-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathpripub.go
169 lines (160 loc) · 4.03 KB
/
pripub.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
package pripub
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"errors"
"os"
)
//GenRsaKey RSA公钥私钥产生
func GenRsaKey(bits int) error {
// 生成私钥文件
privateKey, err := rsa.GenerateKey(rand.Reader, bits)
if err != nil {
return err
}
derStream := x509.MarshalPKCS1PrivateKey(privateKey)
block := &pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: derStream,
}
file, err := os.Create("private.pem")
if err != nil {
return err
}
err = pem.Encode(file, block)
if err != nil {
return err
}
// 生成公钥文件
publicKey := &privateKey.PublicKey
derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
if err != nil {
return err
}
block = &pem.Block{
Type: "PUBLIC KEY",
Bytes: derPkix,
}
file, err = os.Create("public.pem")
if err != nil {
return err
}
err = pem.Encode(file, block)
if err != nil {
return err
}
return nil
}
// RsaSign 私钥签名
func RsaSign(data []byte, privateKey []byte) ([]byte, error) {
h := sha256.New()
h.Write(data)
hashed := h.Sum(nil)
//获取私钥
block, _ := pem.Decode(privateKey)
if block == nil {
return nil, errors.New("private key error")
}
//解析PKCS1格式的私钥
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hashed)
}
// RsaSignVer 公钥验证
func RsaSignVer(data []byte, signature []byte, publicKey []byte) error {
hashed := sha256.Sum256(data)
block, _ := pem.Decode(publicKey)
if block == nil {
return errors.New("public key error")
}
// 解析公钥
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return err
}
// 类型断言
pub := pubInterface.(*rsa.PublicKey)
//验证签名
return rsa.VerifyPKCS1v15(pub, crypto.SHA256, hashed[:], signature)
}
// RsaEncrypt 公钥加密
func RsaEncrypt(data []byte, publicKey []byte) ([]byte, error) {
//解密pem格式的公钥
block, _ := pem.Decode(publicKey)
if block == nil {
return nil, errors.New("public key error")
}
// 解析公钥
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
// 类型断言
pub := pubInterface.(*rsa.PublicKey)
//加密
return rsa.EncryptPKCS1v15(rand.Reader, pub, data)
}
// RsaDecrypt 私钥解密
func RsaDecrypt(ciphertext []byte, privateKey []byte) ([]byte, error) {
//获取私钥
block, _ := pem.Decode(privateKey)
if block == nil {
return nil, errors.New("private key error")
}
//解析PKCS1格式的私钥
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
// 解密
return rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext)
}
// //RsaSignWithShaHex 签名
// func RsaSignWithShaHex(data string, prvKey []byte) (string, error) {
// //获取私钥
// block, _ := pem.Decode(prvKey)
// if block == nil {
// return "", errors.New("private key error")
// }
// // keyByts, err := hex.DecodeString(prvKey)
// // if err != nil {
// // fmt.Println(err)
// // return "", err
// // }
// privateKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
// if err != nil {
// fmt.Println("ParsePKCS8PrivateKey err", err)
// return "", err
// }
// h := sha1.New()
// h.Write([]byte([]byte(data)))
// hash := h.Sum(nil)
// signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), crypto.SHA1, hash[:])
// if err != nil {
// fmt.Printf("Error from signing: %s\n", err)
// return "", err
// }
// out := hex.EncodeToString(signature)
// return out, nil
// }
// //RsaVerifySignWithShaBase64 验签
// func RsaVerifySignWithShaBase64(originalData string, signData string, pubKey string) error {
// sign, err := base64.StdEncoding.DecodeString(signData)
// if err != nil {
// return err
// }
// public, _ := base64.StdEncoding.DecodeString(pubKey)
// pub, err := x509.ParsePKIXPublicKey(public)
// if err != nil {
// return err
// }
// hash := sha1.New()
// hash.Write([]byte(originalData))
// return rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.SHA1, hash.Sum(nil), sign)
// }