gitee.com/h79/goutils@v1.22.10/common/algorithm/pkcs1.go (about) 1 package algorithm 2 3 import ( 4 "crypto/rand" 5 "crypto/rsa" 6 "crypto/x509" 7 "encoding/base64" 8 "encoding/pem" 9 "errors" 10 "fmt" 11 "io" 12 "os" 13 ) 14 15 // PKCS1 for rsa 16 type PKCS1 struct { 17 } 18 19 func NewPKCS1() *PKCS1 { 20 return &PKCS1{} 21 } 22 23 type RsaKey struct { 24 Pri io.Writer 25 Pub io.Writer 26 } 27 28 // Generate RSA公钥私钥产生 29 func (*PKCS1) Generate(bits int, out *RsaKey) error { 30 // 生成私钥文件 31 privateKey, err := rsa.GenerateKey(rand.Reader, bits) 32 if err != nil { 33 return err 34 } 35 derStream := x509.MarshalPKCS1PrivateKey(privateKey) 36 priBlock := &pem.Block{ 37 Type: "RSA PRIVATE KEY", 38 Bytes: derStream, 39 } 40 if err = pem.Encode(out.Pri, priBlock); err != nil { 41 return err 42 } 43 // 生成公钥文件 44 publicKey := &privateKey.PublicKey 45 derPkix, err := x509.MarshalPKIXPublicKey(publicKey) 46 if err != nil { 47 return err 48 } 49 pubBlock := &pem.Block{ 50 Type: "PUBLIC KEY", 51 Bytes: derPkix, 52 } 53 return pem.Encode(out.Pub, pubBlock) 54 } 55 56 // 加密 57 func (pk *PKCS1) rsaEncrypt(origData []byte, publicKey []byte) ([]byte, error) { 58 //解密pem格式的公钥 59 block, _ := pem.Decode(publicKey) 60 if block == nil { 61 return nil, errors.New("public key error") 62 } 63 // 解析公钥 64 pub, err := x509.ParsePKIXPublicKey(block.Bytes) 65 if err != nil { 66 return nil, err 67 } 68 // 类型断言 69 pubKey, ok := pub.(*rsa.PublicKey) 70 if !ok { 71 return nil, errors.New("pub case type public key error") 72 } 73 //加密 74 return rsa.EncryptPKCS1v15(rand.Reader, pubKey, origData) 75 } 76 77 // 解密 78 func (pk *PKCS1) rsaDecrypt(ciphertext []byte, privateKey []byte) ([]byte, error) { 79 //解密 80 block, _ := pem.Decode(privateKey) 81 if block == nil { 82 return nil, errors.New("PKCS1: private key error") 83 } 84 var ( 85 priv *rsa.PrivateKey 86 ) 87 switch block.Type { 88 case "RSA PRIVATE KEY": 89 p, err := x509.ParsePKCS1PrivateKey(block.Bytes) 90 if err != nil { 91 return nil, err 92 } 93 priv = p 94 95 // RFC5208 - https://tools.ietf.org/html/rfc5208 96 case "PRIVATE KEY": 97 key, err := x509.ParsePKCS8PrivateKey(block.Bytes) 98 if err != nil { 99 return nil, err 100 } 101 p, ok := key.(*rsa.PrivateKey) 102 if !ok { 103 return nil, errors.New("PKCS1: private key error") 104 } 105 priv = p 106 107 //case "EC PRIVATE KEY": 108 //case "DSA PRIVATE KEY": 109 //case "OPENSSH PRIVATE KEY": 110 111 default: 112 return nil, fmt.Errorf("unsupported key type %q", block.Type) 113 } 114 // 解密 115 return rsa.DecryptPKCS1v15(rand.Reader, priv, ciphertext) 116 } 117 118 // Encrypt PKCS interface 119 func (pk *PKCS1) Encrypt(raw, key []byte) (string, error) { 120 data, err := pk.rsaEncrypt(raw, key) 121 if err != nil { 122 return "", err 123 } 124 return base64.StdEncoding.EncodeToString(data), nil 125 } 126 127 // Decrypt PKCS interface 128 func (pk *PKCS1) Decrypt(raw string, key []byte) ([]byte, error) { 129 data, err := base64.StdEncoding.DecodeString(raw) 130 if err != nil { 131 return nil, err 132 } 133 return pk.rsaDecrypt(data, key) 134 } 135 136 func ReadKey(filename string) ([]byte, error) { 137 f, err := os.Open(filename) 138 if err != nil { 139 return nil, err 140 } 141 defer f.Close() 142 143 return io.ReadAll(f) 144 }