Compare commits
3 Commits
9afd630885
...
f37dce7ddf
| Author | SHA1 | Date |
|---|---|---|
 xyiege
|
f37dce7ddf | 2 weeks ago |
|
xyiege
|
cbf47ac64d | 2 weeks ago |
|
xyiege
|
c23dc2d768 | 2 weeks ago |
8 changed files with 368 additions and 8 deletions
@ -0,0 +1,101 @@ |
|||
package crypto |
|||
|
|||
import ( |
|||
"fmt" |
|||
"os" |
|||
) |
|||
|
|||
// 示例:生成密钥对并存入文件
|
|||
func ExampleGenerateAndSaveKeys() { |
|||
// 密钥位数
|
|||
bits := 2048 |
|||
// 用户密码(实际应用中应该从用户输入获取)
|
|||
password := "your_secure_password" |
|||
// 密钥文件保存路径
|
|||
privateKeyPath := "private.pem" |
|||
publicKeyPath := "public.pem" |
|||
|
|||
// 生成并保存密钥对
|
|||
err := GenerateAndSaveKeysWithPassword(bits, password, privateKeyPath, publicKeyPath) |
|||
if err != nil { |
|||
fmt.Printf("生成密钥失败: %v\n", err) |
|||
return |
|||
} |
|||
|
|||
fmt.Println("密钥生成和保存成功!") |
|||
} |
|||
|
|||
// 示例:读取并解密私钥
|
|||
func ExampleReadAndDecryptPrivateKey() { |
|||
// 密码和文件路径
|
|||
password := "your_secure_password" |
|||
privateKeyPath := "private.pem" |
|||
|
|||
// 读取加密的私钥文件
|
|||
data, err := os.ReadFile(privateKeyPath) |
|||
if err != nil { |
|||
fmt.Printf("读取私钥文件失败: %v\n", err) |
|||
return |
|||
} |
|||
|
|||
// 解密私钥
|
|||
privateKey, err := DecryptPrivateKey(data, password) |
|||
if err != nil { |
|||
fmt.Printf("解密私钥失败: %v\n", err) |
|||
return |
|||
} |
|||
|
|||
fmt.Println("私钥解密成功!") |
|||
fmt.Printf("私钥模数长度: %d 位\n", privateKey.N.BitLen()) |
|||
} |
|||
|
|||
// 主函数示例(如果单独运行这个文件)
|
|||
func ExampleMain() { |
|||
// 生成密钥对
|
|||
ExampleGenerateAndSaveKeys() |
|||
|
|||
// 读取并解密私钥
|
|||
ExampleReadAndDecryptPrivateKey() |
|||
} |
|||
|
|||
/* |
|||
使用说明: |
|||
|
|||
1. 生成密钥对: |
|||
- 调用GenerateAndSaveKeysWithPassword函数 |
|||
- 参数:密钥位数(通常2048或4096)、保护私钥的密码、私钥保存路径、公钥保存路径 |
|||
|
|||
2. 读取并解密私钥: |
|||
- 读取私钥文件 |
|||
- 调用DecryptPrivateKey函数用密码解密 |
|||
|
|||
3. 注意事项: |
|||
- 密码应足够复杂且安全存储 |
|||
- 私钥文件应妥善保管,建议设置严格的文件权限 |
|||
- 密钥位数推荐使用2048位以上以保证安全性 |
|||
|
|||
示例代码: |
|||
|
|||
package main |
|||
|
|||
import ( |
|||
"fmt" |
|||
"your_project/crypto" |
|||
) |
|||
|
|||
func main() { |
|||
// 生成密钥对
|
|||
bits := 2048 |
|||
password := "your_secure_password" |
|||
privateKeyPath := "private.pem" |
|||
publicKeyPath := "public.pem" |
|||
|
|||
err := crypto.GenerateAndSaveKeysWithPassword(bits, password, privateKeyPath, publicKeyPath) |
|||
if err != nil { |
|||
fmt.Printf("错误: %v\n", err) |
|||
return |
|||
} |
|||
|
|||
fmt.Println("密钥生成完成!") |
|||
} |
|||
*/ |
|||
@ -0,0 +1,191 @@ |
|||
package crypto |
|||
|
|||
import ( |
|||
"crypto/rand" |
|||
"crypto/rsa" |
|||
"crypto/x509" |
|||
"encoding/pem" |
|||
"errors" |
|||
"fmt" |
|||
|
|||
"golang.org/x/crypto/bcrypt" |
|||
|
|||
"os" |
|||
) |
|||
|
|||
// KeyPair 表示生成的密钥对
|
|||
type KeyPair struct { |
|||
PrivateKey *rsa.PrivateKey |
|||
PublicKey *rsa.PublicKey |
|||
} |
|||
|
|||
// GenerateRSAKeyPair 生成指定位数的RSA密钥对
|
|||
func GenerateRSAKeyPair(bits int) (*KeyPair, error) { |
|||
// 生成RSA私钥
|
|||
privateKey, err := rsa.GenerateKey(rand.Reader, bits) |
|||
if err != nil { |
|||
return nil, fmt.Errorf("生成RSA密钥失败: %v", err) |
|||
} |
|||
|
|||
// 验证私钥
|
|||
err = privateKey.Validate() |
|||
if err != nil { |
|||
return nil, fmt.Errorf("验证RSA密钥失败: %v", err) |
|||
} |
|||
|
|||
// 获取公钥
|
|||
publicKey := &privateKey.PublicKey |
|||
|
|||
return &KeyPair{ |
|||
PrivateKey: privateKey, |
|||
PublicKey: publicKey, |
|||
}, nil |
|||
} |
|||
|
|||
// EncryptPrivateKey 使用密码加密私钥
|
|||
func EncryptPrivateKey(privateKey *rsa.PrivateKey, password string) ([]byte, error) { |
|||
if password == "" { |
|||
return nil, errors.New("密码不能为空") |
|||
} |
|||
|
|||
// 将私钥转换为PKCS#1格式
|
|||
privDER := x509.MarshalPKCS1PrivateKey(privateKey) |
|||
|
|||
// 使用密码加密私钥
|
|||
block, err := x509.EncryptPEMBlock( |
|||
rand.Reader, |
|||
"RSA PRIVATE KEY", |
|||
privDER, |
|||
[]byte(password), |
|||
x509.PEMCipherAES256, |
|||
) |
|||
if err != nil { |
|||
return nil, fmt.Errorf("加密私钥失败: %v", err) |
|||
} |
|||
|
|||
// 将加密后的私钥转换为PEM格式
|
|||
encprivPEM := pem.EncodeToMemory(block) |
|||
|
|||
return encprivPEM, nil |
|||
} |
|||
|
|||
// ExportPublicKey 将公钥导出为PEM格式
|
|||
func ExportPublicKey(publicKey *rsa.PublicKey) ([]byte, error) { |
|||
// 将公钥转换为DER格式
|
|||
pubDER, err := x509.MarshalPKIXPublicKey(publicKey) |
|||
if err != nil { |
|||
return nil, fmt.Errorf("编码公钥失败: %v", err) |
|||
} |
|||
|
|||
// 创建PEM块
|
|||
block := &pem.Block{ |
|||
Type: "RSA PUBLIC KEY", |
|||
Bytes: pubDER, |
|||
} |
|||
|
|||
// 将公钥转换为PEM格式
|
|||
pubPEM := pem.EncodeToMemory(block) |
|||
|
|||
return pubPEM, nil |
|||
} |
|||
|
|||
// HashPassword 对密码进行哈希处理
|
|||
func HashPassword(password string) (string, error) { |
|||
hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) |
|||
if err != nil { |
|||
return "", err |
|||
} |
|||
return string(hash), nil |
|||
} |
|||
|
|||
// CheckPasswordHash 验证密码是否与哈希值匹配
|
|||
func CheckPasswordHash(password, hash string) bool { |
|||
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) |
|||
return err == nil |
|||
} |
|||
|
|||
// GenerateKeysWithPassword 生成加密的密钥对,返回公钥和加密后的私钥
|
|||
func GenerateKeysWithPassword(bits int, password string) (publicKeyPEM []byte, encryptedPrivateKeyPEM []byte, err error) { |
|||
// 生成密钥对
|
|||
keyPair, err := GenerateRSAKeyPair(bits) |
|||
if err != nil { |
|||
return nil, nil, err |
|||
} |
|||
|
|||
// 加密私钥
|
|||
encryptedPrivateKeyPEM, err = EncryptPrivateKey(keyPair.PrivateKey, password) |
|||
if err != nil { |
|||
return nil, nil, err |
|||
} |
|||
|
|||
// 导出公钥
|
|||
publicKeyPEM, err = ExportPublicKey(keyPair.PublicKey) |
|||
if err != nil { |
|||
return nil, nil, err |
|||
} |
|||
|
|||
return publicKeyPEM, encryptedPrivateKeyPEM, nil |
|||
} |
|||
|
|||
// DecryptPrivateKey 使用密码解密私钥
|
|||
func DecryptPrivateKey(encryptedPrivateKeyPEM []byte, password string) (*rsa.PrivateKey, error) { |
|||
if password == "" { |
|||
return nil, errors.New("密码不能为空") |
|||
} |
|||
|
|||
// 解码PEM块
|
|||
block, _ := pem.Decode(encryptedPrivateKeyPEM) |
|||
if block == nil { |
|||
return nil, errors.New("无法解码PEM块") |
|||
} |
|||
|
|||
// 解密私钥
|
|||
decryptedDER, err := x509.DecryptPEMBlock(block, []byte(password)) |
|||
if err != nil { |
|||
return nil, fmt.Errorf("解密私钥失败: %v", err) |
|||
} |
|||
|
|||
// 解析私钥
|
|||
privateKey, err := x509.ParsePKCS1PrivateKey(decryptedDER) |
|||
if err != nil { |
|||
return nil, fmt.Errorf("解析私钥失败: %v", err) |
|||
} |
|||
|
|||
return privateKey, nil |
|||
} |
|||
|
|||
// SaveKeyToFile 将密钥数据保存到指定文件
|
|||
func SaveKeyToFile(filePath string, keyData []byte) error { |
|||
// 写入文件
|
|||
err := os.WriteFile(filePath, keyData, 0600) // 仅用户可读写权限
|
|||
if err != nil { |
|||
return fmt.Errorf("保存密钥到文件失败: %v", err) |
|||
} |
|||
|
|||
fmt.Printf("密钥已成功保存到: %s\n", filePath) |
|||
return nil |
|||
} |
|||
|
|||
// GenerateAndSaveKeysWithPassword 生成密钥对并用密码保护私钥,然后保存到文件
|
|||
func GenerateAndSaveKeysWithPassword(bits int, password, privateKeyPath, publicKeyPath string) error { |
|||
// 生成密钥对
|
|||
publicKeyPEM, encryptedPrivateKeyPEM, err := GenerateKeysWithPassword(bits, password) |
|||
if err != nil { |
|||
return err |
|||
} |
|||
|
|||
// 保存公钥到文件
|
|||
err = SaveKeyToFile(publicKeyPath, publicKeyPEM) |
|||
if err != nil { |
|||
return err |
|||
} |
|||
|
|||
// 保存加密后的私钥到文件
|
|||
err = SaveKeyToFile(privateKeyPath, encryptedPrivateKeyPEM) |
|||
if err != nil { |
|||
return err |
|||
} |
|||
|
|||
fmt.Println("密钥对已成功生成并保存!") |
|||
return nil |
|||
} |
|||
@ -0,0 +1,30 @@ |
|||
-----BEGIN RSA PRIVATE KEY----- |
|||
Proc-Type: 4,ENCRYPTED |
|||
DEK-Info: AES-256-CBC,60c8623b1977ed9926f090a559fefbb7 |
|||
|
|||
EXkcUgG90PRmUMzWCc9tYhVV/FclX0Kgbnaaj++ssUVLfHqo7ktrQ757VGLuJ2zC |
|||
Sr6Gi88jxRJq98i6gCe4EzL0Q1I7pzqlH3bGxervnCtX9nbDiA4UKpDDQ/nsDuBp |
|||
fzyTtwx3xu7MXxQX54XADexcfX4kP08h4LJoPJbnRk9dvEI29TUAmwX9vCyCZVec |
|||
DE1kYQOLDzJvX4sKMsCiKzjTQwl46LdYHdn3wYzETnmR3/0dIzDLldWt9TZuYue4 |
|||
/lpUdtVY2DGC2+2y9jvNlos9vpsZ2FyUi+M0NICmtkiPoqXzqhuPewwZ+hCw3rbe |
|||
p/Q12NiMcnX+0cWwNqgZjDgwUOM+b8UW4pYNYlFzzhBBFA88EI4QGJLHM2ougTS2 |
|||
9gXrIOwknRdnvIuUzuf7UIJ7s2C6tIhKQyyMbdzZ2tQQQ7ei+S7EpY6fHJ5OfYfK |
|||
5KbjuneZV/8eCoT97KInTKqMpT57cFVNHzLlri+9kXPpY6HAl+L8Qp7IhAjfDnp7 |
|||
jElgWPaNcuuR4wYJY6ehNBFQ0Hp8SgduquATVf8FssrM4eTyirBsBrMYSbwl3FGZ |
|||
H6BuksvCqq31M/k1EscSbGrb99MokMsQTUeNbY438QvukRi6oowXuriqiQwXhgOl |
|||
4Xc8AIxeE79dDfPPskbhGWgBxztolrHEpE2Ttdxa/4q95sMHhEqPDtLYri6immqk |
|||
WHcly5tlAtA/JiEAxC2dwDL4vkdB0s92+wCXt5HOlkGqXLLkkE9ST+mwpGGwCk/9 |
|||
BI65vh87ME/dBCPNfNCK7iKU2E1cRjJmpgD+dowCwH4g8QmIj73t1pZtY6XiWdx3 |
|||
5797R8cA62HItmGw05/Ab9niFkecJYhDWM+N7iqLHadhtTubwCkOIE7PkBjuWsL/ |
|||
zTj3RlyGxELwokJ6qeC93Zg/OzKGFCdLMHEkD1RIrglYOGBLO1NovFzPHFav8rkB |
|||
jEkl4GsQX6OzeImlDOCkx0YH1ron8lydBTY2ohhtwJkn2MDlEa3CYC/yz9IqzzkI |
|||
fMBqFpVe/Ehy2ekuRYen5LRBaDG1DhHeCByr00+q7liCqm47bALsiS7O0d8W6mEw |
|||
UNr5GkHPCsxq3fk0zw2OuR6txfmCP/tF8jC/SLpZdTv7+sQIqDq5qkcand5nzkT4 |
|||
o2Laz6Z5zKj0zwBQ983NQm4Ikz4uJ/eL0vxZ2CtmLi381r1bhWDNyz3KhGbGG7U/ |
|||
qfE5sTdS3FaFAT8rrsgUb7pwNX2p9jYkn/KKy9Qp1fCFavdSmN/W0JBSH/3zGMCI |
|||
346tShf5D7ZF2Wo9Jn1PKP+YLG1zo5f9KUa28sGgCtly1TJlCSsHC7dOVoVg8s6A |
|||
mRDlmE+/xL4AgPLVmupUvNn8uW+Y8iNnlZpmtsSvsIv0p2Xj5T/UZPUQZ3FR8YyB |
|||
7CiUOTCq/goUIqv3SnpK7prQ31Uxj13UbiAIZGOVjkkSRlC/eX4oYuxCM+iMFzd4 |
|||
XkH6hVOh67AFU/wri1vzQfCfL78XomlMc+nYviI5dwbO/5uSv5bqEThkFO/9arAt |
|||
SVshbq1c5hhFRHE4BuIRTobaJLMJcrWwSyfodAxYWpLpY4BVnO/b8Uc+fRVEnvmG |
|||
-----END RSA PRIVATE KEY----- |
|||
@ -0,0 +1,9 @@ |
|||
-----BEGIN RSA PUBLIC KEY----- |
|||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvWKj7FVU7KtUUWWeV53K |
|||
a1t538iiydZI2VEkRSsXt3LIi6j94PsdOmS8e6ZyByGj0T+deVVEdqO7pvJTlZCt |
|||
R5z2gut3Z/heG1SF0o5i6YfZvfeyeNWrW6TVQCy+FCweVA6Zlh1QiLubAfYFclTm |
|||
5wdF+suZHSnXS1reborotzRGZzq86XEluIQufdvfk55ixY8R/bdoaR4G/SvNzU+2 |
|||
uBYjOxlBbgtnHmPxs3bAk2wCnPunfjlWw0ngk8UVw7XrAdrIwMItpj4Y0iKUsr5Z |
|||
CVpheVmHNfjH8oyio/aERdSXnsM4GksFgOlA9wKQ6opwfQSMhH0mMNThpqzKx/Xt |
|||
0wIDAQAB |
|||
-----END RSA PUBLIC KEY----- |
|||
Loading…
Reference in new issue