You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
156 lines
3.4 KiB
156 lines
3.4 KiB
package util |
|
|
|
import ( |
|
"bytes" |
|
"crypto" |
|
"crypto/rand" |
|
"crypto/rsa" |
|
"crypto/x509" |
|
"encoding/asn1" |
|
"encoding/base64" |
|
"encoding/pem" |
|
"errors" |
|
"io" |
|
) |
|
|
|
const ( |
|
CHAR_SET = "UTF-8" |
|
BASE_64_FORMAT = "UrlSafeNoPadding" |
|
RSA_ALGORITHM_KEY_TYPE = "PKCS8" |
|
RSA_ALGORITHM_SIGN = crypto.SHA256 |
|
) |
|
|
|
type XRsa struct { |
|
publicKey *rsa.PublicKey |
|
privateKey *rsa.PrivateKey |
|
} |
|
|
|
// 生成密钥对 |
|
func CreateKeys(publicKeyWriter, privateKeyWriter io.Writer, keyLength int) error { |
|
// 生成私钥文件 |
|
privateKey, err := rsa.GenerateKey(rand.Reader, keyLength) |
|
if err != nil { |
|
return err |
|
} |
|
derStream := MarshalPKCS8PrivateKey(privateKey) |
|
block := &pem.Block{ |
|
Type: "PRIVATE KEY", |
|
Bytes: derStream, |
|
} |
|
err = pem.Encode(privateKeyWriter, block) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
// 生成公钥文件 |
|
publicKey := &privateKey.PublicKey |
|
derPkix, err := x509.MarshalPKIXPublicKey(publicKey) |
|
if err != nil { |
|
return err |
|
} |
|
block = &pem.Block{ |
|
Type: "PUBLIC KEY", |
|
Bytes: derPkix, |
|
} |
|
err = pem.Encode(publicKeyWriter, block) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
return nil |
|
} |
|
|
|
// 验证公私钥是否可用和构造XRsa结构体返回 |
|
func NewXRsa(publicKey []byte, privateKey []byte) (*XRsa, error) { |
|
block, _ := pem.Decode(publicKey) |
|
if block == nil { |
|
return nil, errors.New("public key error") |
|
} |
|
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) |
|
if err != nil { |
|
return nil, err |
|
} |
|
pub := pubInterface.(*rsa.PublicKey) |
|
|
|
block, _ = pem.Decode(privateKey) |
|
if block == nil { |
|
return nil, errors.New("private key error!") |
|
} |
|
priv, err := x509.ParsePKCS8PrivateKey(block.Bytes) |
|
if err != nil { |
|
return nil, err |
|
} |
|
|
|
pri, ok := priv.(*rsa.PrivateKey) |
|
if ok { |
|
return &XRsa{ |
|
publicKey: pub, |
|
privateKey: pri, |
|
}, nil |
|
} else { |
|
return nil, errors.New("private key not supported") |
|
} |
|
} |
|
|
|
// 公钥加密 |
|
func (r *XRsa) PublicEncrypt(data string) (string, error) { |
|
partLen := r.publicKey.N.BitLen()/8 - 11 |
|
chunks := split([]byte(data), partLen) |
|
|
|
buffer := bytes.NewBufferString("") |
|
for _, chunk := range chunks { |
|
bytes, err := rsa.EncryptPKCS1v15(rand.Reader, r.publicKey, chunk) |
|
if err != nil { |
|
return "", err |
|
} |
|
buffer.Write(bytes) |
|
} |
|
|
|
return base64.StdEncoding.EncodeToString(buffer.Bytes()), nil |
|
} |
|
|
|
// 私钥解密 |
|
func (r *XRsa) PrivateDecrypt(encrypted string) (string, error) { |
|
partLen := r.publicKey.N.BitLen() / 8 |
|
raw, err := base64.StdEncoding.DecodeString(encrypted) |
|
chunks := split([]byte(raw), partLen) |
|
|
|
buffer := bytes.NewBufferString("") |
|
for _, chunk := range chunks { |
|
decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, r.privateKey, chunk) |
|
if err != nil { |
|
return "", err |
|
} |
|
buffer.Write(decrypted) |
|
} |
|
|
|
return buffer.String(), err |
|
} |
|
|
|
func MarshalPKCS8PrivateKey(key *rsa.PrivateKey) []byte { |
|
info := struct { |
|
Version int |
|
PrivateKeyAlgorithm []asn1.ObjectIdentifier |
|
PrivateKey []byte |
|
}{} |
|
info.Version = 0 |
|
info.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1) |
|
info.PrivateKeyAlgorithm[0] = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} |
|
info.PrivateKey = x509.MarshalPKCS1PrivateKey(key) |
|
|
|
k, _ := asn1.Marshal(info) |
|
return k |
|
} |
|
|
|
func split(buf []byte, lim int) [][]byte { |
|
var chunk []byte |
|
chunks := make([][]byte, 0, len(buf)/lim+1) |
|
for len(buf) >= lim { |
|
chunk, buf = buf[:lim], buf[lim:] |
|
chunks = append(chunks, chunk) |
|
} |
|
if len(buf) > 0 { |
|
chunks = append(chunks, buf[:len(buf)]) |
|
} |
|
return chunks |
|
}
|
|
|