当前位置：首页 > news >正文

golang非对称rsa加密实例

news 2026/5/13 2:12:16

生成私钥公钥

    // 1. 生成RSA私钥privateKey, err := rsa.GenerateKey(rand.Reader, rsaBits)if err != nil {panic("生成RSA私钥失败：" + err.Error())}// 2. 私钥转换为PEM格式并写入文件privateKeyPEM := &pem.Block{Type:  "RSA PRIVATE KEY",Bytes: x509.MarshalPKCS1PrivateKey(privateKey),}privateFile, err := os.Create("private.pem")if err != nil {panic("创建私钥文件失败：" + err.Error())}defer privateFile.Close()if err := pem.Encode(privateFile, privateKeyPEM); err != nil {panic("编码私钥失败：" + err.Error())}// 3. 从私钥提取公钥publicKey := &privateKey.PublicKey// 公钥转换为PEM格式并写入文件publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)if err != nil {panic("序列化公钥失败：" + err.Error())}publicKeyPEM := &pem.Block{Type:  "PUBLIC KEY",Bytes: publicKeyBytes,}publicFile, err := os.Create("public.pem")if err != nil {panic("创建公钥文件失败：" + err.Error())}defer publicFile.Close()if err := pem.Encode(publicFile, publicKeyPEM); err != nil {panic("编码公钥失败：" + err.Error())}println("RSA密钥生成成功！")println("私钥文件：private.pem（后端保管，禁止暴露）")println("公钥文件：public.pem（提供给前端）")

加密

    privatePemContent := gconv.Bytes(`-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMW6nIuSAQzEzK/rSdjxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PUBLIC KEY-----
`)password := "tyrtffdhfg34534"block, _ := pem.Decode(privatePemContent)if block == nil {notice.Write(r, notice.Error(notice.SystemError, "失败1"))}pub, err := x509.ParsePKIXPublicKey(block.Bytes)if err != nil {notice.Write(r, notice.Error(notice.SystemError, "失败2", err.Error()))}encryptedData, err := rsa.EncryptPKCS1v15(rand.Reader, pub.(*rsa.PublicKey), []byte(password))if err != nil {notice.Write(r, notice.Error(notice.SystemError, "失败3", err.Error()))}fmt.Print(base64.StdEncoding.EncodeToString(encryptedData))glog.Line(true).Error(r.GetCtx(), encryptedData)

解密

func initRsaPrivateKey() error {// 从配置中获取私钥文件的绝对路径privateKeyAbsPath := helper.CfgGetString(gctx.New(), "这里获取私钥的路径")// 读取私钥文件内容privateKeyBytes, err := os.ReadFile(privateKeyAbsPath)if err != nil {return errors.New("读取私钥文件失败")}// 解码PEM格式的私钥数据block, _ := pem.Decode(privateKeyBytes)if block == nil {return errors.New("解析PEM失败，私钥非标准PEM格式")}// 验证私钥类型是否为RSA私钥if block.Type != "RSA PRIVATE KEY" {return errors.New("私钥类型错误")}// 解析PKCS1格式的RSA私钥rsaPrivateKey, _ = x509.ParsePKCS1PrivateKey(block.Bytes)return nil
}// rsaDecrypt 使用RSA算法解密Base64编码的密文
// 参数:
//   cipherBase64: Base64编码的密文字符串
// 返回值:
//   string: 解密后的明文字符串
//   error: 错误信息，如果解密过程中出现错误则返回错误
func rsaDecrypt(cipherBase64 string) (string, error) {// 初始化RSA私钥，如果失败则记录日志并返回错误err := initRsaPrivateKey()if err != nil {glog.Line(true).Debug(gctx.New(), "获取秘钥失败", err)return "", err}// 将Base64编码的密文解码为字节切片ciphertextBytes, err := base64.StdEncoding.DecodeString(cipherBase64)if err != nil {glog.Line(true).Debug(gctx.New(), "base64decode数据失败", err)return "", err}// 使用RSA PKCS1v15方案进行解密plaintextBytes, err := rsa.DecryptPKCS1v15(rand.Reader, rsaPrivateKey, ciphertextBytes)if err != nil {glog.Line(true).Debug(gctx.New(), "解密失败", err)return "", err}// 将解密后的字节切片转换为字符串并返回return string(plaintextBytes), nil
}