diff --git a/app/src/main/java/com/ervin/mvp/utils/KeyStoreEncryption.java b/app/src/main/java/com/ervin/mvp/utils/KeyStoreEncryption.java new file mode 100644 index 0000000..0cbec07 --- /dev/null +++ b/app/src/main/java/com/ervin/mvp/utils/KeyStoreEncryption.java @@ -0,0 +1,129 @@ +package com.ervin.mvp.utils; + +import android.content.Context; +import android.security.KeyPairGeneratorSpec; +import android.security.keystore.KeyProperties; +import android.util.Base64; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.math.BigInteger; +import java.security.InvalidAlgorithmParameterException; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.Calendar; + +import javax.crypto.Cipher; +import javax.crypto.CipherInputStream; +import javax.crypto.CipherOutputStream; +import javax.security.auth.x500.X500Principal; + +/** + * Created by Ervin on 2018/1/30. + * + * android keystore 特别适合用来存储运行时数据比如(账户密码,token),动态生成密钥,使用公钥给数据加密,用私钥解密 + */ + +public class KeyStoreEncryption { + + public static void createNewKeys(String alias,Context context){ + + Calendar start = Calendar.getInstance(); + Calendar end = Calendar.getInstance(); + end.add(Calendar.YEAR, 1); + try { + KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) + .setAlias(alias) + .setSubject(new X500Principal("CN=Gyenno, OU=Gyenno, O=Gyenno, L=ShenZheng, ST=GuangDong, C=CN")) + .setSerialNumber(BigInteger.ONE) + .setStartDate(start.getTime()) + .setEndDate(end.getTime()) + .build(); + KeyPairGenerator generator = KeyPairGenerator.getInstance(KeyProperties.KEY_ALGORITHM_EC, "AndroidKeyStore"); + generator.initialize(spec); + + generator.generateKeyPair(); + + + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } catch (NoSuchProviderException e) { + e.printStackTrace(); + } catch (InvalidAlgorithmParameterException e) { + e.printStackTrace(); + } + } + + /** + * 加密 + * @param alias + * @param data + */ + public byte[] encryptString(String alias,String data){ + byte[] encryptByte = new byte[16]; + try { + KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); + keyStore.load(null); + KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null); + RSAPublicKey publicKey = (RSAPublicKey) privateKeyEntry.getCertificate().getPublicKey(); + + + Cipher input = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL"); + input.init(Cipher.ENCRYPT_MODE, publicKey); + + ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); + CipherOutputStream cipherOutputStream = new CipherOutputStream( + outputStream, input); + cipherOutputStream.write(data.getBytes("UTF-8")); + cipherOutputStream.close(); + + encryptByte = outputStream.toByteArray(); + } catch (Exception e) { + + } + return encryptByte; + } + + /** + * 解密 + * @param alias + */ + public String decryptString(String alias,String encryptData) { + String decryData = ""; + try { + KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore"); + keyStore.load(null); + KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry)keyStore.getEntry(alias, null); + RSAPrivateKey privateKey = (RSAPrivateKey) privateKeyEntry.getPrivateKey(); + + Cipher output = Cipher.getInstance("RSA/ECB/PKCS1Padding", "AndroidOpenSSL"); + output.init(Cipher.DECRYPT_MODE, privateKey); + + CipherInputStream cipherInputStream = new CipherInputStream( + new ByteArrayInputStream(Base64.decode(encryptData, Base64.DEFAULT)), output); + ArrayList values = new ArrayList<>(); + int nextByte; + while ((nextByte = cipherInputStream.read()) != -1) { + values.add((byte)nextByte); + } + + byte[] bytes = new byte[values.size()]; + for(int i = 0; i < bytes.length; i++) { + bytes[i] = values.get(i).byteValue(); + } + + decryData = new String(bytes, 0, bytes.length, "UTF-8"); + + + + } catch (Exception e) { + + } + return decryData; + } +}