将Java代码转换为Go代码实现加密

哈喽！今天心血来潮给大家带来了《将Java代码转换为Go代码实现加密》，想必大家应该对Golang都不陌生吧，那么阅读本文就都不会很困难，以下内容主要涉及到，若是你正在学习Golang，千万别错过这篇文章~希望能帮助到你！

我有以下 java 代码，它使用 rsa 公钥和私钥进行加密和解密。

我在 go 中编写了类似的代码来执行相同的操作。

但是当我尝试使用用 java 代码加密的 go 代码解密字符串时，我看到错误： 加密/rsa：解密错误

public class encryptdecryptutil {

    private static final string mode = "rsa/none/oaepwithsha256andmgf1padding";
    private static encryptdecryptutil single_instance = null;

    public static encryptdecryptutil getinstance()
    {
        if (single_instance == null)
            single_instance = new encryptdecryptutil();
        return single_instance;
    }

    public static string encrypttext(string text, string keystr) throws exception {
        string resulttext = null;
        try {
            security.addprovider(new bouncycastleprovider());
            key publickey = getrsapublicfrompemformat(keystr);
            cipher cipher = cipher.getinstance(mode, "bc");
            cipher.init(cipher.encrypt_mode, publickey);
            resulttext = new string(base64.geturlencoder().encodetostring(cipher.dofinal(text.getbytes())));
        } catch (ioexception | generalsecurityexception e) {
            e.printstacktrace();
        }
        return resulttext;
    }

    public static string decrypttext(string text, string keystr) throws exception {
        string resulttext = null;
        try {
            security.addprovider(new bouncycastleprovider());
            key privatekey = getrsaprivatefrompemformat(keystr);
            cipher cipher = cipher.getinstance(mode, "bc");
            cipher.init(cipher.decrypt_mode, privatekey);
            resulttext = new string(cipher.dofinal(base64.geturldecoder().decode(text.getbytes())));

        } catch (ioexception | generalsecurityexception e) {
            e.printstacktrace();
        }
        return resulttext;
    }

    private static privatekey getrsaprivatefrompemformat(string keystr) throws exception {
        return (privatekey) getkeyfrompemstring(keystr, data -> new pkcs8encodedkeyspec(data), (kf, spec) -> {
            try {
                return kf.generateprivate(spec);
            } catch (invalidkeyspecexception e) {
                system.out.println("cannot generate privatekey from string : " + keystr + e);
                return null;
            }
        });
    }

    private static publickey getrsapublicfrompemformat(string keystr) throws exception {
        return (publickey) getkeyfrompemstring(keystr, data -> new x509encodedkeyspec(data), (kf, spec) -> {
            try {
                return kf.generatepublic(spec);
            } catch (invalidkeyspecexception e) {
                system.out.println("cannot generate publickey from string : " + keystr + e);
                return null;
            }
        });
    }

    private static key getkeyfrompemstring(string key, function<byte[], encodedkeyspec> buildspec,
                                         bifunction<keyfactory, encodedkeyspec, ? extends key> getkey) throws exception {
        try {
            // read pem format
            pemreader pemreader = new pemreader(new stringreader(key));
            pemobject pemobject = pemreader.readpemobject();
            pemreader.close();

            keyfactory kf = keyfactory.getinstance("rsa", "bc");
            return getkey.apply(kf, buildspec.apply(pemobject.getcontent()));
        } catch (exception e) {
            throw new exception(e.getmessage());
        }
    }

}

package encryption

import (
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha512"
    "crypto/x509"
    "encoding/base64"
    "encoding/pem"
    "fmt"
    "io/ioutil"
    "log"
)

// Encrypt encrypts string with public key
func Encrypt(msg string, publicKeyFilePath string) (string, error) {
    pubKey, err := ReadPublicKey(publicKeyFilePath)
    if err != nil {
        return "", err
    }
    encrypted, err := encrypt([]byte(msg), pubKey)
    if err != nil {
        return "", err
    }
    base64Encoded := base64.URLEncoding.WithPadding(61).EncodeToString(encrypted)
    return base64Encoded, nil
}

// Decrypt decrypts string with private key
func Decrypt(msg string, privateKeyFilePath string) (string, error) {
    privKey, err := ReadPrivateKey(privateKeyFilePath)
    if err != nil {
        return "", err
    }
    base64Decoded, err := base64.URLEncoding.WithPadding(61).DecodeString(msg)
    if err != nil {
        return "", err
    }
    decrypted, err := decrypt(base64Decoded, privKey)
    if err != nil {
        return "", err
    }
    return string(decrypted), nil
}

// GenerateKeyPair generates a new key pair
func GenerateKeyPair(bits int) (*rsa.PrivateKey, *rsa.PublicKey, error) {
    privkey, err := rsa.GenerateKey(rand.Reader, bits)
    if err != nil {
        return nil, nil, fmt.Errorf("Error generating Key Pair: %s", err)
    }
    return privkey, &privkey.PublicKey, nil
}

// ReadPublicKey reads public key from a file
func ReadPublicKey(publicKeyFile string) (*rsa.PublicKey, error) {
    pubPemData, err := ioutil.ReadFile(publicKeyFile)
    if err != nil {
        return nil, fmt.Errorf("Error [%s] reading public key from file: %s", err, publicKeyFile)
    }
    return BytesToPublicKey(pubPemData)
}

// ReadPrivateKey reads private key from a file
func ReadPrivateKey(privateKeyFile string) (*rsa.PrivateKey, error) {
    privKeyData, err := ioutil.ReadFile(privateKeyFile)
    if err != nil {
        return nil, fmt.Errorf("Error [%s] reading private key from file: %s", err, privateKeyFile)
    }
    return BytesToPrivateKey(privKeyData)
}

// PrivateKeyToBytes private key to bytes
func PrivateKeyToBytes(priv *rsa.PrivateKey) []byte {
    privBytes := pem.EncodeToMemory(
        &pem.Block{
            Type:  "RSA PRIVATE KEY",
            Bytes: x509.MarshalPKCS1PrivateKey(priv),
        },
    )

    return privBytes
}

// PublicKeyToBytes public key to bytes
func PublicKeyToBytes(pub *rsa.PublicKey) ([]byte, error) {
    pubASN1, err := x509.MarshalPKIXPublicKey(pub)
    if err != nil {
        return nil, fmt.Errorf("Error converting PublicKey to Bytes: %s", err)

    }

    pubBytes := pem.EncodeToMemory(&pem.Block{
        Type:  "RSA PUBLIC KEY",
        Bytes: pubASN1,
    })

    return pubBytes, nil
}

// BytesToPrivateKey bytes to private key
func BytesToPrivateKey(priv []byte) (*rsa.PrivateKey, error) {
    block, _ := pem.Decode(priv)

    enc := x509.IsEncryptedPEMBlock(block)
    b := block.Bytes
    var err error
    if enc {
        log.Println("is encrypted pem block")
        b, err = x509.DecryptPEMBlock(block, nil)
        if err != nil {
            return nil, fmt.Errorf("Error decrypting PEM Block: %s", err)
        }
    }
    key, err := x509.ParsePKCS1PrivateKey(b)
    if err != nil {
        return nil, fmt.Errorf("Error parsing PKCS1 Private Key: %s", err)
    }
    return key, nil
}

// BytesToPublicKey bytes to public key
func BytesToPublicKey(pub []byte) (*rsa.PublicKey, error) {
    block, _ := pem.Decode(pub)

    enc := x509.IsEncryptedPEMBlock(block)
    b := block.Bytes
    var err error
    if enc {
        log.Println("is encrypted pem block")
        b, err = x509.DecryptPEMBlock(block, nil)
        if err != nil {
            return nil, fmt.Errorf("Error decrypting PEM Block: %s", err)
        }
    }
    ifc, err := x509.ParsePKIXPublicKey(b)
    if err != nil {
        return nil, fmt.Errorf("Error parsing PKCS1 Public Key: %s", err)
    }
    key, ok := ifc.(*rsa.PublicKey)
    if !ok {
        return nil, fmt.Errorf("Error converting to Public Key: %s", err)
    }
    return key, nil
}

// encrypt encrypts data with public key
func encrypt(msg []byte, pub *rsa.PublicKey) ([]byte, error) {
    hash := sha512.New()
    ciphertext, err := rsa.EncryptOAEP(hash, rand.Reader, pub, msg, nil)
    if err != nil {
        return nil, fmt.Errorf("Error encrypting: %s", err)
    }
    return ciphertext, nil
}

// Decrypt decrypts data with private key
func decrypt(ciphertext []byte, priv *rsa.PrivateKey) ([]byte, error) {
    hash := sha512.New()
    plaintext, err := rsa.DecryptOAEP(hash, rand.Reader, priv, ciphertext, nil)
    if err != nil {
        return nil, fmt.Errorf("Error decrypting: %s", err)
    }
    return plaintext, nil
}

如何确保使用 java 代码加密的值能够被 go 代码正确解密。

解决方案

根据@Michael的评论，我更改了go代码以使用sha256.New()而不是sha512.New()，这解决了问题。 （接得好！） 我现在能够在 Java 中加密并在 Go 中解密。

到这里，我们也就讲完了《将Java代码转换为Go代码实现加密》的内容了。个人认为，基础知识的学习和巩固，是为了更好的将其运用到项目中，欢迎关注golang学习网公众号，带你了解更多关于的知识点！