github.com/sereiner/library@v0.0.0-20200518095232-1fa3e640cc5f/security/rsa/rsa.go (about) 1 package rsa 2 3 import ( 4 "crypto" 5 "crypto/md5" 6 "crypto/rand" 7 "crypto/rsa" 8 "crypto/sha1" 9 "crypto/sha256" 10 "crypto/x509" 11 "encoding/base64" 12 "encoding/pem" 13 "errors" 14 "fmt" 15 "io" 16 "strings" 17 ) 18 19 // Encrypt RSA加密 20 // publicKey 加密时候用到的公钥 21 func Encrypt(origData string, publicKey string) (string, error) { 22 block, _ := pem.Decode([]byte(publicKey)) 23 if block == nil { 24 return "", errors.New("public key error") 25 } 26 pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes) 27 if err != nil { 28 return "", fmt.Errorf("x509 ParsePKIXPublicKey err:%v", err) 29 } 30 pub := pubInterface.(*rsa.PublicKey) 31 data, err := rsa.EncryptPKCS1v15(rand.Reader, pub, []byte(origData)) 32 if err != nil { 33 return "", fmt.Errorf("rsa EncryptPKCS1v15 err:%v", err) 34 } 35 return base64.URLEncoding.EncodeToString(data), nil 36 } 37 38 // Decrypt RSA解密 39 // privateKey 解密时候用到的秘钥 40 func Decrypt(ciphertext string, privateKey string) (string, error) { 41 block, _ := pem.Decode([]byte(privateKey)) 42 if block == nil { 43 return "", errors.New("private key error") 44 } 45 priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) 46 if err != nil { 47 return "", fmt.Errorf("x509 ParsePKCS1PrivateKey err:%v", err) 48 } 49 input, err := base64.URLEncoding.DecodeString(ciphertext) 50 if err != nil { 51 return "", fmt.Errorf("base64 URLEncoding DecodeString err:%v", err) 52 } 53 data, err := rsa.DecryptPKCS1v15(rand.Reader, priv, input) 54 if err != nil { 55 return "", fmt.Errorf("rsa DecryptPKCS1v15 err:%v", err) 56 } 57 58 return string(data), nil 59 /*end*/ 60 } 61 62 // Sign 使用RSA生成签名 63 // privateKey 加密时使用的秘钥 mode 加密的模式[目前只支持MD5,SHA1,不区分大小写] 64 func Sign(message string, privateKey string, mode string) (string, error) { 65 block, _ := pem.Decode([]byte(privateKey)) 66 if block == nil { 67 return "", errors.New("private key error") 68 } 69 priv, err := x509.ParsePKCS1PrivateKey(block.Bytes) 70 if err != nil { 71 return "", err 72 } 73 74 switch strings.ToLower(mode) { 75 case "sha256": 76 t := sha256.New() 77 io.WriteString(t, message) 78 digest := t.Sum(nil) 79 data, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, digest) 80 if err != nil { 81 return "", err 82 } 83 return base64.StdEncoding.EncodeToString(data), nil 84 case "sha1": 85 t := sha1.New() 86 io.WriteString(t, message) 87 digest := t.Sum(nil) 88 data, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA1, digest) 89 if err != nil { 90 return "", err 91 } 92 return base64.StdEncoding.EncodeToString(data), nil 93 94 case "md5": 95 t := md5.New() 96 io.WriteString(t, message) 97 digest := t.Sum(nil) 98 data, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.MD5, digest) 99 if err != nil { 100 return "", err 101 } 102 return base64.StdEncoding.EncodeToString(data), nil 103 default: 104 return "", errors.New("签名模式不支持") 105 } 106 107 } 108 109 // Verify 校验签名 110 // publicKey 验证签名的公钥 mode 加密的模式[目前只支持MD5,SHA1,不区分大小写] 111 func Verify(src string, sign string, publicKey string, mode string) (pass bool, err error) { 112 //步骤1,加载RSA的公钥 113 block, _ := pem.Decode([]byte(publicKey)) 114 pub, err := x509.ParsePKIXPublicKey(block.Bytes) 115 if err != nil { 116 return 117 } 118 rsaPub, _ := pub.(*rsa.PublicKey) 119 data, _ := base64.StdEncoding.DecodeString(sign) 120 switch strings.ToLower(mode) { 121 case "sha256": 122 t := sha256.New() 123 io.WriteString(t, src) 124 digest := t.Sum(nil) 125 err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA256, digest, data) 126 case "sha1": 127 t := sha1.New() 128 io.WriteString(t, src) 129 digest := t.Sum(nil) 130 err = rsa.VerifyPKCS1v15(rsaPub, crypto.SHA1, digest, data) 131 case "md5": 132 t := md5.New() 133 io.WriteString(t, src) 134 digest := t.Sum(nil) 135 err = rsa.VerifyPKCS1v15(rsaPub, crypto.MD5, digest, data) 136 default: 137 err = errors.New("验签模式不支持") 138 } 139 if err != nil { 140 return false, err 141 } 142 return true, nil 143 }