書,所有客戶端就需要重新部署這些副本。
也就是說,你可以用自簽名證書讓承認(rèn)你的人承認(rèn)你。但如果你做了一丁點(diǎn)變化,你需要讓所有之前承認(rèn)你的人再次承認(rèn)你。
對于比較大型的應(yīng)用來說,這一點(diǎn)是不可接受的。所以就需要證書鏈進(jìn)行 雙向認(rèn)證。而 證書鏈,keytool自己就沒辦法做了,需要用到 openssl.
四、通過代碼獲取秘鑰庫的公私鑰并對jwt進(jìn)行簽名和驗(yàn)簽
public class KeyPairTest {
@Test
public void testCreateToken(){
String location = "uaacenter.jks";
String storepass = "uaacenter";
String keypass = "uaacenter";
String alias = "uaacenter";
//加載證書
ClassPathResource resource = new ClassPathResource(location);
//讀取證書
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(resource,storepass.toCharArray());
//獲取證書中的一對秘鑰
KeyPair keyPair = keyStoreKeyFactory.getKeyPair(alias,keypass.toCharArray());
//獲取私鑰
RSAPrivateKey aPrivate = (RSAPrivateKey)keyPair.getPrivate();
System.out.println(Base64.encode(aPrivate.getEncoded()));
//創(chuàng)建令牌,需要私鑰加鹽[RSA算法]
Jwt jwt = JwtHelper.encode("abcdefg", new RsaSigner(aPrivate));
//將令牌用base64編碼得到token
String token = jwt.getEncoded();
System.out.println(token);
}
@Test
public void testParseToken(){
//TODO 獲取公鑰方式一:通過代碼從證書庫獲得公鑰
String location = "uaacenter.jks";
String storepass = "uaacenter";
String keypass = "uaacenter";
String alias = "uaacenter";
//加載證書
ClassPathResource resource = new ClassPathResource(location);
//讀取證書
KeyStoreKeyFactory keyStoreKeyFactory = new KeyStoreKeyFactory(resource,storepass.toCharArray());
//獲取證書中的一對秘鑰
KeyPair keyPair = keyStoreKeyFactory.getKeyPair(alias,keypass.toCharArray());
//獲取公鑰
RSAPublicKey aPublic = (RSAPublicKey)keyPair.getPublic();
System.out.println(Base64.encode(aPublic.getEncoded()));
//TODO 獲取公鑰方式二:通過openssl指令獲取公鑰
//需要帶上begin和end信息,并且去掉換行符
// String aPublic= "-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo668mNH7H86PzBCHsMsm7/Hxg4tK6YVWBWt74faDVrew6AzHfXz1S74ZoG5ftWt7hsQh2cFzpbnuMIYrhZatTEhnYNJA6T47meSb476WSc70/59w+21EIeQTbWUNhBZeA9r/M2u5ItBBJksyWSmMM6c2YRCeF7HC/KHFFGhWc46y9x6r3iqOrwnCAsrSjz9cIEvlCVgewLMxU5x9H/INZoqH3ZR8jUv/fIxFfju11izUrpxTb16SYC/t46Lb5l0Kynmrv4OOolGk0yJgeH3vgDnS/3OhlD08vGujnI6os7acCcXwEq3SDHvtOfd/Q/CBbUcDSQuk9ecyvtgFVRvOEwIDAQAB-----END PUBLIC KEY-----";
//解析之前得到的token
String token = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.YWJjZGVmZw.n1xeWFHjmh634MBzmC5aY9Q0Jo_EKRPPfjNf9eT6dguv3ivBHkBrFCVrVDMsM-f4Gy7ObrSCt-aR18tWySfmHgv9zp30YeXYbCg2sV_-pCPLJVE8wYuFYuuqnXINYNudAhp2rfhPApjh-jJxjVIdUB9NyMlWamAF7y-y3r2ox_32y0vqGQtNc6M6d9JR_MifVQWink8rGvhs-FVJlwDbhMt88kxsB9dOWhTspeQk9exfJIV_hDFhYiXLdQapG4t6FscEDeZjCRsuTfadj5KaJ3QwiWa711pZF50MBozCtE2NLSR_2UHtt_rmCMQcqDI3FphOHXN3GjadJn_gnfjpoQ";
//解碼后獲得jwt并通過公鑰驗(yàn)證是否有效
Jwt jwt = JwtHelper.decodeAndVerify(token, new RsaVerifier(aPublic));
String claims = jwt.getClaims();
System.out.println(claims);
}
}
打印的privateKey為
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCjrryY0fsfzo/MEIewyybv8fGDi0rphVYFa3vh9oNWt7DoDMd9fPVLvhmgbl+1a3uGxCHZwXOlue4whiuFlq1MSGdg0kDpPjuZ5JvjvpZJzvT/n3D7bUQh5BNtZQ2EFl4D2v8za7ki0EEmSzJZKYwzpzZhEJ4XscL8ocUUaFZzjrL3HqveKo6vCcICytKPP1wgS+UJWB7AszFTnH0f8g1miofdlHyNS/98jEV+O7XWLNSunFNvXpJgL+3jotvmXQrKeau/g46iUaTTImB4fe+AOdL/c6GUPTy8a6OcjqiztpwJxfASrdIMe+05939D8IFtRwNJC6T15zK+2AVVG84TAgMBAAECggEAN/2DwfrCHkU4ZyOYZt93OEjYxpiVTYAwxrXXsJn0n2tCdn44lzJxbjFe7sQStSpJHPZmZeiIuL37PloG9TFvolJ6GmKRlbeWB7RtpuAA5MqIgBB4Q2lDDxzHkHoqv24vRr5Y4awNrlzyjDjYxisyLFEchuN6ULyb6HMlyS9Ps0Mm2KyqmTErgMdedDveWQXl/76xlKEWRDvx8xXmH/ThrOrWhFT9TXGAshL1/ifyW+eeB/xEI2WhrqYRD/nLCl4wMQ2ZiJ0bdDDcDhhyzX6GGjJ0T9scQVDh1TEqdjRwQwP22xXPPwUPoeVQw23/7eaKpCDzlJPxn2+ZdMqxRjGPoQKBgQDSNteMuvLccJaOCYaJYMUc5pTknEzkxCYI1u8/AwoGgDqA5WtJmBHOOqVYfvgH9tzLD7K4dkNWTrvXOR3uh2IQgkqt9kjBv5V0JUWBjQMkY9Z0Boefh/wZCpKdIbNmymHWgagT096/yD4rpryQ8kQo3Bk6/XXALxJkBsVMhfVzyQKBgQDHVWAAWj0llJaFQvDlEab0IrVRvWISe7FJejBkWMFddgInRd039GVbK+OukOKbw0orMsR30/kfvrBFpR6ZDGGb2ivmwxoAyI7rvaN9TrjOKb4UsnKv5FG66NUIUG8/XBfuN+wLjs9E+wg26Y1XMiZ7TBidOgcmICPL83mh+60I+wKBgQDRZKGHZD1AScIeT+y8cTFHXYPYyLxrb9s3GOoNyTg2S4p7FIuvLhQmahKDuU3VmRhMCSIMTnk6woinlRR0olSTf0VmTZohrHXx0KKQrmb/25cl0c9MoMcEJpzuekBa1qNoaZSD05rhTFRpZNgWRcyRKtTTBuBBBGJ8UqY7WICryQKBgFXq3q5INwLzwM0/xUV3Dlc8fpr03kjJN+lL2X/nIbF/I/55hpiPpwBdMo4TtRkeW+GyyCw+GastLh1WxpGBXLEooLOedJ7R04iY/NcOD2oNY/jX0ccuymud3/TtdoYA0+/B+uQgcgZxjWDd2iYzX5LVgeaDFIHCaKuIDm1bZYHxAoGBAI1tVE6ZqgIXuRMRCTRXxYgfASMuVqGOJ1IokYrC7aCq1G2VvFz8SLxYKIUUNOOaAj7aazZ6Nu6m97aECOdkQO/ATt3ha4r/GrieEUK801BbgWvTvb668WKLRgJoo9cLbDS5ZxRN1o11FNuivWzah0ih+C+3iALwO6d/HMYMKEu+打印的publicKey如下,通過java代碼獲得的publicKey和openssl獲得的publicKey是一致的。需要注意的是直接使用公鑰字符串需要帶上begin和end前后綴。
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo668mNH7H86PzBCHsMsm7/Hxg4tK6YVWBWt74faDVrew6AzHfXz1S74ZoG5ftWt7hsQh2cFzpbnuMIYrhZatTEhnYNJA6T47meSb476WSc70/59w+21EIeQTbWUNhBZeA9r/M2u5ItBBJksyWSmMM6c2YRCeF7HC/KHFFGhWc46y9x6r3iqOrwnCAsrSjz9cIEvlCVgewLMxU5x9H/INZoqH3ZR8jUv/fIxFfju11izUrpxTb16SYC/t46Lb5l0Kynmrv4OOolGk0yJgeH3vgDnS/3OhlD08vGujnI6os7acCcXwEq3SDHvtOfd/Q/CBbUcDSQuk9ecyvtgFVRvOEwIDAQAB
public class ExportCert {
//導(dǎo)出證書 base64格式
public static void exportCert(KeyStore keyStore, String alias, String exportFile) throws Exception {
Certificate certificate = keyStore.getCertificate(alias);
BASE64Encoder encoder = new BASE64Encoder();
String encoded = encoder.encode(certificate.getEncoded());
FileWriter fw = new FileWriter(exportFile);
fw.write("------Begin Certificate----- \r\n ");//非必須
fw.write(encoded);
fw.write("\r\n-----End Certificate-----");//非必須
fw.close();
}
//得到KeyPair
public static KeyPair getKeyPair(KeyStore keyStore, String alias, char[] password){
try{
Key key = keyStore.getKey(alias, password);
if (key instanceof PrivateKey){
Certificate certificate = keyStore.getCertificate(alias);
PublicKey publicKey = certificate.getPublicKey();
return new KeyPair(publicKey, (PrivateKey) key);
}
}catch (UnrecoverableKeyException | NoSuchAlgorithmException | KeyStoreException e){
e.printStackTrace();
}
return null;
}
//導(dǎo)出私鑰
public static void exportPrivateKey(PrivateKey privateKey, String exportFile) throws Exception {
BASE64Encoder encoder = new BASE64Encoder();
String encoded = encoder.encode(privateKey.getEncoded());
FileWriter fileWriter = new FileWriter(exportFile);
fileWriter.write("-----Begin Private Key-----\r\n");//非必須
fileWriter.write(encoded);
fileWriter.write("\r\n-----End Private Key-----");//非必須
fileWriter.close();
}
//導(dǎo)出公鑰
public static void exportPublicKey(PublicKey publicKey, String exportFile) throws Exception {
BASE64Encoder encoder = new BASE64Encoder();
String encoded = encoder.encode(publicKey.getEncoded());
FileWriter fileWriter = new FileWriter(exportFile);
fileWriter.write("-----Begin Public Key-----\r\n");//非必須
fileWriter.write(encoded);
fileWriter.write("\r\n-----End Public Key-----");//非必須
fileWriter.close();
}
public static void main(String[] args) throws Exception{
String keyStoreType = "jks";
String keystoreFile = "D:\\project\\workspace\\HelloWorld\\out\\production\\HelloWorld\\kunpu\\ijvmkeys";
String password = "ijvm2ed"; //keystore的解析密碼
String friendPassword = "friend4life";//條目的解析密碼
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(new FileInputStream(keystoreFile), password.toCharArray());
String alias = "friend";//條目別名
String exportCertFile = "D:\\project\\workspace\\HelloWorld\\out\\production\\HelloWorld\\kunpu\\cert.txt";
String exportPrivateFile = "D:\\project\\workspace\\HelloWorld\\out\\production\\HelloWorld\\kunpu\\privateKey.txt";
String exportPublicFile = "D:\\project\\workspace\\HelloWorld\\out\\production\\HelloWorld\\kunpu\\publicKey.txt";
ExportCert.exportCert(keyStore, alias, exportCertFile);
KeyPair keyPair = ExportCert.getKeyPair(keyStore, alias, friendPassword.toCharArray()); //注意這里的密碼是你的別名對應(yīng)的密碼,不指定的話就是你的keystore的解析密碼
ExportCert.exportPrivateKey(keyPair.getPrivate(), exportPrivateFile);
ExportCert.exportPublicKey(keyPair.getPublic(), exportPublicFile);
System.out.println("OK");
}
}
將公鑰字符串轉(zhuǎn)化為PublicKey對象等方法
/**
* RSA加解密工具類
*/
public class RSAUtils {
//公鑰加密
public static String encrypt(String content, PublicKey publicKey) {
try{
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");//java默認(rèn)"RSA"="RSA/ECB/PKCS1Padding"
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] output = cipher.doFinal(content.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(output);
}catch (Exception e){
e.printStackTrace();
}
return null;
}
//公鑰加密
public static byte[] encrypt(byte[] content, PublicKey publicKey) {
try{
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");//java默認(rèn)"RSA"="RSA/ECB/PKCS1Padding"
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(content);
}catch (Exception e){
e.printStackTrace();
}
return null;
}
//私鑰解密
public static byte[] decrypt(byte[] content, PrivateKey privateKey) {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(content);
} catch (Exception e){
e.printStackTrace();
return null;
}
}
//私鑰解密
public static String decrypt(String content, PrivateKey privateKey) {
try {
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte [] b = cipher.doFinal(content.getBytes());
BASE64Encoder encoder = new BASE64Encoder();
return encoder.encode(b);
} catch (Exception e){
e.printStackTrace();
return null;
}
}
/**
* String轉(zhuǎn)公鑰PublicKey
* @param key
* @return
* @throws Exception
*/
public static PublicKey getPublicKey(String key) throws Exception {
byte[] keyBytes;
keyBytes = (new BASE64Decoder()).decodeBuffer(key);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(keySpec);
return publicKey;
}
/**
* String轉(zhuǎn)私鑰PrivateKey
* @param key
* @return
* @throws Exception
*/
public static PrivateKey getPrivateKey(String key) throws Exception {
byte[] keyBytes;
keyBytes = (new BASE64Decoder()).decodeBuffer(key);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
return privateKey;
}
}
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="REFRESH" content="0;url=dfshealth.html" />
<title>Hadoop Administration</title>
</head>
</html>
