openresty中使用私钥/公钥进行加密/解密/签名/验签。
Posted Dreamer。
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openresty中使用私钥/公钥进行加密/解密/签名/验签。相关的知识,希望对你有一定的参考价值。
对于公钥私钥的提取,详细请看http://www.cnblogs.com/dreamer-One/p/5621134.html
另外付在线加解密工具链接:http://tool.chacuo.net/cryptrsaprikey
--公钥
local RSA_PUBLIC_KEY = [[
-----BEGIN RSA PUBLIC KEY-----
MIGJAoGBAJ9YqFCTlhnmTYNCezMfy7yb7xwAzRinXup1Zl51517rhJq8W0wVwNt+
mcKwRzisA1SIqPGlhiyDb2RJKc1cCNrVNfj7xxOKCIihkIsTIKXzDfeAqrm0bU80
BSjgjj6YUKZinUAACPoao8v+QFoRlXlsAy72mY7ipVnJqBd1AOPVAgMBAAE=
-----END RSA PUBLIC KEY-----
]]
--私钥
local RSA_PRIV_KEY = [[
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCfWKhQk5YZ5k2DQnszH8u8m+8cAM0Yp17qdWZedede64SavFtM
FcDbfpnCsEc4rANUiKjxpYYsg29kSSnNXAja1TX4+8cTigiIoZCLEyCl8w33gKq5
tG1PNAUo4I4+mFCmYp1AAAj6GqPL/kBaEZV5bAMu9pmO4qVZyagXdQDj1QIDAQAB
AoGBAJega3lRFvHKPlP6vPTm+p2c3CiPcppVGXKNCD42f1XJUsNTHKUHxh6XF4U0
7HC27exQpkJbOZO99g89t3NccmcZPOCCz4aN0LcKv9oVZQz3Avz6aYreSESwLPqy
AgmJEvuVe/cdwkhjAvIcbwc4rnI3OBRHXmy2h3SmO0Gkx3D5AkEAyvTrrBxDCQeW
S4oI2pnalHyLi1apDI/Wn76oNKW/dQ36SPcqMLTzGmdfxViUhh19ySV5id8AddbE
/b72yQLCuwJBAMj97VFPInOwm2SaWm3tw60fbJOXxuWLC6ltEfqAMFcv94ZT/Vpg
nv93jkF9DLQC/CWHbjZbvtYTlzpevxYL8q8CQHiAKHkcopR2475f61fXJ1coBzYo
suAZesWHzpjLnDwkm2i9D1ix5vDTVaJ3MF/cnLVTwbChLcXJSVabDi1UrUcCQAmn
iNq6/mCoPw6aC3X0Uc3jEIgWZktoXmsI/jAWMDw/5ZfiOO06bui+iWrD4vRSoGH9
G2IpDgWic0Uuf+dDM6kCQF2/UbL6MZKDC4rVeFF3vJh7EScfmfssQ/eVEz637N06
2pzSvvB4xq6Gt9VwoGVNsn5r/K6AbT+rmewW57Jo7pg=
-----END RSA PRIVATE KEY-----
]]
--公钥加密
local resty_rsa = require "resty.rsa"
local pub, err = resty_rsa:new({ public_key = RSA_PUBLIC_KEY })
if not pub then
ngx.say("new rsa err: ", err)
return
end
local encrypted, err = pub:encrypt("hello")
if not encrypted then
ngx.say("failed to encrypt: ", err)
return
end
ngx.say("encrypted length: ", #encrypted)
--私钥解密
local priv, err = resty_rsa:new({ private_key = RSA_PRIV_KEY })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local decrypted = priv:decrypt(encrypted)
ngx.say(decrypted == "hello")
--私钥签名
local algorithm = "SHA"
local priv, err = resty_rsa:new({ private_key = RSA_PRIV_KEY, algorithm = algorithm })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local str = "hello"
local sig, err = priv:sign(str)
if not sig then
ngx.say("failed to sign:", err)
return
end
ngx.say("sig length: ", #sig)
--公钥验签
local pub, err = resty_rsa:new({ public_key = RSA_PUBLIC_KEY, algorithm = algorithm })
if not pub then
ngx.say("new rsa err: ", err)
return
end
local verify, err = pub:verify(str, sig)
if not verify then
ngx.say("verify err: ", err)
return
end
ngx.say(verify)
以上是关于openresty中使用私钥/公钥进行加密/解密/签名/验签。的主要内容,如果未能解决你的问题,请参考以下文章