需要考慮哪些問題？

在進(jìn)行報(bào)文傳輸時(shí)，有兩個(gè)問題需要考慮：

1. 消息防篡改
2. 加密報(bào)文

定義消息結(jié)構(gòu)

為了方便后面使用，這里定義消息結(jié)構(gòu)：

public static class Message {public String data; //消息public String sign; //簽名public Message(String data, String sign) {this.data = data;this.sign = sign;}
}

對(duì)報(bào)文進(jìn)行簽名

首先我們假設(shè)消息是一個(gè)字符串：String msg = "Hello, message encryption!"

然后我們對(duì)這個(gè)報(bào)文計(jì)算摘要：byte[] msgHash = md5(msg)。只要兩個(gè)字符串計(jì)算出的摘要相同，我們認(rèn)為這兩個(gè)字符串是相等的（即沒有被篡改過）。

然而如果直接傳輸 msg 及其摘要，那么很容易被別人篡改，這時(shí)就需要對(duì)摘要進(jìn)行加密，也就是所謂的簽名。也就是防止篡改的核心。下面給出一個(gè)完整的實(shí)現(xiàn)：

這里只放主要流程，輔助方法見附錄：

// 生成RSA密鑰對(duì)
KeyPair keyPair = generateKeyPair();// 獲取公鑰和私鑰
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();// 要加密的原始數(shù)據(jù)
String originalMessage = "Hello, message encryption!";//發(fā)送端簽名
Message message = sign(originalMessage, privateKey);
System.out.println("加密后的消息簽名: " + message.sign);//接收端校驗(yàn)簽名
boolean checkResult = checkSign(message, publicKey);
System.out.println("合法：" + checkResult);

對(duì)報(bào)文進(jìn)行加密

在發(fā)送端： 首先生成 AES 密鑰，使用AES對(duì)報(bào)文進(jìn)行加密，然后使用 RSA 對(duì) AES 密鑰進(jìn)行加密。（考慮到報(bào)文本身可能較大，而非對(duì)稱RSA加密效率較差）

在接收端：使用 RSA解密 AES 密鑰，使用解密的 AES 密鑰解密報(bào)文。

// 生成RSA密鑰對(duì)
KeyPair keyPair = generateKeyPair();// 獲取公鑰和私鑰
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();//生成 aes 密鑰
byte[] aesKey = generateAesKey();
//使用公鑰對(duì) aes 密鑰進(jìn)行加密
byte[] encryptedAesKey = encrypt(aesKey, publicKey);//報(bào)文
String originalMessage = "Hello, message encryption!";// 使用AES密鑰加密報(bào)文
byte[] encryptedMessage = encryptWithAes(originalMessage.getBytes(), aesKey);//將encryptedAesKey和encryptedMessage傳給接收端
// 使用私鑰解密AES密鑰
byte[] decryptedAesKey = decrypt(encryptedAesKey, privateKey);// 使用AES密鑰解密消息
String decryptedMessage = new String(decryptWithAes(encryptedMessage, decryptedAesKey));

附錄

//公鑰簽名
public static Message sign(String originalMessage, PublicKey publicKey) throws Exception {byte[] bytes = calculateMD5(originalMessage);byte[] encryptedHash = encrypt(bytes, publicKey);String signStr = bytesToHex(encryptedHash);return new Message(originalMessage, signStr);
}//私鑰簽名
public static Message sign(String originalMessage, PrivateKey privateKey) throws Exception {byte[] bytes = calculateMD5(originalMessage);byte[] encryptedHash = encrypt(bytes, privateKey);String signStr = bytesToHex(encryptedHash);return new Message(originalMessage, signStr);
}//公鑰驗(yàn)簽
public static boolean checkSign(Message message, PublicKey publicKey) throws Exception {byte[] sign = hexToBytes(message.sign);byte[] md5Hash = decrypt(sign, publicKey);byte[] calcMd5Hash = calculateMD5(message.data);return Arrays.equals(md5Hash, calcMd5Hash);
}//私鑰驗(yàn)簽
public static boolean checkSign(Message message, PrivateKey privateKey) throws Exception {byte[] sign = hexToBytes(message.sign);byte[] md5Hash = decrypt(sign, privateKey);byte[] calcMd5Hash = calculateMD5(message.data);return Arrays.equals(md5Hash, calcMd5Hash);
}// 生成RSA密鑰對(duì)
public static KeyPair generateKeyPair() throws Exception {KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");SecureRandom secureRandom = new SecureRandom();keyPairGenerator.initialize(2048, secureRandom);return keyPairGenerator.generateKeyPair();
}// 計(jì)算MD5哈希值
public static byte[] calculateMD5(String message) throws Exception {MessageDigest md = MessageDigest.getInstance("MD5");md.update(message.getBytes());return md.digest();
}// 使用公鑰加密數(shù)據(jù)
public static byte[] encrypt(byte[] data, PublicKey publicKey) throws Exception {Cipher cipher = Cipher.getInstance("RSA");cipher.init(Cipher.ENCRYPT_MODE, publicKey);return cipher.doFinal(data);
}// 使用私鑰加密數(shù)據(jù)
public static byte[] encrypt(byte[] data, PrivateKey privateKey) throws Exception {Cipher cipher = Cipher.getInstance("RSA");cipher.init(Cipher.ENCRYPT_MODE, privateKey);return cipher.doFinal(data);
}// 使用公鑰解密數(shù)據(jù)
public static byte[] decrypt(byte[] data, PublicKey publicKey) throws Exception {Cipher cipher = Cipher.getInstance("RSA");cipher.init(Cipher.DECRYPT_MODE, publicKey);return cipher.doFinal(data);
}// 使用私鑰解密數(shù)據(jù)
public static byte[] decrypt(byte[] data, PrivateKey privateKey) throws Exception {Cipher cipher = Cipher.getInstance("RSA");cipher.init(Cipher.DECRYPT_MODE, privateKey);return cipher.doFinal(data);
}// 生成AES密鑰
public static byte[] generateAesKey() throws Exception {SecureRandom secureRandom = new SecureRandom();byte[] key = new byte[16];secureRandom.nextBytes(key);return key;
}// 使用AES密鑰加密數(shù)據(jù)
public static byte[] encryptWithAes(byte[] data, byte[] key) throws Exception {Cipher cipher = Cipher.getInstance("AES");cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"));return cipher.doFinal(data);
}// 使用AES密鑰解密數(shù)據(jù)
public static byte[] decryptWithAes(byte[] encryptedData, byte[] key) throws Exception {Cipher cipher = Cipher.getInstance("AES");cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, "AES"));return cipher.doFinal(encryptedData);
}// 將字節(jié)數(shù)組轉(zhuǎn)換為十六進(jìn)制字符串
public static String bytesToHex(byte[] bytes) {StringBuilder hexString = new StringBuilder();for (byte b : bytes) {String hex = Integer.toHexString(0xff & b);if (hex.length() == 1) {hexString.append('0');}hexString.append(hex);}return hexString.toString();
}public static byte[] hexToBytes(String hex) {int len = hex.length();byte[] data = new byte[len / 2];for (int i = 0; i < len; i += 2) {data[i / 2] = (byte) ((Character.digit(hex.charAt(i), 16) << 4)+ Character.digit(hex.charAt(i + 1), 16));}return data;
}