1.秘钥、加密/签名字符串加密的格式
目前主要见到有hex及base64
(1)hex
针对hex的加解密
import (
"encoding/hex"
)
hex.DecodeString(s string)//解密
hex.EncodeToString(src []byte) string//加密(2)base64
import (
"encoding/base64"
"fmt"
)
// 函数原型 解密
base64.StdEncoding.DecodeString(s string) ([]byte, error)
// 函数原型 加密
base64.StdEncoding.EncodeToString(src []byte) string
// 演示base64编码
encodeString := base64.StdEncoding.EncodeToString(input)
fmt.Println(encodeString)
// 对上面的编码结果进行base64解码
decodeBytes, err := base64.StdEncoding.DecodeString(encodeString)
if err != nil {
log.Fatalln(err)
}2.私钥的格式
解析私钥的方式如下:
(1)PKCS1
import (
"crypto/x509"
)
x509.ParsePKCS1PrivateKey(der []byte) (key interface{}, err error)(2)PKCS8
import (
"crypto/x509"
)
x509.ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)3.采用的数字签名算法SHA
以下应RSA sign的不同说明:
(1)SHA1
import (
"crypto/sha1"
"crypto/rsa"
"crypto/rand"
)
hash := sha1.New()
hash.Write([]byte(originalData))
encryptedData, err := rsa.SignPKCS1v15(rand.Reader, prvKey, crypto.SHA1, hash.Sum(nil))(2)SHA256
import (
"crypto/sha256"
"crypto/rsa"
"crypto/rand"
)
hash := sha256.New()
hash.Write([]byte(originalData))
encryptedData, err := rsa.SignPKCS1v15(rand.Reader, prvKey, crypto.SHA256, hash.Sum(nil))4.RSA使用类型
主要有加密/解密、签名/验签4中方式,且加密/解密与签名/验签均是一个相反的过程。两对是根据对公钥及私钥的使用划分的。
加密/解密是采用公钥加密,私钥解密。
签名/验签是采用私钥签名,公钥验签。
(1)加密
import (
"crypto/rsa"
"crypto/rand"
)
rsa.EncryptPKCS1v15(rand io.Reader, pub *PublicKey, msg []byte) ([]byte, error)(2)解密
import (
"crypto/rsa"
"crypto/rand"
)
rsa.DecryptPKCS1v15(rand io.Reader, priv *PrivateKey, ciphertext []byte) ([]byte, error)(3)签名
import (
"crypto/rsa"
"crypto/rand"
)
rsa.SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte) ([]byte, error)(4)验签
import (
"crypto/rsa"
)
rsa.VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error
5.具体的使用示例
import (
"crypto/x509"
"crypto/rsa"
"encoding/hex"
"encoding/base64"
"crypto/sha1"
"crypto/rand"
)
//(1)加密:采用sha1算法加密后转base64格式
func RsaEncryptWithSha1Base64(originalData,publicKey string)(string,error){
key, _ := base64.StdEncoding.DecodeString(publicKey)
pubKey, _ := x509.ParsePKIXPublicKey(key)
encryptedData,err:=rsa.EncryptPKCS1v15(rand.Reader, pubKey.(*rsa.PublicKey), []byte(originalData))
return base64.StdEncoding.EncodeToString(encryptedData),err
}
//(2)解密:对采用sha1算法加密后转base64格式的数据进行解密(私钥PKCS1格式)
func RsaDecryptWithSha1Base64(encryptedData,privateKey string)(string,error){
encryptedDecodeBytes,err:=base64.StdEncoding.DecodeString(encryptedData)
if err!=nil {
return "",err
}
key,_:=base64.StdEncoding.DecodeString(privateKey)
prvKey,_:=x509.ParsePKCS1PrivateKey(key)
originalData,err:=rsa.DecryptPKCS1v15(rand.Reader,prvKey,encryptedDecodeBytes)
return string(originalData),err
}
//(3)签名:采用sha1算法进行签名并输出为hex格式(私钥PKCS8格式)
func RsaSignWithSha1Hex(data string, prvKey string) (string, error) {
keyByts, err := hex.DecodeString(prvKey)
if err != nil {
fmt.Println(err)
return "", err
}
privateKey, err := x509.ParsePKCS8PrivateKey(keyByts)
if err != nil {
fmt.Println("ParsePKCS8PrivateKey err", err)
return "", err
}
h := sha1.New()
h.Write([]byte([]byte(data)))
hash := h.Sum(nil)
signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), crypto.SHA1, hash[:])
if err != nil {
fmt.Printf("Error from signing: %s\n", err)
return "", err
}
out := hex.EncodeToString(signature)
return out, nil
}
//(4)验签:对采用sha1算法进行签名后转base64格式的数据进行验签
func RsaVerySignWithSha1Base64(originalData, signData, pubKey string) error{
sign, err := base64.StdEncoding.DecodeString(signData)
if err != nil {
return err
}
public, _ := base64.StdEncoding.DecodeString(pubKey)
pub, err := x509.ParsePKIXPublicKey(public)
if err != nil {
return err
}
hash := sha1.New()
hash.Write([]byte(originalData))
return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA1, hash.Sum(nil), sign)
}