-
Notifications
You must be signed in to change notification settings - Fork 4
/
rsa.go
118 lines (98 loc) · 2.54 KB
/
rsa.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package xcrypto
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"github.com/fufuok/utils"
)
// GenRSAKey 生成 RSA 密钥对
// openssl genrsa -out rsa_private_key.pem 1024
// openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
func GenRSAKey(bits int) (publicKey, privateKey []byte) {
if bits < 64 {
bits = 64
}
if bits > 8192 {
bits = 8192
}
priv, _ := rsa.GenerateKey(rand.Reader, bits)
x509PrivateKey := x509.MarshalPKCS1PrivateKey(priv)
privateKey = pem.EncodeToMemory(&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509PrivateKey,
})
pub := priv.PublicKey
x509PublicKey, _ := x509.MarshalPKIXPublicKey(&pub)
publicKey = pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: x509PublicKey,
})
return
}
// RSAEncrypt 公钥加密
func RSAEncrypt(plaintext, publicKey []byte) ([]byte, error) {
pub, err := ParsePublicKey(publicKey)
if err != nil {
return nil, err
}
// 加密明文
ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, pub, plaintext)
if err != nil {
return nil, err
}
return ciphertext, nil
}
// RSADecrypt 私钥解密
func RSADecrypt(ciphertext, privateKey []byte) ([]byte, error) {
priv, err := ParsePrivateKey(privateKey)
if err != nil {
return nil, err
}
// 解密密文
plaintext, err := rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext)
if err != nil {
return nil, err
}
return plaintext, nil
}
// RSASign 私钥签名
func RSASign(data, privateKey []byte) ([]byte, error) {
priv, err := ParsePrivateKey(privateKey)
if err != nil {
return nil, err
}
hashed := utils.Sha256(data)
return rsa.SignPSS(rand.Reader, priv, crypto.SHA256, hashed, nil)
}
// RSASignVerify 公钥验证签名
func RSASignVerify(data, publicKey, sig []byte) error {
pub, err := ParsePublicKey(publicKey)
if err != nil {
return err
}
hashed := utils.Sha256(data)
return rsa.VerifyPSS(pub, crypto.SHA256, hashed, sig, nil)
}
// ParsePrivateKey parses an RSA private key in PKCS #1, ASN.1 DER form.
func ParsePrivateKey(privateKey []byte) (priv *rsa.PrivateKey, err error) {
block, _ := pem.Decode(privateKey)
priv, err = x509.ParsePKCS1PrivateKey(block.Bytes)
return
}
// ParsePublicKey parses a public key in PKIX, ASN.1 DER form.
func ParsePublicKey(publicKey []byte) (pub *rsa.PublicKey, err error) {
var pubKey interface{}
block, _ := pem.Decode(publicKey)
pubKey, err = x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
pub, ok := pubKey.(*rsa.PublicKey)
if !ok {
return nil, fmt.Errorf("invalid public key")
}
return
}