RSA加密数据量小,速度慢,是非对称加密。
DES加密数据量大,速度快,是对称加密。
为了实现非对称大数据量加密,可以结合DES和RSA的方式。加密时,先把数据用DES加密,再用RSA将DES的密钥加密(生成一个小的额外文件)。解密时,先用RSA得出DES的密钥,再把数据用DES解密。
为了方便简洁明了,DES中的IV就用KEY。
具体实现:
require 'openssl' KEY= 'zycjwdss' #IV = 'zycjwdss' PUBLICKEY = '-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAM1w2GKYGcb1UQwLtRxMCbPFK/hadrrOiJRzeImmTHTnVKL1iftcmPfG 0ATk37x4Qdr7jJ93ZW2u5nKlQoy8jyVUxQjN5DU7jKzUce2Mh+bbZ8pYeLrLF3xj YUpym+fIA/xt+wf26o0Z/rDvs4IKuANc0hGtK/8R62ne3I2ew89tAgMBAAE= -----END RSA PUBLIC KEY-----' PRIVATEKEY = '-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDNcNhimBnG9VEMC7UcTAmzxSv4Wna6zoiUc3iJpkx051Si9Yn7 XJj3xtAE5N+8eEHa+4yfd2VtruZypUKMvI8lVMUIzeQ1O4ys1HHtjIfm22fKWHi6 yxd8Y2FKcpvnyAP8bfsH9uqNGf6w77OCCrgDXNIRrSv/Eetp3tyNnsPPbQIDAQAB AoGBAJnVcBKT9mlm9KNieOGRhopYkI5Nny5OzTLsLExWfFXlixjjZ8kTE3AmLUoc 3/RO0HFbf3dBfm/dUa5zVRvxbfWbsoKUt++bNLdXDMG28mOb9CZ+zLNrgzpQ8+0T M6NIJGNbCWZSY15JBaDUSoCOE4UEbOuGfrlrsvxetCv/eL3BAkEA+GQiFMzV45/s X1UhoA2bYaIMzv5mukY4XvRKqJh2R9jSWAPa5w84n/prAEEO9cUdaAkGFfTN7Cgw bZsw8i2YWQJBANO75fx8usDe9MqvbnmTekxWRPySKB6uCJlhMEmLotnYCPvzmcxQ TcQafH23ziEqbblY+3bHA7AQM0nV9XB0zTUCQDBhaJX+k8ajVqn27fa7z8EDjFUh DidIGCC+mnAeSiOSYt4L2i5ZM6FNaFwDUAOk4iZqY4oRRa6y4UPoD2+MW/kCQAUp qbv0VqFpTlK64Fi6jdrap6f48F1/JNqIkiLY8smZCO8Ly449zwefFbYDC1WnsTE5 yDfnNmHOo1GDlA5/6pkCQCWj+YUSwE8GgvjDCCEs6URWiikc/CW/zVYNG9FtzjWu ZefzMEQdOKz6y8q0OXYBpHX0VpIX5OTImz3SgS4pMaM= -----END RSA PRIVATE KEY-----' class Mycipher #得出一对RSA密钥 def self.get_rsa_key rsa = OpenSSL::PKey::RSA.new(1024) # public_key only can public_encrypt or public_decrypt no private_encrypt nor private_decrypt #rsa.public_key.to_pem the class of return value is String [rsa.public_key.to_pem, rsa.to_pem] end #用私钥加密 def self.rsa_private_encrypt(value, rsakey) rsa = OpenSSL::PKey::RSA.new(rsakey) rsa.private_encrypt(value) end #用私钥解密 unused def self.rsa_private_decrypt(value, rsakey) rsa = OpenSSL::PKey::RSA.new(rsakey) rsa.private_decrypt(value) end #用公钥加密 unused def self.rsa_public_encrypt(value, publickey) rsa = OpenSSL::PKey::RSA.new(publickey) rsa.public_encrypt(value) end #用公钥解密 def self.rsa_public_decrypt(value, publickey) rsa = OpenSSL::PKey::RSA.new(publickey) rsa.public_decrypt(value) end #DES加密 def self.des_encrypt(text, key, iv) c = OpenSSL::Cipher::Cipher.new('DES-CBC') c.encrypt c.key = key c.iv = iv ret = c.update(text) ret << c.final return ret end #DES解密 def self.des_decrypt(encrypt_value, key, iv) c = OpenSSL::Cipher::Cipher.new('DES-CBC') c.decrypt c.key = key c.iv = iv ret = c.update(encrypt_value) ret << c.final return ret end #将文件读为byte型string def self.filetostring filepath f = File.open filepath, 'rb' text = f.read f.close return text end #将byte型string转成文件 def self.stringtofile filepath, string f = File.open filepath, 'wb' f.print string f.close end #将DES的KEY用RSA私钥加密后转成文件 def self.keytopefile filepath, key pe = rsa_private_encrypt key, PRIVATEKEY stringtofile filepath, pe end #将文件用RSA公钥解密后读出DES的KEY def self.pefiletokey filepath pe = filetostring filepath orikey = rsa_public_decrypt pe, PUBLICKEY return orikey end #加密文件(主要方法) def self.encode filepath text = filetostring filepath en = des_encrypt text, KEY, KEY stringtofile filepath, en keytopefile filepath + '.pefile', KEY end #解密文件(主要方法) def self.decode filepath key = pefiletokey filepath + '.pefile' en = filetostring filepath text = des_decrypt en, key, key stringtofile filepath, text end end
使用时,先生成一对RSA的publickey和privatekey。
加密端只需要DES的KEY(可临时生成),privatekey和encode:
require 'openssl' KEY= 'zycjwdss' #IV = 'zycjwdss' PRIVATEKEY = '-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQDNcNhimBnG9VEMC7UcTAmzxSv4Wna6zoiUc3iJpkx051Si9Yn7 XJj3xtAE5N+8eEHa+4yfd2VtruZypUKMvI8lVMUIzeQ1O4ys1HHtjIfm22fKWHi6 yxd8Y2FKcpvnyAP8bfsH9uqNGf6w77OCCrgDXNIRrSv/Eetp3tyNnsPPbQIDAQAB AoGBAJnVcBKT9mlm9KNieOGRhopYkI5Nny5OzTLsLExWfFXlixjjZ8kTE3AmLUoc 3/RO0HFbf3dBfm/dUa5zVRvxbfWbsoKUt++bNLdXDMG28mOb9CZ+zLNrgzpQ8+0T M6NIJGNbCWZSY15JBaDUSoCOE4UEbOuGfrlrsvxetCv/eL3BAkEA+GQiFMzV45/s X1UhoA2bYaIMzv5mukY4XvRKqJh2R9jSWAPa5w84n/prAEEO9cUdaAkGFfTN7Cgw bZsw8i2YWQJBANO75fx8usDe9MqvbnmTekxWRPySKB6uCJlhMEmLotnYCPvzmcxQ TcQafH23ziEqbblY+3bHA7AQM0nV9XB0zTUCQDBhaJX+k8ajVqn27fa7z8EDjFUh DidIGCC+mnAeSiOSYt4L2i5ZM6FNaFwDUAOk4iZqY4oRRa6y4UPoD2+MW/kCQAUp qbv0VqFpTlK64Fi6jdrap6f48F1/JNqIkiLY8smZCO8Ly449zwefFbYDC1WnsTE5 yDfnNmHOo1GDlA5/6pkCQCWj+YUSwE8GgvjDCCEs6URWiikc/CW/zVYNG9FtzjWu ZefzMEQdOKz6y8q0OXYBpHX0VpIX5OTImz3SgS4pMaM= -----END RSA PRIVATE KEY-----' class Mycipher def self.rsa_private_encrypt(value, rsakey) rsa = OpenSSL::PKey::RSA.new(rsakey) rsa.private_encrypt(value) end def self.des_encrypt(text, key, iv) c = OpenSSL::Cipher::Cipher.new('DES-CBC') c.encrypt c.key = key c.iv = iv ret = c.update(text) ret << c.final return ret end def self.filetostring filepath f = File.open filepath, 'rb' text = f.read f.close return text end def self.stringtofile filepath, string f = File.open filepath, 'wb' f.print string f.close end def self.keytopefile filepath, key pe = rsa_private_encrypt key, PRIVATEKEY stringtofile filepath, pe end def self.encode filepath text = filetostring filepath en = des_encrypt text, KEY, KEY stringtofile filepath, en keytopefile filepath + '.pefile', KEY end end
解密端只需要publickey和decode:
require 'openssl' PUBLICKEY = '-----BEGIN RSA PUBLIC KEY----- MIGJAoGBAM1w2GKYGcb1UQwLtRxMCbPFK/hadrrOiJRzeImmTHTnVKL1iftcmPfG 0ATk37x4Qdr7jJ93ZW2u5nKlQoy8jyVUxQjN5DU7jKzUce2Mh+bbZ8pYeLrLF3xj YUpym+fIA/xt+wf26o0Z/rDvs4IKuANc0hGtK/8R62ne3I2ew89tAgMBAAE= -----END RSA PUBLIC KEY-----' class Mycipher def self.rsa_public_decrypt(value, publickey) rsa = OpenSSL::PKey::RSA.new(publickey) rsa.public_decrypt(value) end def self.des_decrypt(encrypt_value, key, iv) c = OpenSSL::Cipher::Cipher.new('DES-CBC') c.decrypt c.key = key c.iv = iv ret = c.update(encrypt_value) ret << c.final return ret end def self.filetostring filepath f = File.open filepath, 'rb' text = f.read f.close return text end def self.stringtofile filepath, string f = File.open filepath, 'wb' f.print string f.close end def self.pefiletokey filepath pe = filetostring filepath orikey = rsa_public_decrypt pe, PUBLICKEY return orikey end def self.decode filepath key = pefiletokey filepath + '.pefile' en = filetostring filepath text = des_decrypt en, key, key stringtofile filepath, text end end
经测试
Mycipher.encode 'D:\\code.doc'
Mycipher.decode 'D:\\code.doc'
结果正确。
在lib中新建文件夹cipher,把以上文件放进去。
在lib中新建文件mycipherext.rb
#Input next line in application.rb #include Mycipherext #And input next line in class which you want to use Mycipher #require_mycipher_ext # #Input next line to encode a file, with generate a .pefile file(Notice:This will change the original file) #Mycipher.encode 'D:\\code.doc' #Input next line to decode a file, by using a .pefile file(Notice:This will change the original file) #Mycipher.decode 'D:\\code.doc' # #Author: zzqwdss module Mycipherext def require_mycipher_ext Dir["#{RAILS_ROOT}/lib/cipher/*.rb"].each do |f| require_dependency f end end end Object.instance_eval { include Mycipherext }
mycipher.rar