1.公钥私钥的应用
对于数据传输安全这块,加密是必要的;首先后端生成公钥私钥对及索引key,继而存储到相应的缓存库;然后将公钥和索引key返回给前端,前端通过公钥加密需要传输的明文;最后将密文和索引key传递给后端,后端通过索引key在缓存库中匹配相应的私钥,通过对应的私钥解密前端传来的密文。每次请求都会生成不同的公钥秘钥对,这样安全性会更高
2.公钥密钥对的生成
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"log"
"testing"
)
func TestKeyGenerate(t *testing.T) {
//var bits int
//flag.IntVar(&bits, "b", 1024, "密钥长度,默认为1024位")
if err := GenRsaKey(1024); err != nil {
log.Fatal("密钥文件生成失败!")
}
log.Println("密钥文件生成成功!")
}
func GenRsaKey(bits int) error {
// 生成私钥文件
privateKey, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return err
}
derStream := x509.MarshalPKCS1PrivateKey(privateKey)
priBlock := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: derStream,
}
fmt.Printf("=======私钥文件内容=========%v", string(pem.EncodeToMemory(priBlock)))
// 生成公钥文件
publicKey := &privateKey.PublicKey
derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
if err != nil {
return err
}
publicBlock := &pem.Block{
Type: "PUBLIC KEY",
Bytes: derPkix,
}
fmt.Printf("=======公钥文件内容=========%v", string(pem.EncodeToMemory(publicBlock)))
if err != nil {
return err
}
return nil
}
3.加解密过程
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"errors"
"fmt"
"testing"
)
// 可通过openssl产生
//openssl genrsa -out rsa_private_key.pem 1024
var privateKey = []byte(`
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDP2z9C4/iLNrlzP/RYuKNdJ3MzvYh7j2yrGAo9MvZGy4hvCJfY
djS+SSXn++YEIORr+9X+SMHu9gHGi3kBxTbEUmVIc0ee13xmh12mpcu6QoOGseD7
Q2dPx9Kjc21jeqJU3WS5QSelMN3DZVLrwt9Hjy8Tw0Cxp0yhkCPZ3ZVPUQIDAQAB
AoGAVqnmZYBht8G4buoief959bQmH1OOHV5+g5PBaSTfdEMWfp0JmrImaZRcHq5z
iBMiyjc1URGK8pRVxy+N44QTweRoEmFjGWuHVoO1exElH3Oh18+Xvlmm3wJ22rpz
MvUqlA0hMhLfo2keSTy4wS4ZNz/lzPImuWPZo08FbjrqfrECQQD4iKLUvw6MLs4S
icaNQYLBHV9fjlZTNCI552ELKs9OLDk8++9FNFxFXOO8T6hdAbhhwoD75m7IPAb3
Kmj1i7T9AkEA1hnHn5ZuX6BIinNe0g6s6DVgPeTTJoIczMst29x78VlhpEa7WX/l
q4vLVH0CtVYmaluUeZOe6d3hVaJw2zbd5QJBAJ+a567mT0pZGH+xOPAn3Pd1jHUK
LIfcWAqFe723LVBPeCagyATSXlsxDxM0uLOZ0jX9ueWLEyPF4NdDxgnCQWUCQQDE
/E8oy/WdUhGsIN4bEpmPxJxaFhEYGxp4anA1G7WFp6EozlNN01jy7toTUDmPskYC
EWSYP3Q05IqQibagWujpAkAo5vcQE7E5NB5Fhmb5fliul+gQ232W+LM8QqScRI2j
F9iSqwhhwFTD/KgEL1cLnO9D4LPaUSaVBN7SL6nK0i3h
-----END RSA PRIVATE KEY-----
`)
//openssl
//openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
var publicKey = []byte(`
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDP2z9C4/iLNrlzP/RYuKNdJ3Mz
vYh7j2yrGAo9MvZGy4hvCJfYdjS+SSXn++YEIORr+9X+SMHu9gHGi3kBxTbEUmVI
c0ee13xmh12mpcu6QoOGseD7Q2dPx9Kjc21jeqJU3WS5QSelMN3DZVLrwt9Hjy8T
w0Cxp0yhkCPZ3ZVPUQIDAQAB
-----END PUBLIC KEY-----
`)
// 加密
func RsaEncrypt(origData []byte) ([]byte, error) {
//解密pem格式的公钥
block, _ := pem.Decode(publicKey)
if block == nil {
return nil, errors.New("public key error")
}
// 解析公钥
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
// 类型断言
pub := pubInterface.(*rsa.PublicKey)
//加密
return rsa.EncryptPKCS1v15(rand.Reader, pub, origData)
}
// 解密
func RsaDecrypt(ciphertext []byte) ([]byte, error) {
//解密
block, _ := pem.Decode(privateKey)
if block == nil {
return nil, errors.New("private key error!")
}
//解析PKCS1格式的私钥
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
// 解密
return rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext)
}
func TestSecurity(t *testing.T) {
data, _ := RsaEncrypt([]byte("hello world"))
fmt.Printf("加密后的密文:%s", base64.StdEncoding.EncodeToString(data))
origData, _ := RsaDecrypt(data)
fmt.Println("start===================end")
fmt.Printf("解密后的明文:%s", string(origData))
}