通过openssl可以很容易生成一对私钥和公钥，注意私钥和公钥是成对出现的。

私钥：指只有自己知道的一个字符串

公钥：提供出来给大家都知道的一个字符串

关于私钥和公钥的操作分两种：1.公钥加密数据，私钥解密数据 2.私钥签名数据，公钥验证数据

我们一个一个来分析：

1.公钥加密，私钥解密

有很多朋友都想给我发信息，他们发的信息只想给我一个人看，其他人拿到这个信息是看不了的！为了满足这种需求，我们就采用公钥加密，私钥解密这种方式。

朋友们把发给我的信息用大家都知道的公钥进行加密，然后发给我，要想解密该信息就必须要公钥对应的私钥来解密该信息，但是只有我自己知道这个私钥，所以朋友们发过来的信息，就只有我一个人能够解开，也就只有我一个人可以看，因为其他人没有私钥，他们不能解密信息。

图解如下：

2.私钥签名，公钥验证

假设我想给我的一个朋友发送信息，但是可能有其他人冒充我，然后给我朋友发信息，那么我朋友就不敢确定发给他的消息到底是不是我发给他的，为了满足这种需求，就使用私钥签名，公钥验证！

我把我要发送的信息，用只有我自己知道的私钥来进行签名，就相当于在该信息上烙下一个我自己的唯一标记，其他人因为没有这个私钥，所以没有这个标记，信息签名之后，发送给好友，好友知道我这个私钥所对应的公钥，所以对发送他的信息用公钥来验证一下，验证成功，就说明这条信息就是我本人发送给他的。

图解如下：

openssl生成公钥私钥对的方法

在Java程序中，可从之前所存储的几个文件中取得密钥与加密结果来做解密。使用了BC的JCE，即bcprov-jdk14-119.jar，在使用之前，需要先安装此JCE：

 

假设JDK：jdk1.4\jre\

把BC包放到JRE下的ext：jdk1.4\jre\lib\ext

修改文件jdk1.4\jre\lib\security\java.security：

#

# List of providers and their preference orders (see above):

#

security.provider.1=sun.security.provider.Sun

security.provider.2=com..ssl.internal.ssl.Provider

security.provider.3=com.sun.rsajca.Provider

security.provider.4=com.sun.crypto.provider.SunJCE

security.provider.5=sun.security.jgss.SunProvider

 

security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider

 

======================================================================

 

C++程序源码：

 

#include

#include

#include

//#define _RSA_KEY_PAIR_GENERATE_//密钥是否要生成 只需要在第一次运行时打开此宏

 

#define _RSA_KEY_PAIR_TOFILE_//密钥对是否要写入文件

 

#define MAX_RSA_KEY_LENGTH 512 //密钥的最大长度是512字节

 

#define PUBKEY_ENCRYPT

#define PRIKEY_DECRYPT

 

#pragma comment(lib, “../lib/libeay32.lib”)

static const char * PUBLIC_KEY_FILE = “pubkey.key”;

static const char * PRIVATE_KEY_FILE = “prikey.key”;

 

int RsaKeyPairGen(void)

{

RSA *rsa = NULL;

 

#ifdef _RSA_KEY_PAIR_GENERATE_

//生成RSA密钥对：

rsa = RSA_new();

rsa = RSA_generate_key(1024, 0x10001, NULL, NULL);

#endif

 

//把密钥对写入文件，以后从文件里读取

#ifdef _RSA_KEY_PAIR_TOFILE_

unsigned char ucPubKey[MAX_RSA_KEY_LENGTH] = {0}, ucPriKey[MAX_RSA_KEY_LENGTH] = {0};

int len = i2d_RSAPublicKey(rsa,NULL);

unsigned char* pt = ucPubKey;

len = i2d_RSAPublicKey(rsa, &pt);

 

FILE *fpubkey = NULL;

fpubkey = fopen(PUBLIC_KEY_FILE, “wb”);

if(fpubkey == NULL)

{

cout << “fopen pubkey.key failed!” << endl;

return 0x01;

}

fwrite(ucPubKey, 1, len, fpubkey);

fclose(fpubkey);

 

len = i2d_RSAPrivateKey(rsa,NULL);

unsigned char* pt2 = ucPriKey;

len = i2d_RSAPrivateKey(rsa,&pt2);

FILE *fprikey = NULL;

fprikey = fopen(PRIVATE_KEY_FILE, “wb”);

if(fprikey == NULL)

{

cout << “fopen prikey.key failed!” << endl;

return 0x02;

}

fwrite(ucPriKey, 1, len, fprikey);

fclose(fprikey);

#endif

 

if(rsa != NULL)

{

RSA_free(rsa);

rsa = NULL;

}

return 0;

}

 

//从文件里读取私钥的数据，取得RSA格式的私钥：

int GetPriKey(unsigned char *pucPriKeyData, unsigned long KeyDataLen, RSA* *priRsa)

{

unsigned char *Pt = pucPriKeyData;

*priRsa = d2i_RSAPrivateKey(NULL, &Pt, KeyDataLen);

if(priRsa == NULL)

{

cout << “priRsa == NULL!” << endl;

return 0x22;

}

return 0;

}

 

//取得RSA格式的公钥：

int GetPubKey(unsigned char *pucPubKeyData,unsigned long KeyDataLen, RSA* *pubRsa)

{

unsigned char *Pt = pucPubKeyData;

*pubRsa = d2i_RSAPublicKey(NULL, &Pt, KeyDataLen);

if(pubRsa == NULL)

{

cout << “pubRsa == NULL!” << endl;

return 0x31;

}

return 0;

}

 

//公钥加密会话密钥：

int encSessionKeybyRsaPubKey(RSA *rsa, unsigned char *ucKey, unsigned long ulKeyLen,

unsigned char *outData, unsigned long *pulOutLen)

{

return (*pulOutLen = RSA_public_encrypt(ulKeyLen, ucKey, outData, rsa, 1));

}

 

//私钥解密会话密钥：

int decSessionKeybyRsaPriKey(RSA *rsa, unsigned char *InData, unsigned long ulDataLen,

unsigned char *ucKey, unsigned long *pulKeyLen)

{

return (*pulKeyLen = RSA_private_decrypt(ulDataLen, InData, ucKey, rsa, 1));

}

 

 

int main(int argc, char* argv[])

{

unsigned char ucKey[8] = {0x01, 0x03, 0x99, 0x4, \

0x80, 0x65, 0x34, 0x08};

unsigned char ucEncryptedKey[512] = {0}, ucDecryptedKey[512] = {0};

unsigned long encrypted_len = 0, decrypted_len = 0;

 

 

#ifdef _RSA_KEY_PAIR_GENERATE_

RsaKeyPairGen();

#endif

 

//取得公钥：

unsigned char ucPubKey[MAX_RSA_KEY_LENGTH] = {0};

 

FILE *fpubkey = NULL;

fpubkey = fopen(PUBLIC_KEY_FILE, “rb”);

if(fpubkey == NULL)

{

cout << “fopen pubkey.key failed!” << endl;

return 0x03;

}

fseek(fpubkey, 0, SEEK_END);

int len_PK = ftell(fpubkey);

fseek(fpubkey, 0, SEEK_SET);

fread(ucPubKey, 1, len_PK, fpubkey);

fclose(fpubkey);

 

#ifdef PUBKEY_ENCRYPT

RSA *pRsaPubKey = NULL;

pRsaPubKey = RSA_new();

 

GetPubKey(ucPubKey, len_PK, &pRsaPubKey);

//公钥加密：

encSessionKeybyRsaPubKey(pRsaPubKey, ucKey, sizeof(ucKey), ucEncryptedKey, &encrypted_len);

//write to file:

FILE *fp = NULL;

fp = fopen(“ucKey.data”, “wb”);

fwrite(ucEncryptedKey, 1, encrypted_len, fp);

fclose(fp);

 

if(pRsaPubKey != NULL)

{

RSA_free(pRsaPubKey); pRsaPubKey = NULL;

}

#endif

 

//取得私钥：

unsigned char ucPriKey[MAX_RSA_KEY_LENGTH] = {0};

 

FILE *fprikey = NULL;

fprikey = fopen(PRIVATE_KEY_FILE, “rb”);

if(fprikey == NULL)

{

cout << “fopen prikey.key failed!” << endl;

return 0x02;

}

fseek(fprikey, 0, SEEK_END);

int len_SK = ftell(fprikey);

fseek(fprikey, 0, SEEK_SET);

fread(ucPriKey, 1, len_SK, fprikey);

fclose(fprikey);

 

#ifdef PRIKEY_DECRYPT

RSA *pRsaPriKey = NULL;

pRsaPriKey = RSA_new();

 

GetPriKey(ucPriKey, len_SK, &pRsaPriKey);

//私钥解密：

FILE *fp1 = NULL;

fp1 = fopen(“ucKey.data”, “rb”);

int len = ftell(fp1);

fseek(fp1, 0, SEEK_SET);

fread(ucPriKey, 1, len_SK, fp1);

fclose(fp1);

decSessionKeybyRsaPriKey(pRsaPriKey, ucEncryptedKey, encrypted_len, ucDecryptedKey, &decrypted_len);

if(pRsaPriKey != NULL)

{

RSA_free(pRsaPriKey); pRsaPriKey = NULL;

}

 

//数据对比：

if(0 == memcmp(ucKey, ucDecryptedKey, decrypted_len))

{

cout << “OK!” << endl;

}

else

{

cout << “FAILED!” << endl;

}

#endif

 

return 0;

}

 

======================================================================

 

Java程序源码：

 

======================================================================

 

package jrsaencrypt;

 

import java.io.*;

import java.security.*;

import java.security.spec.*;

import java.security.PublicKey;

import java.security.PrivateKey;

import java.security.KeyFactory;

import javax.crypto.Cipher.*;

 

/**

*

 

Title:

 

 

*

Description:

 

 

*

Copyright: Copyright (c) 2005

 

 

*

Company:

 

 

* @author not attributable

* @version 1.0

*/

public class RsaKeyGen {

 

public RsaKeyGen() {

}

/**

* 生成RSA密钥对

* @return

*/

int generateRsaKeyPair() {

//generate an RSA key pair

try {

KeyPairGenerator keyGen = KeyPairGenerator.getInstance(“RSA”);

keyGen.initialize(1024);

KeyPair pair = keyGen.generateKeyPair();

System.out.println(pair.getPublic().getFormat());

System.out.println(pair.getPublic().getAlgorithm());

System.out.println(“\nRSA public Key:”);

byte[] bPubKey = pair.getPublic().getEncoded();

System.out.println(bPubKey.length);

for (int i = 0; i < bPubKey.length; i++) {

System.out.print(bPubKey[i] + ” “);

}

System.out.println(“\nRSA private Key:”);

byte[] bPriKey = pair.getPrivate().getEncoded();

System.out.println(bPriKey.length);

for (int i = 0; i < bPriKey.length; i++) {

System.out.print(bPriKey[i] + ” “);

}

 

}

catch (Exception e) {

e.printStackTrace();

}

return 0;

}

/**

* 从公钥数据取得公钥

* @param bPubKeyInput

* @return

*/

PublicKey getRsaPubKey(byte[] bPubKeyInput) {

byte[] bX509PubKeyHeader = {

48, -127, -97, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5, 0,

3, -127, -115, 0};

try {

byte[] bPubKey = new byte[bPubKeyInput.length + bX509PubKeyHeader.length];

System.arraycopy(bX509PubKeyHeader, 0, bPubKey, 0,

bX509PubKeyHeader.length);

System.arraycopy(bPubKeyInput, 0, bPubKey, bX509PubKeyHeader.length,

bPubKeyInput.length);

 

X509EncodedKeySpec rsaKeySpec = new X509EncodedKeySpec(bPubKey);

KeyFactory keyFactory = KeyFactory.getInstance(“RSA”);

rsaPubKey = keyFactory.generatePublic(rsaKeySpec);

}

catch (Exception e) {

e.printStackTrace();

}

 

return rsaPubKey;

}

 

/**

* 从私钥数据取得私钥

* @param bPriKeyInput

* @return

*/

PrivateKey getRsaPriKey(byte[] bPriKeyInput) {

byte[] bX509PriKeyHeader = {

48, -126, 2, 117, 2, 1, 0, 48, 13, 6, 9, 42,

-122, 72, -122, -9, 13, 1, 1, 1, 5, 0, 4, -126, 2, 95};

try {

byte[] bPriKey = new byte[bX509PriKeyHeader.length + bPriKeyInput.length];

System.arraycopy(bX509PriKeyHeader, 0, bPriKey, 0,

bX509PriKeyHeader.length);

System.arraycopy(bPriKeyInput, 0, bPriKey, bX509PriKeyHeader.length,

bPriKeyInput.length);

 

PKCS8EncodedKeySpec rsaKeySpec = new PKCS8EncodedKeySpec(bPriKey);

KeyFactory keyFactory = KeyFactory.getInstance(“RSA”);

rsaPriKey = keyFactory.generatePrivate(rsaKeySpec);

}

catch (Exception e) {

e.printStackTrace();

}

return rsaPriKey;

}

 

/**

* 从文件里取得数据

* @param strFileName

* @param bFBytes

* @return

*/

int getBytesbyFileName(String strFileName, byte[] bFBytes) {

int fSize = 0;

try {

FileInputStream fIn = new FileInputStream(strFileName);

fSize = fIn.available();

System.out.print(“file’s size: “);

System.out.println(fSize);

fSize = fIn.read(bFBytes);

fIn.close();

}

catch (Exception e) {

e.printStackTrace();

}

return fSize;

}

 

/**

* 公钥加密

* @param bKey

* @return

*/

byte[] rsaPubKeyEncrypt(byte[] bKey) {

try {

// Provider prvd = Security.getProvider(“BouncyCastle”);

javax.crypto.Cipher rsaPKenc = javax.crypto.Cipher.getInstance(

“RSA/ECB/PKCS1Padding”);

rsaPKenc.init(javax.crypto.Cipher.ENCRYPT_MODE, rsaPubKey);

bEncryptedData = rsaPKenc.doFinal(bKey);

}

catch (Exception e) {

e.printStackTrace();

}

return bEncryptedData;

}

 

/**

* 私钥解密

* @param bEncryptedKey

* @return

*/

byte[] rsaPriKeyDecrypt(byte[] bEncryptedKey) {

try {

javax.crypto.Cipher rsaSKDec = javax.crypto.Cipher.getInstance(

“RSA/ECB/PKCS1Padding”);

rsaSKDec.init(javax.crypto.Cipher.DECRYPT_MODE, rsaPriKey);

byte[] bDecrypt = rsaSKDec.doFinal(bEncryptedKey);

// System.out.println(“rsa decrypted result[before clean]:”);

// for (int i = 0; i < bDecrypt.length; i++) {

// System.out.print(bDecrypt[i] + ” “);

// }

// System.out.println();

 

int i = 0;

// for (i = bDecrypt.length; i > 1; i–) {

// if (bDecrypt[i-1] == 0) {

// System.out.println(“i=” + i);

// break;

// }

// } //for

bDecryptedData = new byte[bDecrypt.length – i];

System.arraycopy(bDecrypt, i, bDecryptedData, 0, bDecrypt.length – i);

}

catch (Exception e) {

e.printStackTrace();

}

return bDecryptedData;

}

 

public static void main(String[] args) {

RsaKeyGen rsaKeyGen1 = new RsaKeyGen();

 

// rsaKeyGen1.generateRsaKeyPair();

 

// byte[] bPubKey = new byte[140];

// int len = rsaKeyGen1.getBytesbyFileName(“pubkey.key”, bPubKey);

// rsaKeyGen1.getRsaPubKey(bPubKey);

 

byte[] bPriKey = new byte[607];

int len2 = rsaKeyGen1.getBytesbyFileName(“prikey.key”, bPriKey);

rsaKeyGen1.getRsaPriKey(bPriKey);

// byte[] bKey = {

// 1, 2, 3, 4, 5, 6, 7, 8};

// //encrypt:

// byte[] bEncKey = rsaKeyGen1.rsaPubKeyEncrypt(bKey);

// System.out.println(“rsa encrypted result:”);

// for (int i = 0; i < bEncKey.length; i++) {

// System.out.print(bEncKey[i] + ” “);

// }

// System.out.println();

 

byte[] bEncKey = new byte[128];

int len0 = rsaKeyGen1.getBytesbyFileName(“ucKey.data”, bEncKey);

byte[] bDecKey = rsaKeyGen1.rsaPriKeyDecrypt(bEncKey);

System.out.println(“rsa decrypted result:”);

for (int i = 0; i < bDecKey.length; i++) {

System.out.print(bDecKey[i] + ” “);

}

System.out.println();

}

 

PublicKey rsaPubKey;

PrivateKey rsaPriKey;

byte[] bEncryptedData;

byte[] bDecryptedData;

}

SSL证书采用了技术含量比较高的加密技术。日后GDCA（）将会持续为大家推荐更多关于SSL证书的技术知识。让大家正确认识SSL证书，快速无误部署HTTPS安全协议。更多资讯，请关注GDCA。