RSA加密内容过长导致抛异常javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes

时间:2021-09-25 18:34:43

在进行对内容加密时发现内容长度过长就会导致Data must not be longer than 117
bytes的问题,后来百度的一番才得知由于是RSA的加密长度只能加密117bytes的内容,所以就报错了。


搜索网上的内容给出的解决办法有两种,一种是分段进行加密数据,另一种加密是使用RSA加密AES的密码,然后使用AES来加密数据。两者比较推荐使用后者,前者的加密方式确实安全,每次加密解密太慢了,如果使用AES加密速度就快了很多,但是不足够安全,这时候使用RSA来加密一下AES的秘钥,这样就更加的安全了。

RSA加密内容过长导致抛异常javax.crypto.IllegalBlockSizeException: Data must not be longer than 117 bytes

实现示例:

RSA工具类

package com.bzqll.util;

import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import com.sun.xml.internal.rngom.parse.host.Base;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.springframework.util.Base64Utils;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import java.io.IOException;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

public class RSAHelper {

    public static final String PUBLIC_KEY_VALUES = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bb7yxuvRIWOUxlTbTXE\n" +
            "cKX5f4Q6+BBOf1fYJKic9l6Wf1QPmyt6ML7PywaPH861D7eYoQl0bGNK2fKsgcAG\n" +
            "ZzObG5CpmP8ESnSzqcjltdAgx+neCZQy7yUmXUIhpBEQMN80CNYoasOxeZTdPh2w\n" +
            "zhlmwa27ubkvpINtKUfZbg8sQ5wiDGbLM32ej8z2Rl8DNY4vrusJaNXB7LWaRQm7\n" +
            "4lPhLN2B/hMv/Ktif4iNxUCYDY97Xws2kVVu7ffWkn4rnhiCrTw2XMZRjIJq3a4o\n" +
            "4zGWUhYm0usVOLz+yG22cLSCIDhM8tBXL2f3960l4OIQbSObfQkGnqlmi0Fe686p\n" +
            "gwIDAQAB";
    public static final String PRIVATE_KEY_VALUES = "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDRtvvLG69EhY5T\n" +
            "GVNtNcRwpfl/hDr4EE5/V9gkqJz2XpZ/VA+bK3owvs/LBo8fzrUPt5ihCXRsY0rZ\n" +
            "8qyBwAZnM5sbkKmY/wRKdLOpyOW10CDH6d4JlDLvJSZdQiGkERAw3zQI1ihqw7F5\n" +
            "lN0+HbDOGWbBrbu5uS+kg20pR9luDyxDnCIMZsszfZ6PzPZGXwM1ji+u6wlo1cHs\n" +
            "tZpFCbviU+Es3YH+Ey/8q2J/iI3FQJgNj3tfCzaRVW7t99aSfiueGIKtPDZcxlGM\n" +
            "gmrdrijjMZZSFibS6xU4vP7IbbZwtIIgOEzy0FcvZ/f3rSXg4hBtI5t9CQaeqWaL\n" +
            "QV7rzqmDAgMBAAECggEBAIpVZ5Y8tso+RvmttQhO9TtRYFirArLrHryFV4Am8RLa\n" +
            "pe9rpbe3YCyTUUIdG3/hvDGX68geEnwEqzVFDGGyJwcgVWpDbHwNi+kJPhH7APuD\n" +
            "RHxaWip7ZXW2Ta4ql0JANyvlr888ZQC4AXOvrJjywNPSkaOkVDZYX4LnZrRaPqSH\n" +
            "j9iVGuKK4nbqbXP1tuLyto6bsn3L2KuwrBthtiDPaZ1cRm3aSu/XND030iSGloW/\n" +
            "/f6vHI3U//cPFPdi8p54nbpGTB0E66D2xbfK5+z9dZYoFDZUdMsloR1JgS4vQErr\n" +
            "17165RS7cpWx2HejiKat6qmNFXkHbREpcLDT+lq91LECgYEA7wqm+mIFIYyXEARc\n" +
            "lKKabCKaufKE+7kyBGpAEyon1lYZHw62dCYkGmuXULam4IAz7TesWsbG5SEgDx/A\n" +
            "jeFSoC6NTyyTzSh1I08UHdOJ4xhAa67GnlJG7WLNZFK+itl7v3VOOlGsAYAxaG5q\n" +
            "kQKQ1mKk6C6oGRpQ0aqKxVhoDc0CgYEA4Je2flPUYs33qy4m09UBFx6Xf91/5LvL\n" +
            "iTtEo+HGcMzxmfeV3sawUwtjHhyippN5lTR80JLbYoEvoUMyKt+N5Jnic206alSH\n" +
            "hujsQnO4LCRHz/XwkHnB8Ncd3J67Uaq9PUPY630NIA/ChBAQchsqntJSdVn65PZf\n" +
            "mw7+hO2WxI8CgYB4eX/qlVhMrlS8R9Z5OvJlKZOdv/LyA0aIHxyoDAkD52TF2F5w\n" +
            "b4CmqC8dCNFWOIbzOanuHlzDwkwsEy6y0ysXfB7QFoFvVsKixwo2dhT6lZByNSX5\n" +
            "STJiFfe6ZlGOHUpXFkIU9nCgWQGNxoiDCS4CPrkqI8mozTCKW0+RYpseyQKBgQCR\n" +
            "cK21UQQQl+Dy8YgjVaTHHABvxTi1HwfHbqIcnnCrS4yJcFOVWIWGwbEGJvUNeiMa\n" +
            "BEtvpip7t7zoaWNrcCmrCBwlM27IvMSnEN8uiVGTBEuc2F9YsABvvl6QKBqV4EN8\n" +
            "ERvAI9MEGDCW5PBBdGY9Q2YyqHpZG1L+Ts9ztYgU8QKBgB7bP9eNMrDzgZ6i9pFP\n" +
            "djlcJ+NE0veOLwTA1eQhiIZFSJTI5eyiePTYNIS3GwIyGauzePw5LeBb6rLVBt4Y\n" +
            "NAOgJDeHbPV2bnstONjE7FyUswJivIVD3n3UaVGgBTe6xc468Ws4rmeKZ8/Ph1Nq\n" +
            "ylaViyPWz486JAibF3Kudl5B";
    /** * RSA密钥长度必须是64的倍数,在512~65536之间。默认是1024 */
    public static final int KEY_SIZE = 2048;

    /** * 生成公钥、私钥对(keysize=1024) */
    public static RSAHelper.KeyPairInfo getKeyPair() {
        return getKeyPair(KEY_SIZE);
    }

    /** * 生成公钥、私钥对 * * @param keySize * @return */
    public static RSAHelper.KeyPairInfo getKeyPair(int keySize) {
        try {
            KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
            keyPairGen.initialize(keySize);
            // 生成一个密钥对,保存在keyPair中
            KeyPair keyPair = keyPairGen.generateKeyPair();
            // 得到私钥
            RSAPrivateKey oraprivateKey = (RSAPrivateKey) keyPair.getPrivate();
            // 得到公钥
            RSAPublicKey orapublicKey = (RSAPublicKey) keyPair.getPublic();

            RSAHelper.KeyPairInfo pairInfo = new RSAHelper.KeyPairInfo(keySize);
            //公钥
            byte[] publicKeybyte = orapublicKey.getEncoded();
            String publicKeyString = Base64.encode(publicKeybyte);
            pairInfo.setPublicKey(publicKeyString);
            //私钥
            byte[] privateKeybyte = oraprivateKey.getEncoded();
            String privateKeyString = Base64.encode(privateKeybyte);
            pairInfo.setPrivateKey(privateKeyString);

            return pairInfo;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /** * 获取公钥对象 * * @param publicKeyBase64 * @return * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException */
    public static PublicKey getPublicKey(String publicKeyBase64)
            throws InvalidKeySpecException, NoSuchAlgorithmException, Base64DecodingException {

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        X509EncodedKeySpec publicpkcs8KeySpec =
                new X509EncodedKeySpec(Base64.decode(publicKeyBase64));
        PublicKey publicKey = keyFactory.generatePublic(publicpkcs8KeySpec);
        return publicKey;
    }

    /** * 获取私钥对象 * * @param privateKeyBase64 * @return * @throws NoSuchAlgorithmException * @throws InvalidKeySpecException */
    public static PrivateKey getPrivateKey(String privateKeyBase64)
            throws NoSuchAlgorithmException, InvalidKeySpecException, Base64DecodingException {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PKCS8EncodedKeySpec privatekcs8KeySpec =
                new PKCS8EncodedKeySpec(Base64.decode(privateKeyBase64));
        PrivateKey privateKey = keyFactory.generatePrivate(privatekcs8KeySpec);
        return privateKey;
    }

    /** * 使用工钥加密 * * @param content 待加密内容 * @param publicKeyBase64 公钥 base64 编码 * @return 经过 base64 编码后的字符串 */
    public static String encipher(String content, String publicKeyBase64) {
        return encipher(content, publicKeyBase64, KEY_SIZE / 8 - 11);
    }

    /** * 使用公司钥加密(分段加密) * * @param content 待加密内容 * @param publicKeyBase64 公钥 base64 编码 * @param segmentSize 分段大小,一般小于 keySize/8(段小于等于0时,将不使用分段加密) * @return 经过 base64 编码后的字符串 */
    public static String encipher(String content, String publicKeyBase64, int segmentSize) {
        try {
            PublicKey publicKey = getPublicKey(publicKeyBase64);
            return encipher(content, publicKey, segmentSize);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /** * 分段加密 * * @param ciphertext 密文 * @param key 加密秘钥 * @param segmentSize 分段大小,<=0 不分段 * @return */
    public static String encipher(String ciphertext, java.security.Key key, int segmentSize) {
        try {
            // 用公钥加密
            byte[] srcBytes = ciphertext.getBytes();

            // Cipher负责完成加密或解密工作,基于RSA
            Cipher cipher = Cipher.getInstance("RSA");
            // 根据公钥,对Cipher对象进行初始化
            cipher.init(Cipher.ENCRYPT_MODE, key);
            byte[] resultBytes = null;

            if (segmentSize > 0)
                resultBytes = cipherDoFinal(cipher, srcBytes, segmentSize); //分段加密
            else
                resultBytes = cipher.doFinal(srcBytes);
            String base64Str = Base64Utils.encodeToString(resultBytes);
            return base64Str;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /** * 分段大小 * * @param cipher * @param srcBytes * @param segmentSize * @return * @throws IllegalBlockSizeException * @throws BadPaddingException * @throws IOException */
    public static byte[] cipherDoFinal(Cipher cipher, byte[] srcBytes, int segmentSize)
            throws IllegalBlockSizeException, BadPaddingException, IOException {
        if (segmentSize <= 0)
            throw new RuntimeException("分段大小必须大于0");
        ByteArrayOutputStream out = new ByteArrayOutputStream();
        int inputLen = srcBytes.length;
        int offSet = 0;
        byte[] cache;
        int i = 0;
        // 对数据分段解密
        while (inputLen - offSet > 0) {
            if (inputLen - offSet > segmentSize) {
                cache = cipher.doFinal(srcBytes, offSet, segmentSize);
            } else {
                cache = cipher.doFinal(srcBytes, offSet, inputLen - offSet);
            }
            out.write(cache, 0, cache.length);
            i++;
            offSet = i * segmentSize;
        }
        byte[] data = out.toByteArray();
        out.close();
        return data;
    }

    /** * 使用私钥解密 * * @param contentBase64 待加密内容,base64 编码 * @param privateKeyBase64 私钥 base64 编码 * @return * @segmentSize 分段大小 */
    public static String decipher(String contentBase64, String privateKeyBase64) {
        return decipher(contentBase64, privateKeyBase64, KEY_SIZE / 8);
    }

    /** * 使用私钥解密(分段解密) * * @param contentBase64 待加密内容,base64 编码 * @param privateKeyBase64 私钥 base64 编码 * @return * @segmentSize 分段大小 */
    public static String decipher(String contentBase64, String privateKeyBase64, int segmentSize) {
        try {
            PrivateKey privateKey = getPrivateKey(privateKeyBase64);
            return decipher(contentBase64, privateKey, segmentSize);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /** * 分段解密 * * @param contentBase64 密文 * @param key 解密秘钥 * @param segmentSize 分段大小(小于等于0不分段) * @return */
    public static String decipher(String contentBase64, java.security.Key key, int segmentSize) {
        try {
            // 用私钥解密
            byte[] srcBytes = Base64Utils.decodeFromString(contentBase64);
            // Cipher负责完成加密或解密工作,基于RSA
            Cipher deCipher = Cipher.getInstance("RSA");
            // 根据公钥,对Cipher对象进行初始化
            deCipher.init(Cipher.DECRYPT_MODE, key);
            byte[] decBytes = null;//deCipher.doFinal(srcBytes);
            if (segmentSize > 0)
                decBytes = cipherDoFinal(deCipher, srcBytes, segmentSize); //分段加密
            else
                decBytes = deCipher.doFinal(srcBytes);

            String decrytStr = new String(decBytes);
            return decrytStr;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    /** * 秘钥对 */
    public static class KeyPairInfo {
        String privateKey;
        String publicKey;
        int keySize = 0;

        public KeyPairInfo(int keySize) {
            setKeySize(keySize);
        }

        public KeyPairInfo(String publicKey, String privateKey) {
            setPrivateKey(privateKey);
            setPublicKey(publicKey);
        }

        public String getPrivateKey() {
            return privateKey;
        }

        public void setPrivateKey(String privateKey) {
            this.privateKey = privateKey;
        }

        public String getPublicKey() {
            return publicKey;
        }

        public void setPublicKey(String publicKey) {
            this.publicKey = publicKey;
        }

        public int getKeySize() {
            return keySize;
        }

        public void setKeySize(int keySize) {
            this.keySize = keySize;
        }
    }
}

AES工具类

package com.bzqll.util;

import org.springframework.util.Base64Utils;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;

/** * @version V1.0 * @desc AES 加密工具类 */
public class AESUtil {

    private static final String KEY_ALGORITHM = "AES";
    private static final String DEFAULT_CIPHER_ALGORITHM = "AES/ECB/PKCS5Padding";//默认的加密算法

    /** * AES 加密操作 * * @param content 待加密内容 * @param password 加密密码 * @return 返回Base64转码后的加密数据 */
    public static String encrypt(String content, String password) {
        try {
            Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);// 创建密码器

            byte[] byteContent = content.getBytes("utf-8");

            cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(password));// 初始化为加密模式的密码器

            byte[] result = cipher.doFinal(byteContent);// 加密

            return Base64Utils.encodeToString(result);//通过Base64转码返回
        } catch (Exception ex) {
            Logger.getLogger(AESUtil.class.getName()).log(Level.SEVERE, null, ex);
        }

        return null;
    }

    /** * AES 解密操作 * * @param content * @param password * @return */
    public static String decrypt(String content, String password) {

        try {
            //实例化
            Cipher cipher = Cipher.getInstance(DEFAULT_CIPHER_ALGORITHM);

            //使用密钥初始化,设置为解密模式
            cipher.init(Cipher.DECRYPT_MODE, getSecretKey(password));

            //执行操作
            byte[] result = cipher.doFinal(Base64Utils.decodeFromString(content));

            return new String(result, "utf-8");
        } catch (Exception ex) {
            Logger.getLogger(AESUtil.class.getName()).log(Level.SEVERE, null, ex);
        }

        return null;
    }

    /** * 生成加密秘钥 * * @return */
    private static SecretKeySpec getSecretKey(String password) {
        //返回生成指定算法密钥生成器的 KeyGenerator 对象
        KeyGenerator kg = null;
        try {
            kg = KeyGenerator.getInstance(KEY_ALGORITHM);
            //AES 要求密钥长度为 128
            kg.init(128, new SecureRandom(password.getBytes()));
            //生成一个密钥
            SecretKey secretKey = kg.generateKey();
            return new SecretKeySpec(secretKey.getEncoded(), KEY_ALGORITHM);// 转换为AES专用密钥
        } catch (NoSuchAlgorithmException ex) {
            Logger.getLogger(AESUtil.class.getName()).log(Level.SEVERE, null, ex);
        }
        return null;
    }

}

由于是公司业务代码,实际代码中的逻辑更复杂,后面的逻辑类就不贴出来了,只贴出了工具类