解决openssl 与 Java 无法互相RSA加解密

问题原因

1. OpenSSL的NO_PADDING会在密文首尾加上空字符，导致与Java无法对应;
2. OpenSSL需要公私钥有标准的头尾，如"-----BEGIN PRIVATE KEY-----","-----END PRIVATE KEY-----","-----BEGIN PUBLIC KEY-----","-----END PUBLIC KEY-----"。

解决方式

统一Padding方式，如PKCS1Padding。 Java端可使用bouncycastle，将Cipher的算法指定为"RSA/NONE/PKCS1Padding"或"RSA/ECB/PKCS1Padding"，Openssl端也指定PKCS1_PADDING。 Java端生成密钥对的Base64后，在前后追加上标准头尾标识，且不要忘记换行。

Java代码演示

关键片段

private static final String KEY_ALGORITHM = "RSA";
private static final String CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";
/**
 * 私钥加密
 *
 * @param dataStr    加密数据
 * @param privateKey 私钥
 * @return
 */
public static String encryptByPrivateKey(String dataStr, String privateKey) {
    try {
        byte[] kb = Base64.getDecoder().decode(privateKey.getBytes(StandardCharsets.UTF_8));
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(kb);
        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
        PrivateKey key = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, key);
        byte[] encryptedData = cipher.doFinal(dataStr.getBytes(StandardCharsets.UTF_8));
        return Base64.getEncoder().encodeToString(encryptedData);
    } catch (Exception e) {
        throw new RuntimeException("Failed to encryptByPrivateKey data.", e);
    }
}

RSA工具类完整代码

import org.bouncycastle.jce.provider.BouncyCastleProvider;

import javax.crypto.Cipher;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;

/**
 * RSA加密工具类
 */
public class RSA {

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    private static final String KEY_ALGORITHM = "RSA";
    private static final String CIPHER_ALGORITHM = "RSA/ECB/PKCS1Padding";
    private static final int RSA_KEY_SIZE = 1024;
    public final static String UTF8 = "utf-8";
    private static Map<Integer, String> keyMap = new HashMap<Integer, String>();

    public static String formatString(String source) {
        if (source == null) {
            return null;
        }
        return source.replaceAll("\\r", "").replaceAll("\\n", "");
    }

//    /**
//     * 随机生成密钥对
//     *
//     * @throws NoSuchAlgorithmException
//     */
//    public static void genKeyPair() throws NoSuchAlgorithmException {
//        //KeyPairGenerator类用于生成公钥和私钥对，基于RSA算法生成对象
//        KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
//        //初始化密钥对生成器，密钥大小为96-1024位
//        keyPairGen.initialize(RSA_KEY_SIZE, new SecureRandom());
//        // 生成一个密钥对，保存在keyPair中
//        KeyPair keyPair = keyPairGen.generateKeyPair();
//        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
//        // 得到私钥
//        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
//        // 得到公钥
//        String publicKeyString = new String(Base64.encodeBase64(publicKey.getEncoded()));
//        // 得到私钥字符串
//        String privateKeyString = new String(Base64.encodeBase64((privateKey.getEncoded())));
//        // 将公钥和私钥保存到Map
//        keyMap.put(0, publicKeyString);// 0表示公钥
//        keyMap.put(1, privateKeyString);// 1表示私钥
//    }

    /**
     * RSA公钥加密
     *
     * @param str       加密字符串
     * @param publicKey 公钥
     * @return 密文
     * @throws Exception 加密过程中的异常信息
     */
    public static String encrypt(String str, String publicKey) throws Exception {
        publicKey = formatString(publicKey);
        //base64编码的公钥
        byte[] decoded = Base64.getDecoder().decode(publicKey);
        RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(KEY_ALGORITHM).generatePublic(new X509EncodedKeySpec(decoded));
        //RSA加密
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(Cipher.ENCRYPT_MODE, pubKey);
        String outStr = Base64.getEncoder().encodeToString(cipher.doFinal(str.getBytes(UTF8)));
        return outStr;
    }

    /**
     * RSA私钥解密
     *
     * @param str        加密字符串
     * @param privateKey 私钥
     * @return 铭文
     * @throws Exception 解密过程中的异常信息
     */
    public static String decrypt(String str, String privateKey) throws Exception {
        privateKey = formatString(privateKey);
        //64位解码加密后的字符串
        byte[] inputByte = Base64.getDecoder().decode(str.getBytes(UTF8));
        // base64编码的私钥
        byte[] decoded = Base64.getDecoder().decode(privateKey);
        RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(KEY_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(decoded));
        // RSA解密
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        cipher.init(Cipher.DECRYPT_MODE, priKey);
        String outStr = new String(cipher.doFinal(inputByte));
        return outStr;
    }

    /**
     * 私钥加密
     *
     * @param dataStr    加密数据
     * @param privateKey 私钥
     * @return
     */
    public static String encryptByPrivateKey(String dataStr, String privateKey) {
        try {
            privateKey = formatString(privateKey);
            byte[] kb = Base64.getDecoder().decode(privateKey.getBytes(UTF8));
            PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(kb);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
            PrivateKey key = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] encryptedData = cipher.doFinal(dataStr.getBytes(StandardCharsets.UTF_8));
            return Base64.getEncoder().encodeToString(encryptedData);
        } catch (Exception e) {
            throw new RuntimeException("Failed to encryptByPrivateKey data.", e);
        }
    }

    /**
     * 公钥解密
     *
     * @param data      解密数据
     * @param publicKey 公钥
     * @return
     */
    public static String decryptByPublicKey(String data, String publicKey) {
        try {
            publicKey = formatString(publicKey);
            byte[] kb = Base64.getDecoder().decode(publicKey.getBytes(UTF8));
            X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(kb);
            KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
            PublicKey key = keyFactory.generatePublic(x509EncodedKeySpec);
            Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
            cipher.init(Cipher.DECRYPT_MODE, key);
            byte[] b = data.getBytes(UTF8);
            byte[] decrypt = cipher.doFinal(Base64.getDecoder().decode(b));
            return new String(decrypt, UTF8);
        } catch (Exception e) {
            throw new RuntimeException("Failed to decryptByPublicKey data.", e);
        }
    }

}

---

https://stackoverflow.com/questions/22495309/signing-by-java-and-openssl-does-not-matchhttps://stackoverflow.com/questions/32033804/which-padding-is-used-by-javax-crypto-cipher-for-rsahttps://blog.csdn.net/qq372848728/article/details/78687876