Java RSA AES加解密 Python RSA AES加解密

需求

python服务发起加密http请求网关，网关验签解密后路由返回加密结果，python服务解密得到明文

请求加密

生成随机字符 s，[a-z][A-z][0-9] 16位 ，例如：s=2zQ6EldkFtqfVm1T生成当前时间戳毫秒数（unix 时间戳）t，例如：t=1641784404645生成一个待加密字符串k：s=2zQ6EldkFtqfVm1T&t=1641784404645使用公钥加密生成密文（RSA/ECB/PKCS1Padding）m：m=RSA(公钥,k)将生成的时间戳t, 密文m 放入请求头中 X-TIMESTAMP = t，X-CIPHER = mquery参数不用加密，requestBody参数AES(AES/ECB/PKCS5Padding)加密

请求体res=Base64.encode(AES.crypt(json,s))，s为第一步随机字符

响应解密

使用公钥解密响应体header X-CIPHER，得到加密前字符串k，获取到随机字符s,与时间戳t获取json= AES.decrypt(Base64.decode(res),s)若返回http状态码为200,响应体则加密，其他状态码则不加密为明文

java代码

@Slf4jpublic class EncryptUtil {public static final String RSA = "RSA";public static final String RSA_ECB_NO_PADDING = "RSA/ECB/PKCS1Padding";public static final String AES_ECB_PKCS_5_PADDING = "AES/ECB/PKCS5Padding";public static final String AES = "AES";private EncryptUtil() {throw new IllegalStateException("Utility class");}public static String rsaPublicEncrypt(String publicKey, String data) {if (StringUtils.isBlank(data)) {return "";}try {KeyFactory keyFactory = KeyFactory.getInstance(RSA);X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);Cipher cipher = Cipher.getInstance(RSA_ECB_NO_PADDING);cipher.init(Cipher.ENCRYPT_MODE, key);byte[] bytes = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8));return Base64.encodeBase64String(bytes);} catch (Exception e) {log.error("rsaPublicEncrypt error", e);}return null;}public static String rsaPublicDecrypt(String publicKey, String data) {if (StringUtils.isBlank(data)) {return "";}try {byte[] dataBytes = Base64.decodeBase64(data);KeyFactory keyFactory = KeyFactory.getInstance(RSA);X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKey));RSAPublicKey key = (RSAPublicKey) keyFactory.generatePublic(x509KeySpec);Cipher cipher = Cipher.getInstance(RSA_ECB_NO_PADDING);cipher.init(Cipher.DECRYPT_MODE, key);return new String(cipher.doFinal(dataBytes));} catch (Exception e) {log.error("rsaPublicDecrypt error", e);}return null;}public static String rsaPrivateEncrypt(String privateKey, String data) {if (StringUtils.isBlank(data)) {return "";}try {KeyFactory keyFactory = KeyFactory.getInstance(RSA);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);Cipher cipher = Cipher.getInstance(RSA_ECB_NO_PADDING);cipher.init(Cipher.ENCRYPT_MODE, key);byte[] bytes = cipher.doFinal(data.getBytes());return Base64.encodeBase64String(bytes);} catch (Exception e) {log.error("rsaPrivateEncrypt error", e);}return null;}public static String rsaPrivateDecrypt(String privateKey, String data) {if (StringUtils.isBlank(data)) {return "";}try {byte[] dataBytes = Base64.decodeBase64(data);KeyFactory keyFactory = KeyFactory.getInstance(RSA);PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKey));RSAPrivateKey key = (RSAPrivateKey) keyFactory.generatePrivate(pkcs8KeySpec);Cipher cipher = Cipher.getInstance(RSA_ECB_NO_PADDING);cipher.init(Cipher.DECRYPT_MODE, key);return new String(cipher.doFinal(dataBytes));} catch (Exception e) {log.error("rsaPrivateDecrypt error", e);}return null;}public static String aesEncrypt(String data, String key) {if (StringUtils.isBlank(data)) {return "";}try {Cipher cipher = Cipher.getInstance(AES_ECB_PKCS_5_PADDING);cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key.getBytes(), AES));return Base64.encodeBase64String(cipher.doFinal(data.getBytes(StandardCharsets.UTF_8)));} catch (Exception e) {log.error("aesDecryptData error", e);}return "";}public static String aesDecrypt(String data, String key) {if (StringUtils.isBlank(data)) {return "";}try {Cipher cipher = Cipher.getInstance(AES_ECB_PKCS_5_PADDING);cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key.getBytes(), AES));return new String(cipher.doFinal(Base64.decodeBase64(data)));} catch (Exception e) {log.error("aesDecryptData error", e);}return "";}public static String getRandomString(int length) {String str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";Random random = new Random();StringBuilder sb = new StringBuilder();for (int i = 0; i < length; ++i) {int number = random.nextInt(62);sb.append(str.charAt(number));}return sb.toString();}public static void main(String[] args) throws Exception {String text = "123456789?qqq=fff131&qeqe=1eda&qeqee=ce2de2d";//创建rsa公钥私钥KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");KeyPair keyPair = keyGen.generateKeyPair();PublicKey publicKey = keyPair.getPublic();PrivateKey privateKey = keyPair.getPrivate();//getMimeEncoder 加密方式String privateKeyStr = Base64.encodeBase64String(privateKey.getEncoded());String publicKeyStr = Base64.encodeBase64String(publicKey.getEncoded());//privateKeyStr = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCijdT9SLUV0QP3LLX7rPwo7ShHJ0E+LJZSgrUo4gSJK4qFV+1VHbbG6FL35BeZ7SKTMy62/u9EQgvXiwbdnuIYxJJAS5dpffL5vlaofMEc+3NGR6tCnczDXENbTzbIFkjDIUv+CETwrsD+xevt407By8q+T7n7oCYqKRkyvMphfNE97lfBI7R4OtsXoH5c93naYTWPtFT/gke82Cj+YMFy0EgeZ9LZwkxaat3VWCxj29nZyzJU+GuYE4rkOjeaKbRpXXpPp0V7HsgGf3KpA/Au+KVC+RFNCS9aJtCNCtDlPuUk0rAHb50D8HSlELRFGvLmvRRGxOWFGsmj6POkBdgzAgMBAAECggEACAx3yFbKSJtB1AJNvHlzPt+HSAakj1yL0OgR6kVOrjAOus2Avd8rxquIOCf+FywLszgsjvkOhdWzWmfS3jRYw5swFqjnhVysJDuNdOhAc5vruEYiL7k6g03VM/c3Ii8gSTEj3x8vsq8kdTj9lpjTtHrPvh6aeeATI7FHQyDf8HW2Y1qybwVpOl8fhOpapSDv4fog1KmB4mcP9z7g2o7aWcL6VDigy63SoHx6/gWCTpZlu5hikym9fDolBktyReGxJ7ibpK/8DPtC/8mZhZN+KRwi27Gm/cGTw08ht0T4L+CZnD+A8sIolnD1gy2tEBMuwKG53rSY0zfLMosG1kc4YQKBgQDiNbFTfGJEJvPqU/eutlFBPKvQwFlrnfWH3iLXzR9eOSg0PCi4zqO10X4/Gb7oOFj/ofMvEqJzBG4U8WbLu818/28TZP9//rThVt/N6EPBNqsn8NFQoVShq+4CAYA51GrsgnyrBoPPm2olXPsEoox4SUDcL1A2UNt+8AKM44JsYwKBgQC39hY4HzdIGbXeiZsebLKbKD1WY7i/k33jlUX+o27qKJcb6jfDeel4dAKDjgoNzoW/AF/ZUzGNIVzwvx2Io0YfyvxCDSjvncJ/LXxa5b/PTpXp40YSSk83in4mUZTjhdbuO4hWFRvRx2MMm7GiPkRqEBNVe9jBNKv4ZK0YyLal8QKBgHjL/V68vGjyeCx5HHnS6D8zG/lEzjuWxYgBio+8/PQ/B4YlXgWaa3frYERoBjdR58zS+d74T4GmKvbKFn/TUR9f9DviIkKCjKsMzkTRtGTYQbv5cH1jOaOAAYBWtteq5FJaOCLIPtk9gAhlx7Io72RIkfdC2M24jg4SMvpzf7FLAoGBAIGZMooTI8T9p+zBELDcbu9z59Jmqo78f2HHleoQhWEde2dFGEf0KRCc2fCILnkPl5W508ytGWmNqYZJfar3K73WKOT3lHFKuO0TxFndJcYMXPzLCmB0TV6ZiMnCC5xGe+aVtjS+5jxhtVv6i6f7KgN2k8hTWZ6zVrvFYVTmghZhAoGAIk2CeBc1aaXQkyS27NHbkQu7IRGvHPzCvLM9W7p2pXiBjW4JocUiwwIKmOEGkfLhK/moqbiSSPvQ3vO2cqwkhn2uI0UmtxAqrfy+zezh+YedFrTUhxVRWpWRktNS0yF4L6dEM3QVMJ8t54KDaMkO3/qzATzIiqezeXi5lYsCnn8=";//publicKeyStr = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoo3U/Ui1FdED9yy1+6z8KO0oRydBPiyWUoK1KOIEiSuKhVftVR22xuhS9+QXme0ikzMutv7vREIL14sG3Z7iGMSSQEuXaX3y+b5WqHzBHPtzRkerQp3Mw1xDW082yBZIwyFL/ghE8K7A/sXr7eNOwcvKvk+5+6AmKikZMrzKYXzRPe5XwSO0eDrbF6B+XPd52mE1j7RU/4JHvNgo/mDBctBIHmfS2cJMWmrd1VgsY9vZ2csyVPhrmBOK5Do3mim0aV16T6dFex7IBn9yqQPwLvilQvkRTQkvWibQjQrQ5T7lJNKwB2+dA/B0pRC0RRry5r0URsTlhRrJo+jzpAXYMwIDAQAB";String salt = getRandomString(16);log.info("timestamp={}\nprivateKeyStr=\n{}\npublicKey=\n{}\nsalt={}", System.currentTimeMillis(), privateKeyStr, publicKeyStr, salt);//公钥加密私钥解密开始String pass = rsaPublicEncrypt(publicKeyStr, text);String dePass2 = rsaPrivateDecrypt(privateKeyStr, pass);Assert.isTrue(text.equals(dePass2));//私钥加密公钥解密开始String pass2 = rsaPrivateEncrypt(privateKeyStr, text);String dePass = rsaPublicDecrypt(publicKeyStr, pass2);Assert.isTrue(text.equals(dePass));text = "{\n" +" \"id\": \"24561f9d788ddd14457a51be9e761687\",\n" +" \"spiderGroupId\": \"spider-e12hvrum\"\n" +"}";//响应体加密String aesData = aesEncrypt(text, salt);String aesDecryptData = aesDecrypt(aesData, salt);Assert.isTrue(JSONUtil.parseObj(text).equals(JSONUtil.parseObj(aesDecryptData)));String rsaData = rsaPrivateEncrypt(privateKeyStr, text);String rsaPrivateDecrypt = rsaPublicDecrypt(publicKeyStr, rsaData);Assert.isTrue(JSONUtil.parseObj(text).equals(JSONUtil.parseObj(rsaPrivateDecrypt)));//请求体加密String rsaPublicEncrypt = rsaPublicEncrypt(publicKeyStr, text);String rsaPrivateDecrypt2 = rsaPrivateDecrypt(privateKeyStr, rsaPublicEncrypt);Assert.isTrue(JSONUtil.parseObj(text).equals(JSONUtil.parseObj(rsaPrivateDecrypt2)));}}

Python代码

import base64import jsonimport randomimport timefrom urllib import parseimport requestsfrom Crypto.Cipher import AES, PKCS1_v1_5from Crypto.PublicKey import RSAfrom rsa import PublicKey, transform, coredef aes_encrypt(key, message):padding = lambda s: s + (16 - len(s) % 16) * chr(16 - len(s) % 16)txt = AES.new(key.encode(encoding="utf8"), AES.MODE_ECB).encrypt(padding(message).encode(encoding="utf8"))return base64.b64encode(txt)def aes_decrypt(key, message):unpadding = lambda s: s[:-ord(s[len(s) - 1:])]base64_decrypted = base64.decodebytes(message.encode(encoding='utf-8'))string = str(AES.new(key.encode(encoding="utf8"), AES.MODE_ECB).decrypt(base64_decrypted), encoding='utf-8')return unpadding(string)def decrypt_by_public_key(publickey, message):rsa_public_key = PublicKey.load_pkcs1_openssl_der(base64.b64decode(publickey))text_str = transform.bytes2int(base64.b64decode(message))final_text = transform.int2bytes(core.decrypt_int(text_str, rsa_public_key.e, rsa_public_key.n))final_qr_code = final_text[final_text.index(0) + 1:]return final_qr_code.decode()def encrypt_by_public_key(publickey, message):byte = PKCS1_v1_5.new(RSA.importKey(base64.b64decode(publickey))).encrypt(message.encode(encoding="utf8"))return base64.b64encode(byte).decode(encoding="utf8")def heart_report():public_key = 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6RGEIxotJEcvM6MPtDd0p9UM3Hg5Js+0ylK4tPachKaE+KlzAMUSUfSo4iSIDBTN52jv80h0CU/+nHio/c2NRn6jXecI1kI0xATW678A7uC7Py4CAH/hvQH2WssuPbQDLttLcAG/7XrykPz1lqs5gCOSIblzM9lY9CpVE/ZVX7i2XWz4Njfw1EmTia6jWJSpeD9yeVxCqukmTf3c+f1m5Wla2/pNHoboirL8W3v/00zxjPw/2GEGpr4DhPhZO6Hxs3RJWwi0JS/iT6F4dd/2TPnxPqo/tqE2u+kwxyxLbShuYZPWZDM2X7UMsmQsulDQuO2kajlkzdX/2SsnnEenqQIDAQAB'data = {"spiderGroupId": "String","podName": "String","threadId": "1","taskStatus": "running"}stamp = int(round(time.time() * 1000))password = ''.join(random.sample('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', 16))headers = {"X-TIMESTAMP": str(stamp),"X-CIPHER": str(encrypt_by_public_key(public_key, 's={}&t={}'.format(password, stamp))),"Content-Type": "application/json; charset=UTF-8" #}response = requests.post(url="http://localhost:8081/spider-platform/spider/health/report",data=aes_encrypt(password, json.dumps(data)), headers=headers, timeout=(10, 10))if response.status_code == 200:# 公钥解密获取keykey = response.headers.get('X-CIPHER')text = decrypt_by_public_key(public_key, key)pass_str = parse.parse_qs(text)['s'][0]# 解密bodyresult = aes_decrypt(pass_str, response.text)print(json.dumps(json.loads(result), indent=4, ensure_ascii=False))else:print(response.text)