You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
127 lines
3.5 KiB
127 lines
3.5 KiB
package rsa
|
|
|
|
import (
|
|
"bytes"
|
|
"crypto"
|
|
"crypto/rand"
|
|
"crypto/rsa"
|
|
"crypto/sha1"
|
|
"crypto/x509"
|
|
"encoding/base64"
|
|
"fmt"
|
|
)
|
|
|
|
//Secret defines the private key type
|
|
type Secret uint
|
|
|
|
const (
|
|
PKCS1 Secret = iota
|
|
PKCS8
|
|
)
|
|
|
|
// SignWithSha1Base64 @Title 签名 采用sha1算法进行签名并输出为Base64格式
|
|
func SignWithSha1Base64(data string, privateKey *rsa.PrivateKey) (string, error) {
|
|
h := sha1.New()
|
|
h.Write([]byte(data))
|
|
hash := h.Sum(nil)
|
|
signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA1, hash[:])
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
out := base64.StdEncoding.EncodeToString(signature)
|
|
return out, nil
|
|
}
|
|
|
|
// EncryptWithSha1Base64 @Title 加密 采用sha1算法加密后转base64格式
|
|
func EncryptWithSha1Base64(originalData string, publicKey *rsa.PublicKey) (string, error) {
|
|
partLen := publicKey.N.BitLen()/8 - 11
|
|
chunks := split([]byte(originalData), partLen)
|
|
buff := bytes.NewBufferString("")
|
|
for _, chunk := range chunks {
|
|
encryptedData, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, chunk)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
buff.Write(encryptedData)
|
|
}
|
|
return base64.StdEncoding.EncodeToString(buff.Bytes()), nil
|
|
}
|
|
|
|
// DecryptWithSha1Base64 @Title 解密 对采用sha1算法加密后转base64格式的数据进行解密
|
|
func DecryptWithSha1Base64(encryptedData string, privateKey *rsa.PrivateKey) (string, error) {
|
|
encryptedDecodeBytes, err := base64.StdEncoding.DecodeString(encryptedData)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
partLen := privateKey.PublicKey.N.BitLen() / 8
|
|
chunks := split(encryptedDecodeBytes, partLen)
|
|
buffer := bytes.NewBufferString("")
|
|
for _, chunk := range chunks {
|
|
decrypted, err := rsa.DecryptPKCS1v15(rand.Reader, privateKey, chunk)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
buffer.Write(decrypted)
|
|
}
|
|
return buffer.String(), err
|
|
}
|
|
|
|
func split(buf []byte, lim int) [][]byte {
|
|
var chunk []byte
|
|
chunks := make([][]byte, 0, len(buf)/lim+1)
|
|
for len(buf) >= lim {
|
|
chunk, buf = buf[:lim], buf[lim:]
|
|
chunks = append(chunks, chunk)
|
|
}
|
|
if len(buf) > 0 {
|
|
chunks = append(chunks, buf[:len(buf)])
|
|
}
|
|
return chunks
|
|
}
|
|
|
|
//ParsePrivateKey parses private key bytes to rsa privateKey
|
|
func ParsePrivateKey(privateKeyDecoded string, keyType Secret) (*rsa.PrivateKey, error) {
|
|
decodeString, err := base64.StdEncoding.DecodeString(privateKeyDecoded)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
switch keyType {
|
|
case PKCS1:
|
|
return x509.ParsePKCS1PrivateKey(decodeString)
|
|
case PKCS8:
|
|
keyParsed, err := x509.ParsePKCS8PrivateKey(decodeString)
|
|
return keyParsed.(*rsa.PrivateKey), err
|
|
default:
|
|
return &rsa.PrivateKey{}, fmt.Errorf("secretInfo PrivateKeyDataType unsupport")
|
|
}
|
|
}
|
|
|
|
//ParsePublicKey parses public key bytes to rsa publicKey
|
|
func ParsePublicKey(privateKeyDecoded string) (*rsa.PublicKey, error) {
|
|
decodeString, err := base64.StdEncoding.DecodeString(privateKeyDecoded)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
publicKey, err := x509.ParsePKIXPublicKey(decodeString)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return publicKey.(*rsa.PublicKey), nil
|
|
}
|
|
|
|
// ParseCertificate 解析证书
|
|
func ParseCertificate(certString string) (*x509.Certificate, error) {
|
|
decodeString, _ := base64.StdEncoding.DecodeString(certString)
|
|
return x509.ParseCertificate(decodeString)
|
|
}
|
|
|
|
// RsaEncrypt @Title Rsa加密
|
|
func RsaEncrypt(origData []byte, publicKey *rsa.PublicKey) ([]byte, error) {
|
|
return rsa.EncryptPKCS1v15(rand.Reader, publicKey, origData)
|
|
}
|
|
|
|
// RsaDecrypt @Title Rsa解密
|
|
func RsaDecrypt(ciphertext []byte, privateKey *rsa.PrivateKey) ([]byte, error) {
|
|
return rsa.DecryptPKCS1v15(rand.Reader, privateKey, ciphertext)
|
|
}
|