github.com/qxnw/lib4go@v0.0.0-20180426074627-c80c7e84b925/security/rsa/rsa.go (about) 1 package rsa 2 3 import ( 4 "crypto" 5 "crypto/md5" 6 "crypto/rand" 7 "crypto/rsa" 8 "crypto/sha1" 9 "crypto/sha256" 10 "crypto/x509" 11 "encoding/base64" 12 "encoding/pem" 13 "errors" 14 "fmt" 15 "io" 16 "strings" 17 ) 18 19 // Encrypt RSA加密 20 // publicKey 加密时候用到的公钥 21 func Encrypt(origData string, publicKey string) (string, error) { 22 block, _ := pem.Decode([]byte(publicKey)) 23 if block == nil { 24 return "", errors.New("public key error") 25 } 26 pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) 27 if err != nil { 28 return "", fmt.Errorf("x509 ParsePKIXPublicKey err:%v", err) 29 } 30 pub := pubInterface.(*rsa.PublicKey) 31 data, err := rsa.EncryptPKCS1v15(rand.Reader, pub, []byte(origData)) 32 if err != nil { 33 return "", fmt.Errorf("rsa EncryptPKCS1v15 err:%v", err) 34 } 35 return base64.URLEncoding.EncodeToString(data), nil 36 37 } 38 39 // Decrypt RSA解密 40 // privateKey 解密时候用到的秘钥 41 func Decrypt(ciphertext string, privateKey string) (string, error) { 42 block, _ := pem.Decode([]byte(privateKey)) 43 if block == nil { 44 return "", errors.New("private key error") 45 } 46 priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) 47 if err != nil { 48 return "", fmt.Errorf("x509 ParsePKCS1PrivateKey err:%v", err) 49 } 50 input, err := base64.URLEncoding.DecodeString(ciphertext) 51 if err != nil { 52 return "", fmt.Errorf("base64 URLEncoding DecodeString err:%v", err) 53 } 54 data, err := rsa.DecryptPKCS1v15(rand.Reader, priv, input) 55 if err != nil { 56 return "", fmt.Errorf("rsa DecryptPKCS1v15 err:%v", err) 57 } 58 59 return string(data), nil 60 /*end*/ 61 } 62 63 // Sign 使用RSA生成签名 64 // privateKey 加密时使用的秘钥 mode 加密的模式[目前只支持MD5,SHA1,不区分大小写] 65 func Sign(message string, privateKey string, mode string) (string, error) { 66 block, _ := pem.Decode([]byte(privateKey)) 67 if block == nil { 68 return "", errors.New("private key error") 69 } 70 priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) 71 if err != nil { 72 return "", err 73 } 74 75 switch strings.ToLower(mode) { 76 case "sha256": 77 t := sha256.New() 78 io.WriteString(t, message) 79 digest := t.Sum(nil) 80 data, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, digest) 81 if err != nil { 82 return "", err 83 } 84 return base64.StdEncoding.EncodeToString(data), nil 85 case "sha1": 86 t := sha1.New() 87 io.WriteString(t, message) 88 digest := t.Sum(nil) 89 data, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA1, digest) 90 if err != nil { 91 return "", err 92 } 93 return base64.StdEncoding.EncodeToString(data), nil 94 95 case "md5": 96 t := md5.New() 97 io.WriteString(t, message) 98 digest := t.Sum(nil) 99 data, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.MD5, digest) 100 if err != nil { 101 return "", err 102 } 103 return base64.StdEncoding.EncodeToString(data), nil 104 default: 105 return "", errors.New("签名模式不支持") 106 } 107 108 } 109 110 // Verify 校验签名 111 // publicKey 验证签名的公钥 mode 加密的模式[目前只支持MD5,SHA1,不区分大小写] 112 func Verify(src string, sign string, publicKey string, mode string) (pass bool, err error) { 113 //步骤1,加载RSA的公钥 114 block, _ := pem.Decode([]byte(publicKey)) 115 pub, err := x509.ParsePKIXPublicKey(block.Bytes) 116 if err != nil { 117 return 118 } 119 rsaPub, _ := pub.(*rsa.PublicKey) 120 data, _ := base64.StdEncoding.DecodeString(sign) 121 switch strings.ToLower(mode) { 122 case "sha256": 123 t := sha256.New() 124 io.WriteString(t, src) 125 digest := t.Sum(nil) 126 err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, digest, data) 127 case "sha1": 128 t := sha1.New() 129 io.WriteString(t, src) 130 digest := t.Sum(nil) 131 err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA1, digest, data) 132 case "md5": 133 t := md5.New() 134 io.WriteString(t, src) 135 digest := t.Sum(nil) 136 err = rsa.VerifyPKCS1v15(rsaPub, crypto.MD5, digest, data) 137 default: 138 err = errors.New("验签模式不支持") 139 } 140 if err != nil { 141 return false, err 142 } 143 return true, nil 144 }