1 加密流程
客户端底层私有数据,如用户信息,服务器信息等数据需要在保存时加密,使用时解密,具体流程为使用公钥进行加密,使用私钥进行解密。此密钥对置于客户端,不宜与服务端通讯秘钥一致。
客户端与服务端进行通讯数据加密,此时私钥不宜置于客户端,整体流程为客户端使用公钥对请求数据进行加密,服务端使用私钥进行解密,响应客户端时使用私钥进行加密,客户端得到数据使用私钥进行解密。
2 秘钥保存
直接放置于java端是不太安全的,可放置于native层,或者使用其他加密处理。
3 具体代码实现:
private static final int MAX_ENCRYPT_BLOCK = 117; private static final int MAX_DECRYPT_BLOCK = 128; /*分段加解密实现*/ public static byte[] decryptByPrivateKey(PrivateKey privateKey, byte[] encryptedData) throws Exception { Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, privateKey); int inputLen = encryptedData.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; for(int i = 0; inputLen - offSet > 0; offSet = i * MAX_DECRYPT_BLOCK) { byte[] cache; if(inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK); } else { cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); ++i; } byte[] decryptedData = out.toByteArray(); out.close(); return decryptedData; } public static byte[] decryptByPublicKey(PublicKey publicKey, byte[] encryptedData) throws Exception { Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.DECRYPT_MODE, publicKey); int inputLen = encryptedData.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; for(int i = 0; inputLen - offSet > 0; offSet = i * MAX_DECRYPT_BLOCK) { byte[] cache; if(inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK); } else { cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); ++i; } byte[] decryptedData = out.toByteArray(); out.close(); return decryptedData; } public static byte[] encryptByPublicKey(PublicKey publicKey, byte[] data) throws Exception { Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); int inputLen = data.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; for(int i = 0; inputLen - offSet > 0; offSet = i * MAX_ENCRYPT_BLOCK) { byte[] cache; if(inputLen - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK); } else { cache = cipher.doFinal(data, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); ++i; } byte[] encryptedData = out.toByteArray(); out.close(); return encryptedData; }