|
- package utils
-
- import (
- "bytes"
- "crypto/rand"
- "crypto/rsa"
- "crypto/x509"
- "encoding/base64"
- "encoding/pem"
- "errors"
- "fmt"
- "io/ioutil"
- "log"
- "os"
- )
-
- // 生成私钥文件 TODO 未指定路径
- func RsaKeyGen(bits int) error {
- privateKey, err := rsa.GenerateKey(rand.Reader, bits)
- if err != nil {
- return err
- }
- derStream := x509.MarshalPKCS1PrivateKey(privateKey)
- block := &pem.Block{
- Type: "RSA PRIVATE KEY",
- Bytes: derStream,
- }
- priFile, err := os.Create("private.pem")
- if err != nil {
- return err
- }
- err = pem.Encode(priFile, block)
- priFile.Close()
- if err != nil {
- return err
- }
- // 生成公钥文件
- publicKey := &privateKey.PublicKey
- derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
- if err != nil {
- return err
- }
- block = &pem.Block{
- Type: "PUBLIC KEY",
- Bytes: derPkix,
- }
- pubFile, err := os.Create("public.pem")
- if err != nil {
- return err
- }
- err = pem.Encode(pubFile, block)
- pubFile.Close()
- if err != nil {
- return err
- }
- return nil
- }
-
- // 生成私钥文件, 返回 privateKey , publicKey, error
- func RsaKeyGenText(bits int) (string, string, error) { // bits 字节位 1024/2048
- privateKey, err := rsa.GenerateKey(rand.Reader, bits)
- if err != nil {
- return "", "", err
- }
- derStream := x509.MarshalPKCS1PrivateKey(privateKey)
- block := &pem.Block{
- Type: "RSA PRIVATE KEY",
- Bytes: derStream,
- }
- priBuff := bytes.NewBuffer(nil)
- err = pem.Encode(priBuff, block)
- if err != nil {
- return "", "", err
- }
- // 生成公钥文件
- publicKey := &privateKey.PublicKey
- derPkix, err := x509.MarshalPKIXPublicKey(publicKey)
- if err != nil {
- return "", "", err
- }
- block = &pem.Block{
- Type: "PUBLIC KEY",
- Bytes: derPkix,
- }
- pubBuff := bytes.NewBuffer(nil)
- err = pem.Encode(pubBuff, block)
- if err != nil {
- return "", "", err
- }
- return priBuff.String(), pubBuff.String(), nil
- }
-
- // 加密
- func RsaEncrypt(rawData, publicKey []byte) ([]byte, error) {
- block, _ := pem.Decode(publicKey)
- if block == nil {
- return nil, errors.New("public key error")
- }
- pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
- if err != nil {
- return nil, err
- }
- pub := pubInterface.(*rsa.PublicKey)
- return rsa.EncryptPKCS1v15(rand.Reader, pub, rawData)
- }
-
- // 公钥加密
- func RsaEncrypts(data, keyBytes []byte) []byte {
- //解密pem格式的公钥
- block, _ := pem.Decode(keyBytes)
- if block == nil {
- panic(errors.New("public key error"))
- }
- // 解析公钥
- pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
- if err != nil {
- panic(err)
- }
- // 类型断言
- pub := pubInterface.(*rsa.PublicKey)
- //加密
- ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, pub, data)
- if err != nil {
- panic(err)
- }
- return ciphertext
- }
-
- // 解密
- func RsaDecrypt(cipherText, privateKey []byte) ([]byte, error) {
- block, _ := pem.Decode(privateKey)
- if block == nil {
- return nil, errors.New("private key error")
- }
- priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
- if err != nil {
- return nil, err
- }
- return rsa.DecryptPKCS1v15(rand.Reader, priv, cipherText)
- }
-
- // 从证书获取公钥
- func OpensslPemGetPublic(pathOrString string) (interface{}, error) {
- var certPem []byte
- var err error
- if IsFile(pathOrString) && Exists(pathOrString) {
- certPem, err = ioutil.ReadFile(pathOrString)
- if err != nil {
- return nil, err
- }
- if string(certPem) == "" {
- return nil, errors.New("empty pem file")
- }
- } else {
- if pathOrString == "" {
- return nil, errors.New("empty pem string")
- }
- certPem = StringToSlice(pathOrString)
- }
- block, rest := pem.Decode(certPem)
- if block == nil || block.Type != "PUBLIC KEY" {
- //log.Fatal("failed to decode PEM block containing public key")
- return nil, errors.New("failed to decode PEM block containing public key")
- }
- pub, err := x509.ParsePKIXPublicKey(block.Bytes)
- if err != nil {
- log.Fatal(err)
- }
- fmt.Printf("Got a %T, with remaining data: %q", pub, rest)
- return pub, nil
- }
-
- // StringToPrivateKey 字符串变为私钥
- func StringToPrivateKey(base64Str string) (*rsa.PrivateKey, error) {
- // Base64解码以获取DER数据
- derData, err := base64.StdEncoding.DecodeString(base64Str)
- if err != nil {
- return nil, fmt.Errorf("base64 decode failed: %v", err)
- }
-
- // 解析DER数据以获取私钥
- privateKey, err := x509.ParsePKCS8PrivateKey(derData)
- if err != nil {
- return nil, fmt.Errorf("failed to parse private key: %v", err)
- }
-
- // 类型断言以确保privateKey是*rsa.PrivateKey类型
- rsaPrivateKey, ok := privateKey.(*rsa.PrivateKey)
- if !ok {
- return nil, fmt.Errorf("private key is not of type *rsa.PrivateKey")
- }
-
- return rsaPrivateKey, nil
- }
|