使用来自 Java 的公钥实现进行 RSA 解密

从Java代码中，填充并不明确，因为只指定了算法，而没有指定填充。在这种情况下，填充取决于提供者，例如 SunJCE 提供者的 PKCS#1 v1.5。假设 PKCS#1 v1.5，则 /私钥和 /公钥的组合将 RSASSA-PKCS1-v1_5作为填充。这在功能上与签名/验证相同（除了使用 NonewithRSA 进行验证还会与使用公钥解密相比检查数据的相等性）。Cipher.ENCRYPT_MODECipher.DECRYPT_MODENonewithRSA无与RSA意味着数据不进行哈希处理，并且没有预置摘要ID。此算法实际上旨在对已散列的数据进行签名（在预置摘要 ID 之后）。它绝不是要对未哈希的数据进行签名，即Java代码滥用此算法。由于消息大小受 RSA 限制（密钥大小减去填充所需的空间），因此只能对适当的短消息进行签名。因此，大小超过允许大小的未哈希数据将强制使用多个签名。这就是 Java 代码中多次解密的原因。使用散列数据不仅出于实际原因（签署长消息）而有用，而且出于安全原因也是必要的，例如这里和这里。要在 Go 中实现 Java 代码的功能，需要一个低级实现，以便在 Go 中签名/验证，就像在 Java 代码中一样。另一种可能性是实现解密（m = c^e）并自己删除填充，对于RSASSA-PKCS1-v1_5，它只是由一系列0xFF值组成，这些值由左侧的0x0001和右侧的0x00构成。在下文中，我将考虑第二种方法。下面的 Go 代码执行以下操作：导入公钥Base64 解码密文将密文拆分为单独的签名块（此处为包含相同数据的3个块：快速的棕色狐狸跳过懒惰的狗)解密每个签名块（m = c ^ e）连接解密的签名区块package mainimport (    "fmt"    "math/big"    "encoding/pem"    "crypto/x509"    "crypto/rsa"    "encoding/base64"    "bytes"    "io")func main() {    pubKeyPem := `-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ67dtUTLxoXnNEzRBFBmwukEJGC+y69cGgpNbtElQj3m4Aft/7cu9qYbTNguTSnCDt7uovZNb21u1vpZwKHyVgFEGO4SA8RNnjhJt2D7z8RDMWX3saody7jo9TKlrPABLZGo2o8vadW8Dly/v+Id0YDheCkVCoCEeUjQ8koXZhTwhYkGPu+vkdiqX5cUaiVTu1uzt591aO5Vw/hV4DIhFKnOTnYXnpXiwRwtPyYoGTa64yWfi2t0bv99qz0BgDjQjD0civCe8LRXGGhyB1U1aHjDDGEnulTYJyEqCzNGwBpzEHUjqIOXElFjt55AFGpCHAuyuoXoP3gQvoSj6RCsQIDAQAB-----END PUBLIC KEY-----`    // Import public key    pubKey := ImportSPKIPublicKeyPEM(pubKeyPem);        // Base64 decode ciphertext    ciphertextBytes, _ := base64.StdEncoding.DecodeString("ajQbkszbZ97YZaPSRBab9vj0DDLm9tTrQwSZ+ucPj+cYSmw06KLCtRH3SPn3b2DqSd1revLXqxMtSzFmjRvZ5F8y3nzdP8NJaRplOigbPFhKZTv7xBVK5ATEmLukgtI7f+d3KdmGUG+cyTkfxIrMBvB3BIS5oTiMNmC9pqLaWcDVF9qpuxnwEMQJbeO9nTklpdv+F8BrchHmeUkKRrMJBoPbbcfq9Hi4bHiFyxPWhwB66d/AryCKsFRhaX6hSkTL+0NvuhVhv98wdo3juv2Il50XKOCbfc8kUG628TcSK6n31piLF9cntSVTB/L/pVfcAxEwx4hcUhLuqmk6EZIJvGo0G5LM22fe2GWj0kQWm/b49Awy5vbU60MEmfrnD4/nGEpsNOiiwrUR90j5929g6knda3ry16sTLUsxZo0b2eRfMt583T/DSWkaZTooGzxYSmU7+8QVSuQExJi7pILSO3/ndynZhlBvnMk5H8SKzAbwdwSEuaE4jDZgvaai2lnA1RfaqbsZ8BDECW3jvZ05JaXb/hfAa3IR5nlJCkazCQaD223H6vR4uGx4hcsT1ocAeunfwK8girBUYWl+oUpEy/tDb7oVYb/fMHaN47r9iJedFyjgm33PJFButvE3Eiup99aYixfXJ7UlUwfy/6VX3AMRMMeIXFIS7qppOhGSCbxqNBuSzNtn3thlo9JEFpv2+PQMMub21OtDBJn65w+P5xhKbDToosK1EfdI+fdvYOpJ3Wt68terEy1LMWaNG9nkXzLefN0/w0lpGmU6KBs8WEplO/vEFUrkBMSYu6SC0jt/53cp2YZQb5zJOR/EiswG8HcEhLmhOIw2YL2motpZwNUX2qm7GfAQxAlt472dOSWl2/4XwGtyEeZ5SQpGswkGg9ttx+r0eLhseIXLE9aHAHrp38CvIIqwVGFpfqFKRMv7Q2+6FWG/3zB2jeO6/YiXnRco4Jt9zyRQbrbxNxIrqffWmIsX1ye1JVMH8v+lV9wDETDHiFxSEu6qaToRkgm8")    // Split ciphertext into signature chunks a 2048/8 bytes and decrypt each chunk    reader := bytes.NewReader(ciphertextBytes)    var writer bytes.Buffer    ciphertextBytesChunk := make([]byte, 2048/8)    for {         n, _ := io.ReadFull(reader, ciphertextBytesChunk)        if (n == 0) {             break        }        decryptChunk(ciphertextBytesChunk, &writer, pubKey)    }    // Concatenate decrypted signature chunks    decryptedData := writer.String()    fmt.Println(decryptedData)      }func ImportSPKIPublicKeyPEM(spkiPEM string) (*rsa.PublicKey) {    body, _ := pem.Decode([]byte(spkiPEM ))     publicKey, _ := x509.ParsePKIXPublicKey(body.Bytes)    if publicKey, ok := publicKey.(*rsa.PublicKey); ok {        return publicKey    } else {        return nil    }   }func decryptChunk(ciphertextBytesChunk []byte , writer *bytes.Buffer, pubKey *rsa.PublicKey ){    // Decrypt each signature chunk    ciphertextInt := new(big.Int)    ciphertextInt.SetBytes(ciphertextBytesChunk)    decryptedPaddedInt := decrypt(new(big.Int), pubKey, ciphertextInt)      // Remove padding    decryptedPaddedBytes := make([]byte, pubKey.Size())    decryptedPaddedInt.FillBytes(decryptedPaddedBytes)    start := bytes.Index(decryptedPaddedBytes[1:], []byte{0}) + 1 // // 0001FF...FF00<data>: Find index after 2nd 0x00    decryptedBytes := decryptedPaddedBytes[start:]      // Write decrypted signature chunk    writer.Write(decryptedBytes)}func decrypt(c *big.Int, pub *rsa.PublicKey, m *big.Int) *big.Int {    // Textbook RSA    e := big.NewInt(int64(pub.E))    c.Exp(m, e, pub.N)    return c}输出：The quick brown fox jumps over the lazy dogThe quick brown fox jumps over the lazy dogThe quick brown fox jumps over the lazy dog请注意，代码只是一个示例实现，特别是不包括异常处理。测试：下面的 Java 代码String publicKey = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ67dtUTLxoXnNEzRBFBmwukEJGC+y69cGgpNbtElQj3m4Aft/7cu9qYbTNguTSnCDt7uovZNb21u1vpZwKHyVgFEGO4SA8RNnjhJt2D7z8RDMWX3saody7jo9TKlrPABLZGo2o8vadW8Dly/v+Id0YDheCkVCoCEeUjQ8koXZhTwhYkGPu+vkdiqX5cUaiVTu1uzt591aO5Vw/hV4DIhFKnOTnYXnpXiwRwtPyYoGTa64yWfi2t0bv99qz0BgDjQjD0civCe8LRXGGhyB1U1aHjDDGEnulTYJyEqCzNGwBpzEHUjqIOXElFjt55AFGpCHAuyuoXoP3gQvoSj6RCsQIDAQAB"; byte[] ciphertext = Base64.getDecoder().decode("ajQbkszbZ97YZaPSRBab9vj0DDLm9tTrQwSZ+ucPj+cYSmw06KLCtRH3SPn3b2DqSd1revLXqxMtSzFmjRvZ5F8y3nzdP8NJaRplOigbPFhKZTv7xBVK5ATEmLukgtI7f+d3KdmGUG+cyTkfxIrMBvB3BIS5oTiMNmC9pqLaWcDVF9qpuxnwEMQJbeO9nTklpdv+F8BrchHmeUkKRrMJBoPbbcfq9Hi4bHiFyxPWhwB66d/AryCKsFRhaX6hSkTL+0NvuhVhv98wdo3juv2Il50XKOCbfc8kUG628TcSK6n31piLF9cntSVTB/L/pVfcAxEwx4hcUhLuqmk6EZIJvGo0G5LM22fe2GWj0kQWm/b49Awy5vbU60MEmfrnD4/nGEpsNOiiwrUR90j5929g6knda3ry16sTLUsxZo0b2eRfMt583T/DSWkaZTooGzxYSmU7+8QVSuQExJi7pILSO3/ndynZhlBvnMk5H8SKzAbwdwSEuaE4jDZgvaai2lnA1RfaqbsZ8BDECW3jvZ05JaXb/hfAa3IR5nlJCkazCQaD223H6vR4uGx4hcsT1ocAeunfwK8girBUYWl+oUpEy/tDb7oVYb/fMHaN47r9iJedFyjgm33PJFButvE3Eiup99aYixfXJ7UlUwfy/6VX3AMRMMeIXFIS7qppOhGSCbxqNBuSzNtn3thlo9JEFpv2+PQMMub21OtDBJn65w+P5xhKbDToosK1EfdI+fdvYOpJ3Wt68terEy1LMWaNG9nkXzLefN0/w0lpGmU6KBs8WEplO/vEFUrkBMSYu6SC0jt/53cp2YZQb5zJOR/EiswG8HcEhLmhOIw2YL2motpZwNUX2qm7GfAQxAlt472dOSWl2/4XwGtyEeZ5SQpGswkGg9ttx+r0eLhseIXLE9aHAHrp38CvIIqwVGFpfqFKRMv7Q2+6FWG/3zB2jeO6/YiXnRco4Jt9zyRQbrbxNxIrqffWmIsX1ye1JVMH8v+lV9wDETDHiFxSEu6qaToRkgm8");byte[] decrypted = decryptByPublicKey(ciphertext, publicKey); System.out.println(new String(decrypted, StandardCharsets.UTF_8));使用您发布的方法给出相同的结果。

使用来自 Java 的公钥实现进行 RSA 解密

1回答