環境說明:
.NET CORE 版本:.NET 6 。
.NET CORE 對於RSA的支援:
1. .NET 6 中內建了對 PKCS1,PKCS8 2種私鑰格式的支援。
2. 如果你要部署在Linux,docker ,k8s 中;一定要用 「RSA」這個類,不能是 .NET FRAMEWORK 的 RSACryptoServiceProvider。
3. .NET 中預設加密演演算法為「RSA/ECB/PKCS1Padding」 ,要和JAVA互通,JAVA 那邊也得是 RSA/ECB/PKCS1Padding 。
加密解析:
//假設私鑰長度為1024, 1024/8-11=117。
//如果明文的長度小於117,直接全加密,然後轉base64。(data.Length <= maxBlockSize)
//如果明文長度大於117,則每117分一段加密,寫入到另一個Stream中,最後轉base64。while (blockSize > 0)
如果要和其它語言互通,這個分段長度需要和其它語言約定好,不一是 私鑰長度/8-11。
解密解析:
//假設私鑰長度為1024, 1024/8 =128。
//如果明文的長度小於 128,直接全解密。(data.Length <= maxBlockSize)
//如果明文長度大於 128,則每 128 分一段解密,寫入到另一個Stream中,最後 GetString。while (blockSize > 0)
用「支付寶開放平臺開發助手」生成一組公私鑰:
PKCS8私鑰:
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAMz0Czg6QUtTISa2pUkloeQB/TEpHdqrfyroWpKLW9B/LWFSOGH9nyTk1pPZaeadyEZQ6gay/C0pUAetLraq9bMA/Luxq68b87uG7WX7dKytEO2/87qGpGMRs97H+GlkzWil2QO2KK4cHnAcVicPsmi5aZ72U0BWJFyPhtd+qdmrAgMBAAECgYEAvW67iAbgHt0BASVD9C3iSjpEaVHVlC165o/IVzaTcEx8Bz3Ve0zN8W3JnvIO3ebsG4HiLLr2Nk++9rltOc0eNeGMv7F1e/OFot1wN0ON6s1g4bYh1z5Uz8FcYiMWcqHHICrx+oSFeK9x+I2Zge7enQXcsVnqEhm77ZE5YczSryECQQD9nB58e5efYchF+cYbmURioX18cUMuhQbB9Aq2N55cd689Lg35KZqT8JQTp/8tQSdCJG8d2nU8VKspUKTEAuaDAkEAzuKIIoc9PVJvy90LhIPA9c1S8BPCI7EMCaTZqJ5o3VaR2dqvUZDGX7kL3kYkQ+n7mq3KIECvkEFzA+FOP96XuQJBAJQTKHW0T/YeSKoayUHp/lS8R6F2HCy4PRbXn71+wfbpZqcJEd2OHhQM3tiPOV258esbjMlYeSUNppZL4LgVnXMCQQC7Lvs9Ql+GPDAqo7ToEM1lmICR906QPIBHuX+1sJ3wpYMROWumwPa7ZRH36j6ls+6R5OwcgmpWeuE1gYTrBNsBAkEAn2pEtAljX1foQff6CLozYg/J6J9RmVFcJ6qz0LX3052qNFBQYw8CMHB7VkVNzsDIDC8LX5uP2pzTrdPLew+pPA==
與之匹配的 PKCS1 私鑰,用助手轉換的:
MIICXwIBAAKBgQDM9As4OkFLUyEmtqVJJaHkAf0xKR3aq38q6FqSi1vQfy1hUjhh/Z8k5NaT2WnmnchGUOoGsvwtKVAHrS62qvWzAPy7sauvG/O7hu1l+3SsrRDtv/O6hqRjEbPex/hpZM1opdkDtiiuHB5wHFYnD7JouWme9lNAViRcj4bXfqnZqwIDAQABAoGBAL1uu4gG4B7dAQElQ/Qt4ko6RGlR1ZQteuaPyFc2k3BMfAc91XtMzfFtyZ7yDt3m7BuB4iy69jZPvva5bTnNHjXhjL+xdXvzhaLdcDdDjerNYOG2Idc+VM/BXGIjFnKhxyAq8fqEhXivcfiNmYHu3p0F3LFZ6hIZu+2ROWHM0q8hAkEA/ZwefHuXn2HIRfnGG5lEYqF9fHFDLoUGwfQKtjeeXHevPS4N+Smak/CUE6f/LUEnQiRvHdp1PFSrKVCkxALmgwJBAM7iiCKHPT1Sb8vdC4SDwPXNUvATwiOxDAmk2aieaN1Wkdnar1GQxl+5C95GJEPp+5qtyiBAr5BBcwPhTj/el7kCQQCUEyh1tE/2HkiqGslB6f5UvEehdhwsuD0W15+9fsH26WanCRHdjh4UDN7YjzldufHrG4zJWHklDaaWS+C4FZ1zAkEAuy77PUJfhjwwKqO06BDNZZiAkfdOkDyAR7l/tbCd8KWDETlrpsD2u2UR9+o+pbPukeTsHIJqVnrhNYGE6wTbAQJBAJ9qRLQJY19X6EH3+gi6M2IPyeifUZlRXCeqs9C199OdqjRQUGMPAjBwe1ZFTc7AyAwvC1+bj9qc063Ty3sPqTw=
與之匹配的公鑰:
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM9As4OkFLUyEmtqVJJaHkAf0xKR3aq38q6FqSi1vQfy1hUjhh/Z8k5NaT2WnmnchGUOoGsvwtKVAHrS62qvWzAPy7sauvG/O7hu1l+3SsrRDtv/O6hqRjEbPex/hpZM1opdkDtiiuHB5wHFYnD7JouWme9lNAViRcj4bXfqnZqwIDAQAB
加密工具類:
RsaEncryptUtil
using System.Security.Cryptography; using System.Text; namespace CommonUtils { public static class RsaEncryptUtil { #region 標準的-公鑰加密-私鑰解密 /** 預設編碼字元集 */ private static string DEFAULT_CHARSET = "UTF-8"; /// <summary> /// 公鑰加密(超過 私鑰長度 / 8 - 11,分段加密) /// </summary> /// <param name="content">明文</param> /// <param name="charset">編碼</param> /// <param name="publicKeyPem">公鑰</param> /// <returns></returns> /// <exception cref="Exception"></exception> public static string RSAEncrypt(string content, string charset, string publicKeyPem) { try { //假設私鑰長度為1024, 1024/8-11=117。 //如果明文的長度小於117,直接全加密,然後轉base64。(data.Length <= maxBlockSize) //如果明文長度大於117,則每117分一段加密,寫入到另一個Stream中,最後轉base64。while (blockSize > 0) //轉為純字串,不帶格式 publicKeyPem = publicKeyPem.Replace("-----BEGIN PUBLIC KEY-----", "").Replace("-----END PUBLIC KEY-----", "").Replace("\r", "").Replace("\n", "").Trim(); RSA rsa = RSA.Create(); rsa.ImportSubjectPublicKeyInfo(Convert.FromBase64String(publicKeyPem), out _); if (string.IsNullOrEmpty(charset)) { charset = DEFAULT_CHARSET; } byte[] data = Encoding.GetEncoding(charset).GetBytes(content); int maxBlockSize = rsa.KeySize / 8 - 11; //加密塊最大長度限制 if (data.Length <= maxBlockSize) { byte[] cipherbytes = rsa.Encrypt(data, RSAEncryptionPadding.Pkcs1); return Convert.ToBase64String(cipherbytes); } MemoryStream plaiStream = new MemoryStream(data); MemoryStream crypStream = new MemoryStream(); byte[] buffer = new byte[maxBlockSize]; int blockSize = plaiStream.Read(buffer, 0, maxBlockSize); while (blockSize > 0) { byte[] toEncrypt = new byte[blockSize]; Array.Copy(buffer, 0, toEncrypt, 0, blockSize); byte[] cryptograph = rsa.Encrypt(toEncrypt, RSAEncryptionPadding.Pkcs1); crypStream.Write(cryptograph, 0, cryptograph.Length); blockSize = plaiStream.Read(buffer, 0, maxBlockSize); } return Convert.ToBase64String(crypStream.ToArray(), Base64FormattingOptions.None); } catch (Exception ex) { throw new Exception("EncryptContent = " + content + ",charset = " + charset, ex); } } /// <summary> /// 私鑰解密(超過 私鑰長度 / 8 - 11,分段加密) /// </summary> /// <param name="content">密文</param> /// <param name="charset">編碼</param> /// <param name="privateKeyPem">私鑰</param> /// <param name="keyFormat">私鑰格式 PKCS1,PKCS8</param> /// <returns></returns> /// <exception cref="Exception"></exception> public static string RSADecrypt(string content, string charset, string privateKeyPem, string keyFormat) { try { //假設私鑰長度為1024, 1024/8 =128。 //如果明文的長度小於 128,直接全解密。(data.Length <= maxBlockSize) //如果明文長度大於 128,則每 128 分一段解密,寫入到另一個Stream中,最後 GetString。while (blockSize > 0) //轉為純字串,不帶格式 privateKeyPem = privateKeyPem.Replace("-----BEGIN RSA PRIVATE KEY-----", "").Replace("-----END RSA PRIVATE KEY-----", "").Replace("\r", "").Replace("\n", "").Trim(); privateKeyPem = privateKeyPem.Replace("-----BEGIN PRIVATE KEY-----", "").Replace("-----END PRIVATE KEY-----", "").Replace("\r", "").Replace("\n", "").Trim(); RSA rsaCsp = RSA.Create(); if (keyFormat == "PKCS8") rsaCsp.ImportPkcs8PrivateKey(Convert.FromBase64String(privateKeyPem), out _); else if (keyFormat == "PKCS1") rsaCsp.ImportRSAPrivateKey(Convert.FromBase64String(privateKeyPem), out _); else throw new Exception("只支援PKCS8,PKCS1"); if (string.IsNullOrEmpty(charset)) { charset = DEFAULT_CHARSET; } byte[] data = Convert.FromBase64String(content); int maxBlockSize = rsaCsp.KeySize / 8; //解密塊最大長度限制 if (data.Length <= maxBlockSize) { byte[] cipherbytes = rsaCsp.Decrypt(data, RSAEncryptionPadding.Pkcs1); return Encoding.GetEncoding(charset).GetString(cipherbytes); } MemoryStream crypStream = new MemoryStream(data); MemoryStream plaiStream = new MemoryStream(); byte[] buffer = new byte[maxBlockSize]; int blockSize = crypStream.Read(buffer, 0, maxBlockSize); while (blockSize > 0) { byte[] toDecrypt = new byte[blockSize]; Array.Copy(buffer, 0, toDecrypt, 0, blockSize); byte[] cryptograph = rsaCsp.Decrypt(toDecrypt, RSAEncryptionPadding.Pkcs1); plaiStream.Write(cryptograph, 0, cryptograph.Length); blockSize = crypStream.Read(buffer, 0, maxBlockSize); } return Encoding.GetEncoding(charset).GetString(plaiStream.ToArray()); } catch (Exception ex) { throw new Exception("DecryptContent = " + content + ",charset = " + charset, ex); } } #endregion } }
呼叫程式碼:
// See https://aka.ms/new-console-template for more information using CommonUtils; try { //PKCS8格式私鑰 string strPriPkcs8 = "MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAMz0Czg6QUtTISa2pUkloeQB/TEpHdqrfyroWpKLW9B/LWFSOGH9nyTk1pPZaeadyEZQ6gay/C0pUAetLraq9bMA/Luxq68b87uG7WX7dKytEO2/87qGpGMRs97H+GlkzWil2QO2KK4cHnAcVicPsmi5aZ72U0BWJFyPhtd+qdmrAgMBAAECgYEAvW67iAbgHt0BASVD9C3iSjpEaVHVlC165o/IVzaTcEx8Bz3Ve0zN8W3JnvIO3ebsG4HiLLr2Nk++9rltOc0eNeGMv7F1e/OFot1wN0ON6s1g4bYh1z5Uz8FcYiMWcqHHICrx+oSFeK9x+I2Zge7enQXcsVnqEhm77ZE5YczSryECQQD9nB58e5efYchF+cYbmURioX18cUMuhQbB9Aq2N55cd689Lg35KZqT8JQTp/8tQSdCJG8d2nU8VKspUKTEAuaDAkEAzuKIIoc9PVJvy90LhIPA9c1S8BPCI7EMCaTZqJ5o3VaR2dqvUZDGX7kL3kYkQ+n7mq3KIECvkEFzA+FOP96XuQJBAJQTKHW0T/YeSKoayUHp/lS8R6F2HCy4PRbXn71+wfbpZqcJEd2OHhQM3tiPOV258esbjMlYeSUNppZL4LgVnXMCQQC7Lvs9Ql+GPDAqo7ToEM1lmICR906QPIBHuX+1sJ3wpYMROWumwPa7ZRH36j6ls+6R5OwcgmpWeuE1gYTrBNsBAkEAn2pEtAljX1foQff6CLozYg/J6J9RmVFcJ6qz0LX3052qNFBQYw8CMHB7VkVNzsDIDC8LX5uP2pzTrdPLew+pPA=="; //PKCS1格式私鑰 string strPriPkcs1 = "MIICXwIBAAKBgQDM9As4OkFLUyEmtqVJJaHkAf0xKR3aq38q6FqSi1vQfy1hUjhh/Z8k5NaT2WnmnchGUOoGsvwtKVAHrS62qvWzAPy7sauvG/O7hu1l+3SsrRDtv/O6hqRjEbPex/hpZM1opdkDtiiuHB5wHFYnD7JouWme9lNAViRcj4bXfqnZqwIDAQABAoGBAL1uu4gG4B7dAQElQ/Qt4ko6RGlR1ZQteuaPyFc2k3BMfAc91XtMzfFtyZ7yDt3m7BuB4iy69jZPvva5bTnNHjXhjL+xdXvzhaLdcDdDjerNYOG2Idc+VM/BXGIjFnKhxyAq8fqEhXivcfiNmYHu3p0F3LFZ6hIZu+2ROWHM0q8hAkEA/ZwefHuXn2HIRfnGG5lEYqF9fHFDLoUGwfQKtjeeXHevPS4N+Smak/CUE6f/LUEnQiRvHdp1PFSrKVCkxALmgwJBAM7iiCKHPT1Sb8vdC4SDwPXNUvATwiOxDAmk2aieaN1Wkdnar1GQxl+5C95GJEPp+5qtyiBAr5BBcwPhTj/el7kCQQCUEyh1tE/2HkiqGslB6f5UvEehdhwsuD0W15+9fsH26WanCRHdjh4UDN7YjzldufHrG4zJWHklDaaWS+C4FZ1zAkEAuy77PUJfhjwwKqO06BDNZZiAkfdOkDyAR7l/tbCd8KWDETlrpsD2u2UR9+o+pbPukeTsHIJqVnrhNYGE6wTbAQJBAJ9qRLQJY19X6EH3+gi6M2IPyeifUZlRXCeqs9C199OdqjRQUGMPAjBwe1ZFTc7AyAwvC1+bj9qc063Ty3sPqTw="; //公鑰 string strPub = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDM9As4OkFLUyEmtqVJJaHkAf0xKR3aq38q6FqSi1vQfy1hUjhh/Z8k5NaT2WnmnchGUOoGsvwtKVAHrS62qvWzAPy7sauvG/O7hu1l+3SsrRDtv/O6hqRjEbPex/hpZM1opdkDtiiuHB5wHFYnD7JouWme9lNAViRcj4bXfqnZqwIDAQAB"; string strDJM = "泰酷拉!123ABC";//待加密字串 strDJM = "泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC泰酷拉!123ABC";//待加密字串,超過117字元的測試 Console.WriteLine("待加密字串:" + strDJM); string charSet = "UTF-8"; string strJMH = RsaEncryptUtil.RSAEncrypt(strDJM, charSet, strPub);//密文 Console.WriteLine("密文:" + strJMH); string strDecryptedByPkcs8 = RsaEncryptUtil.RSADecrypt(strJMH, charSet, strPriPkcs8, "PKCS8");//使用PKCS8格式私鑰解密 Console.WriteLine("PKCS8 解密後:" + strDecryptedByPkcs8); string strDecryptedByPkcs1 = RsaEncryptUtil.RSADecrypt(strJMH, charSet, strPriPkcs1, "PKCS1");//使用PKCS1格式私鑰解密 Console.WriteLine("PKCS1 解密後:" + strDecryptedByPkcs1); } catch (Exception ex) { Console.WriteLine("ex:" + ex.Message); } Console.WriteLine("Hello, World!"); Console.ReadKey();
-