使用私钥加密5-10MB文件并使用公钥解密
[英]Encrypt 5-10MB file with private key and decrypt with public key
问题描述
I am trying to encrypt a file using a private key via RSA and then decrypt it using the public key in Java. 
我试图通过RSA使用私钥加密文件,然后使用Java中的公钥解密它。 I know very well that this is the reverse use case of how RSA is normally used with private/public key pairs. 我非常清楚这是RSA通常如何与私钥/公钥对一起使用的反向用例。
My objective is to take a file, encrypt it on one system using a private key, and then decrypt it on a different system using the public key. 我的目标是获取一个文件,使用私钥在一个系统上对其进行加密,然后使用公钥在另一个系统上对其进行解密。 I plan to distribute the public key so that anyone can read the file. 我计划分发公钥,以便任何人都可以阅读该文件。 What I am trying to prevent is from anyone being able to create the file. 我想阻止的是任何人都可以创建该文件。
I have found these C header functions and them implemented in PHP so i know what I am trying to do is possible 我发现这些C头函数和它们在PHP中实现,所以我知道我想要做的是可能的
int RSA_public_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
int RSA_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
int RSA_public_decrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
How can I achieve the same behavior in Java? 如何在Java中实现相同的行为? I keep googling and searching for things but maybe I am just not using the right words. 我一直在谷歌搜索和寻找东西,但也许我只是没有使用正确的话。 Everything keeps coming up showing me how to encrypt with public and decrypt with private when I am trying to do the opposite. 当我试图做相反的事情时,一切都在不断地向我展示如何用公共加密和用私密解密。
The file i want to encrypt ranges from 5-10MB in size. 我要加密的文件大小从5-10MB不等。
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2016-12-21 09:28:56
If you want identify the person who owns the private key, and therefore owns the file, I guess the process you are looking for is "digital signature" (and not encryption), as comments @EJP 如果你想识别拥有私钥的人,因此拥有该文件,我想你正在寻找的过程是“数字签名”(而不是加密),如评论@EJP
Digest the file with a hashing algorithm like SHA-256 .
使用像SHA-256这样的散列算法消化文件 。 Creates a summary of a few bytes "hash" 创建几个字节“哈希”的摘要 Sign the hash using the RSA private key .
使用RSA私钥对哈希进行签名 。 This is called the "signature" 这被称为“签名” Send the file and the signature to a third party.
将文件和签名发送给第三方。 They can verify the signature using the public key. 他们可以使用公钥验证签名。 If signature match then you can ensure the identity of the sender of the message and that has not been altered 如果签名匹配,那么您可以确保消息的发件人的身份和未被更改的身份
In this case case file is not encrypted, is hashed and signed. 在这种情况下,案例文件未加密,经过哈希处理和签名。
If you need to encrypt to hide the content, then you can't use RSA, because message size is limited by the length of the key. 如果需要加密以隐藏内容,则无法使用RSA,因为邮件大小受密钥长度的限制。 So 10mb is too big. 所以10mb太大了。 In this case I suggest to use en encryption algorithm like AES to encrypt the content. 在这种情况下,我建议使用像AES这样的加密算法来加密内容。
The third party will need the AES decryption key. 第三方将需要AES解密密钥。 Generate it before this or encrypt the AES key with a RSA public key of the third party using RSASA-OAEP padding (according link provided by @Maarten Bodewes) 在此之前生成它或使用RSASA-OAEP填充使用第三方的RSA公钥加密AES密钥(根据@Maarten Bodewes提供的链接)
Generating a digital signature 生成数字签名
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initSign(privateKey);
sig.update (data)
byte[] signature = sig.sign();
Verifiying the signature 验证签名
Signature sig = Signature.getInstance("SHA256withRSA");
sig.initVerify(publicKey);
sig.update(data);
boolean verifies = sig.verify(signature);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.