全部标签
写点什么
OpenHarmony算法元宇宙MySQL移动开发学习方法Web3.0高效工作数据库Python音视频前端AI大数据团队管理程序员运维深度思考低代码redisgolang微服务架构flutter 查看更多

小课堂|RSA 加密数据太长报错解决

作者:孟君的编程札记
  • 2022-12-27
    浙江

  • 本文字数:5943 字

    阅读完需:约 19 分钟

很多时候,我们需要在开发中对某些数据进行加密。比如登录对密码进行 RSA 加密。RSA 加密算法是一种非对称加密算法,公钥加密私钥解密。

RSA 是 1977 年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的。当时他们三人都在麻省理工学院工作。RSA 就是他们三人姓氏开头字母拼在一起组成的。但是,如果加密数据比较长的话,可能会出现问题,如:javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes


1、问题重现

我们可以编写一个 RSA 的简单实现,如:

import java.io.UnsupportedEncodingException;import java.security.KeyFactory;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;
public final class RsaUtils {
  private RsaUtils() {  }
  /**   * 获取公钥和私钥对,key为公钥,value为私钥   *    * @return   * @throws NoSuchAlgorithmException   */  public static Map<String, String> genKeyPair() throws NoSuchAlgorithmException {    KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");    keyPairGen.initialize(1024, new SecureRandom());    KeyPair keyPair = keyPairGen.generateKeyPair();    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();    String publicKeyString = null;    String privateKeyString = null;
    try {      publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()), "UTF-8");      privateKeyString = new String(Base64.encodeBase64(privateKey.getEncoded()), "UTF-8");    } catch (UnsupportedEncodingException var7) {      var7.printStackTrace();    }    Map<String, String> keyPairMap = new HashMap<>();    keyPairMap.put("publicKey", publicKeyString);    keyPairMap.put("privateKey", privateKeyString);    return keyPairMap;  }
  public static String encrypt(String str, String publicKey) throws Exception {    byte[] decoded = Base64.decodeBase64(publicKey);    RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA")        .generatePublic(new X509EncodedKeySpec(decoded));    Cipher cipher = Cipher.getInstance("RSA");    cipher.init(1, pubKey);    String outStr = Base64.encodeBase64String(cipher.doFinal(str.getBytes("UTF-8")));    return outStr;  }
  public static String decrypt(String str, String privateKey) throws Exception {    byte[] inputByte = Base64.decodeBase64(str.getBytes("UTF-8"));    byte[] decoded = Base64.decodeBase64(privateKey);    RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA")        .generatePrivate(new PKCS8EncodedKeySpec(decoded));    Cipher cipher = Cipher.getInstance("RSA");    cipher.init(2, priKey);    String outStr = new String(cipher.doFinal(inputByte), "UTF-8");    return outStr;  }}
复制代码

写一个简单的测试:

public class Main {
  public static void main(String[] args) throws Exception {            Map<String, String> keyMap = RsaUtils.genKeyPair();    String publicKey = keyMap.get("publicKey");    String privateKey = keyMap.get("privateKey");    System.out.println("publicKey = " + publicKey);    System.out.println("privateKey = " + privateKey);    String originValue = "原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111";    // 加密前:原数据123456,测试一下    System.out.println("加密前:" + originValue);
    String encrypt = RsaUtils.encrypt(originValue, publicKey);    System.out.println("加密后:" + encrypt);    String decrypt = RsaUtils.decrypt(encrypt, privateKey);    System.out.println("解密后:" + decrypt);  }}
复制代码

错误重现:

Exception in thread "main" javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes  at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:346)  at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:391)  at javax.crypto.Cipher.doFinal(Cipher.java:2168)  at com.********.crypto.rsa.RsaUtils.encrypt(RsaUtils.java:58)  at Main.main(Main.java:19)
复制代码


2、原因

Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
复制代码

表示,使用 RSA 算法,并且加 PAD 的方式按照 PKCS1 的标准。

输入数据长度小于等于密钥的位数/8-11,例如:1024 位密钥,1024/8-11 =117。不足的部分,程序会自动补齐。加密后的数据还是等于密钥的位数/8。

Cipher 提供加解密 API,其中 RSA 非对称加密解密内容长度是有限制的,加密长度不超过 117Byte,解密长度不超过 128Byte,报错如下:javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes

3、解决

既然 Cipher 加解密有长度限制,那么如果超过 117 bytes,我们可以采用分段加密、分段解密的方式进行

import java.io.ByteArrayOutputStream;import java.io.UnsupportedEncodingException;import java.net.URLDecoder;import java.net.URLEncoder;import java.security.KeyFactory;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;import java.security.interfaces.RSAPrivateKey;import java.security.interfaces.RSAPublicKey;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;import java.util.HashMap;import java.util.Map;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Base64;import org.apache.commons.lang3.ArrayUtils;
public final class RsaUtils {
  // RSA最大加密明文大小  private static final int MAX_ENCRYPT_BLOCK = 117;
  // RSA最大解密密文大小  private static final int MAX_DECRYPT_BLOCK = 128;
  private RsaUtils() {  }
  /**   * 获取公钥和私钥对,key为公钥,value为私钥   *    * @return   * @throws NoSuchAlgorithmException   */  public static Map<String, String> genKeyPair() throws NoSuchAlgorithmException {    KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");    keyPairGen.initialize(1024, new SecureRandom());    KeyPair keyPair = keyPairGen.generateKeyPair();    RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();    RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();    String publicKeyString = null;    String privateKeyString = null;
    try {      publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()), "UTF-8");      privateKeyString = new String(Base64.encodeBase64(privateKey.getEncoded()), "UTF-8");    } catch (UnsupportedEncodingException var7) {      var7.printStackTrace();    }
    Map<String, String> keyPairMap = new HashMap<>();    keyPairMap.put("publicKey", publicKeyString);    keyPairMap.put("privateKey", privateKeyString);    return keyPairMap;  }
  public static String encrypt(String str, String publicKey) throws Exception {    byte[] decoded = Base64.decodeBase64(publicKey);    RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA")        .generatePublic(new X509EncodedKeySpec(decoded));    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");    cipher.init(1, pubKey);    // 分段加密    // URLEncoder编码解决中文乱码问题    byte[] data = URLEncoder.encode(str, "UTF-8").getBytes("UTF-8");    // 加密时超过117字节就报错。为此采用分段加密的办法来加密    byte[] enBytes = null;    for (int i = 0; i < data.length; i += MAX_ENCRYPT_BLOCK) {      // 注意要使用2的倍数,否则会出现加密后的内容再解密时为乱码      byte[] doFinal = cipher.doFinal(ArrayUtils.subarray(data, i, i + MAX_ENCRYPT_BLOCK));      enBytes = ArrayUtils.addAll(enBytes, doFinal);    }    String outStr = Base64.encodeBase64String(enBytes);    return outStr;  }
  /**   * 公钥分段解密   *    * @param str   * @param privateKey   * @return   * @throws Exception   */  public static String decrypt(String str, String privateKey) throws Exception {    // 获取公钥    byte[] decoded = Base64.decodeBase64(privateKey);    RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA")        .generatePrivate(new PKCS8EncodedKeySpec(decoded));    Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");    cipher.init(2, priKey);    byte[] data = Base64.decodeBase64(str.getBytes("UTF-8"));
    // 返回UTF-8编码的解密信息    int inputLen = data.length;    ByteArrayOutputStream out = new ByteArrayOutputStream();    int offSet = 0;    byte[] cache;    int i = 0;    // 对数据分段解密    while (inputLen - offSet > 0) {      if (inputLen - offSet > MAX_DECRYPT_BLOCK) {        cache = cipher.doFinal(data, offSet, MAX_DECRYPT_BLOCK);      } else {        cache = cipher.doFinal(data, offSet, inputLen - offSet);      }      out.write(cache, 0, cache.length);      i++;      offSet = i * 128;    }    byte[] decryptedData = out.toByteArray();    out.close();    return URLDecoder.decode(new String(decryptedData, "UTF-8"), "UTF-8");  }
}
复制代码

再次测试一下,把测试数据长度加大很多:


public class Main {
  public static void main(String[] args) throws Exception {            Map<String, String> keyMap = RsaUtils.genKeyPair();    String publicKey = keyMap.get("publicKey");    String privateKey = keyMap.get("privateKey");    System.out.println("publicKey = " + publicKey);    System.out.println("privateKey = " + privateKey);    String originValue = "原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111原数据123456,测试一下1111111111111111111111111111111111111222222222222222222221111111111111111111111111111111111111111111111111";    // 加密前:原数据123456,测试一下    System.out.println("加密前:" + originValue);
    String encrypt = RsaUtils.encrypt(originValue, publicKey);    System.out.println("加密后:" + encrypt);    String decrypt = RsaUtils.decrypt(encrypt, privateKey);    System.out.println("解密后:" + decrypt);  }}
复制代码

可以发现,能够正常加解密,至此问题解决。

划线
评论
复制
发布于: 刚刚阅读数: 4
JavarsaRSA密码
用户头像

孟君的编程札记

关注

脚踏实地,仰望星空 2019-09-13 加入

还未添加个人简介

评论

发布
暂无评论
Copyright © 2022, Geekbang Technology Ltd. All rights reserved. 极客邦控股(北京)有限公司 | 京 ICP 备 16027448 号 - 5京公网安备京公网安备 11010502039052号
小课堂|RSA加密数据太长报错解决_Java_孟君的编程札记_InfoQ写作社区