在 Java 中生成 public 和私钥会生成所有密钥的相似开头,包括私钥和 public

Generating public and private keys in Java generates similar starts of all keys, both private and public

我正在使用 Java 生成两个 public / 私钥。再三,一而再再而三。每次都不一样。但他们总是以同样的方式开始。生成它们的哈希不同。

我开始明白这是从一开始就被编码的算法。但是,我认为我更希望第三方拥有尽可能少的信息,包括用于生成它们的信息。

sun.security.rsa.RSAPublicKeyImpl.writeReplace() 方法中,我可以看到包含的算法。

  1. 我理解他的public/私钥部分是可读的。我想知道它是什么。我怎样才能让所说的内容可见? Base64 解码开头没有任何可读的结果。

  2. 如何从 header 中删除此信息?后果是什么?它实际上仅供内部使用,因此我们可以在必要时对缺失的部分进行硬编码。

  3. 关于为什么默认包含此信息并且如此难以编码,还有其他想法吗? RsaPublicKey 是最终的。如果需要,我们应该能够以数学形式获得 public 密钥和私钥。 质数和指数。为什么包括所有这些废话?

我希望我们的系统不被泄露,包括 Java、Jetty、RSA、AES、DES 等等。

但首先,什么 这些 部分?

正在打印 public 键:

MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAopcFuEA6sraQ/U7ae77DBd9rFYDC5LhTn6B4hy/vecRB1Wyb44/HZxI4pUJgUZ+eUNtDucbxhc9vl9wC77MRJoyKV59M4sMjVMX3omhqvFcvKysktGhseRJsrfS/NIbL3JHDk1PC37c8m2xglnCvS8tK7nD8p4hVygj2jRCiHcLMasZ0m2ZB44t0Fc4zRp/Z5Gkj72tgke5iLmxoPjAJu+DS9/EUAck1jsEKWaDLFR7AWPKiMPysqIiiJi3Gy5ukOWhvb+T5dvFSCWKvFG9ftmyFPC4hqmjJGG8GsD4imA2HCSvpM+iLLJWYtZ7jzNQCNtIsU2kEogt4K5FGgQ/e0DOld0ynRirDtBJsgYD2s68vv0kl8zrNt8l9IEFnI4PhmjfKtj1oL35T/Mdi7PxGG/pyoTiUXjXr5ASIk8Z6i+yp2A787nhKF5RW2x0WOb8TSu3l6iBMbQOqt8Z81gHiqGaIWYUqU911Yu/znNQFj1PwVb+bzVm5lOGHHfHFJeT2ULHKZYEK5tIYDL1+JFeEKVPJMpjJzgMOnseaV5kXMHFWkvCmyObFX7f63JeV +OHTtoZrzYp6Ky9Zkth6FV3AcPJcyHjcbeoMck75V0JI1M0FK7QFwN+t3r8tfmCCjHUu9XExigJELOByR+8O6643il7dyciLg8v4ZU7bbJDeeSMCAwEAAQ==

MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAhpKUNNBb5wr+pf4++a8Ee/fe6sWm8HZmCScdBU2XWlqHFHdYobq3j4q61oQYzFExVXv7Kx0cTaLMJEnTrax+tZSnTBzrgKcb44o4TIHVozaeA9AgObkMD0tVc31F8zaGe955r3tiHNuQ4mtDji7Y7KZ8Y9rHvbjoyoeIdnomcqpmDRz7nlmzqwVQ8nCg47KHSxJGLGFCC0Kzrms4L42t9Y55jDx6xdhcmVRsoax3yLnfoA2fL08NkCSSjG/kWPd3VcQ4BBKAZJBVKJgoIRycFhUDiMMNC4krADr/r4QSslaRco/+BduilkLpgFiIKmiaWXZTw1ySYthqMEMVEuMB+UdfouH6a8FaPzVYhi9pSRF9dLnQb8twoeEvG3Rt+zMPboAiW8BKjiSRB+Y8UN4Ca2FPROBlfVo88w1b9f+sg62CEF2ncHQUKxFTUCXpvC5P3DUYcBGsYdqs0PUufLFzLbsFt+nIw3G1lOxJJp9eAG8jI24D5crV7ZV+tHkRS9FUGyNGfsbNkLgaMOGpTWV2RE+FLfnfBKMiajLKApNcTK/ZOoGiZIjTMR93KtxouSn2/vE7PZj8elLAeiwTP/qbOmJF7jczREoreAjTZf35hyVQbRU +W3aT7WKd+b9Q5isnwKJkOydRYRv8ocOJ7bSP17wo1vST+a2snp0O6eRbcFMCAwEAAQ==

正在打印私钥:

MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQCilwW4QDqytpD9Ttp7vsMF32sVgMLkuFOfoHiHL+95xEHVbJvjj8dnEjilQmBRn55Q20O5xvGFz2+X3ALvsxEmjIpXn0ziwyNUxfeiaGq8Vy8rKyS0aGx5Emyt9L80hsvckcOTU8LftzybbGCWcK9Ly0rucPyniFXKCPaNEKIdwsxqxnSbZkHji3QVzjNGn9nkaSPva2CR7mIubGg+MAm74NL38RQByTWOwQpZoMsVHsBY8qIw/KyoiKImLcbLm6Q5aG9v5Pl28VIJYq8Ub1+2bIU8LiGqaMkYbwawPiKYDYcJK+kz6IsslZi1nuPM1AI20ixTaQSiC3grkUaBD97QM6V3TKdGKsO0EmyBgPazry+/SSXzOs23yX0gQWcjg+GaN8q2PWgvflP8x2Ls/EYb+nKhOJReNevkBIiTxnqL7KnYDvzueEoXlFbbHRY5vxNK7eXqIExtA6q3xnzWAeKoZohZhSpT3XVi7/Oc1AWPU/BVv5vNWbmU4Ycd8cUl5PZQscplgQrm0hgMvX4kV4QpU8kymMnOAw6ex5pXmRcwcVaS8KbI5sVft/rcl5X44dO2hmvNinorL1mS2HoVXcBw8lzIeNxt6gxyTvlXQkjUzQUrtAXA363evy1+YIKMdS71cTGKAkQs4HJH7w7rrjeKXt3JyIuDy/hlTttskN55IwIDAQABAoICAQCbdRbM8uysz46WBH02cFD8HoC+ 0JyIIA4kxEQ5zgWFQbdIn032KRUZYfyzVmHN6XZwDRYWXTe1H3+tjXlpQqeVWi80VGYpMzdm6No7eOcFKb854Uh5DpcYtBshwK/JQ1FMljqPdTkQupzCZr97WEbji38buQB6Fwsf364Ndufq2MSnGxWHOCCrtjzKVJwGXPTzRexMETkGjw1lIdYSD9BeyTouQ11Dz+Tbl4uT4wAKM5rp8SRO/mj/w5R2OLKpHynIkihqrl4v8dDklGyed1bmj6BcyCb8TrBoIlAc12wwQk7o4Albzm6ztF2M2l0pDVUIobAsGG+LmLfPwFnPMSNyFsg/A+8r/SUWHdPP/Trgxil+iX3Qaagppx3uDvq5uXS1j60Hd2mnMOK8OZUTeh9zPvQ/XqeLLMfL74Z1vnvcS9Vj2vseEQylmYfwZvwwxRzsjd07xjTtpSf8rv1pNFgcBgNONiLa/lyJGGUmRgOBFpH4gpU0AcBSWyL20dwyuwzIYk+bRK7pMteKbe8UMoXcnT6fvnev5orW/SOdhxc0oLgN4VpxPngnBI6yYanO+s55+TwQOhFI/kmtz/P0rOvWmSvTl5faKYJUpmRCGU2laCqrGJIHr30/W+Sr5JPXqMBMsViNNzgzU/FExODbLGNs/A4eolMFcKRRmDDKEVesQQKCAQEA8qy+2HwCDdus/6s4VjLHqilqtuYaqzmDmF81ZIGk/IBaGv3HjlIuf0Zqu0s1eUsMwZEX1VfEJr0dVBepQCdLnA2dkmOzgiBvljuQfzPEU9bT6MGUexM/4L6B9F+pllK1LNikFcVHI2TeEe6a18h7Gmn5TVRriA1sORdGNDxNAvg6PQzOBXi3FVzH38GFUSHss7s69kKy/NSDlP443XsKHu/mCzUjIn4ghDOblmyYJz7wfGJCNfic53iv12gvk38CiVLLkqiQBnCgD7B7I5gZ5Z7Dx3qXBhbnIJYG6WRKQDqLHLWHzzbkXMaaBZONnwe1dg5X03T0WX7HliJoNQWVkwKCAQEAq4SIQvSUPixtuDTOPa92UqeUIuEyDtp74rYcSunSaOSNJ1J2ouxWoeoDxHY/uPYmwKQqECsd716ner2mukCcQyupC2mQzbTA7eGY+rPk54gvbqtArFZWrTDanTMHmGPmUrdhVcyigEx6jUhdgpWKPE6InZfxqZXJY23M2nzf4UzMr3TGbEIYuJX9ECkz5AiKg1ybgSC1E3gG0dtPeiJZMZeqSLW9ny1UxTQqyV7YVsbbh5cIS0qYMZgJCF4OJnxYSatkI9IvgpHq5178AywMpUPc3BdVNuekegsgIWYxjWNBO3O8x/N+cPDPTCNPbbAoMESQGQRCN8sP12LhEYbIMQKCAQEA4Xt9AG2JAxNglVakTAN23jcJftQjZ4FTMtsUI0UK5crk7jtrlmPp7Dyjo09oakE/owOL36FjEpOZkq9Bheh9KozEImcdPgWhaTgDNQ4Gl9f+okBsFEd4jPy2hzfzvUcwLHFHVSsuxEZOyN6pZWJUb+CT0jRkjc/bBNkJVDPLYrz+cAdbzl2xz9mbpd6MXyxkYUPQr0yePqm/cUsdzz0p1EEXwMYo1T3YPL4vDP/uCFlE3m32E2vjbngG+uFFg4jWs+r4Y4I =]+d75pE0RPv9xSfjOVsZn6QyMjXs1KJLpOxT2y7UnfuT1XgllJRrMgQsZAeynWLl+H5iuQyP4rfI6syiKxeuZoRPliMfqUbTNBMF1rhIXAKkWQnYG3Mi9Ffebb0FPX8BkQzKcdAHZfmtgrCtx1ztneXx05PzDdxBAoIBAQDYCcV35Vzziq0jK0oekYqqcqqRI9J8ECee5vl+30rGKh3TxeV1uobiRba3G5I+wCrjTSV8csr2whTCTDfOF5M7grwTic6xc6CHBYpF00CA5sjBYbnMTdat/UHWt4Bym1hwTvKdtyro1jGVABP5tCwIrK5IctZ4lKRTW5QpzCX7XJqrcl9WqxeN3BfxPDCviiKDQBVT5CsZCw/B78QhWtcCOmy7/N81TNG4Q/c+bAkCp6xFmsUX2PK9L8GVLGQhi8/DDPoPvGhxq4YcSK6m/p/Ir2gmHqpIJ00xSsZhRUbc2VR/nAu5Irwzga8nS1ji5EOYFkZgWp+MNALgouPpZo6L

MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCGkpQ00FvnCv6l/j75rwR7997qxabwdmYJJx0FTZdaWocUd1ihurePirrWhBjMUTFVe/srHRxNoswkSdOtrH61lKdMHOuApxvjijhMgdWjNp4D0CA5uQwPS1VzfUXzNoZ73nmve2Ic25Dia0OOLtjspnxj2se9uOjKh4h2eiZyqmYNHPueWbOrBVDycKDjsodLEkYsYUILQrOuazgvja31jnmMPHrF2FyZVGyhrHfIud+gDZ8vTw2QJJKMb+RY93dVxDgEEoBkkFUomCghHJwWFQOIww0LiSsAOv+vhBKyVpFyj/4F26KWQumAWIgqaJpZdlPDXJJi2GowQxUS4wH5R1+i4fprwVo/NViGL2lJEX10udBvy3Ch4S8bdG37Mw9ugCJbwEqOJJEH5jxQ3gJrYU9E4GV9WjzzDVv1/6yDrYIQXadwdBQrEVNQJem8Lk/cNRhwEaxh2qzQ9S58sXMtuwW36cjDcbWU7Ekmn14AbyMjbgPlytXtlX60eRFL0VQbI0Z+xs2QuBow4alNZXZET4Ut+d8EoyJqMsoCk1xMr9k6gaJkiNMxH3cq3Gi5Kfb+8Ts9mPx6UsB6LBM/+ps6YkXuNzNESit4CNNl/fmHJVBtFT5bdpPtYp35v1DmKyfAomQ7J1FhG/yhw4nttI/XvCjW9JP5rayenQ7p5FtwUwIDAQABAoICAHmYXoQuNKxaWegBCEQxqTqeqPS3rXUfdmkUx3swNe81V1Ld198iyJPSBaqpZ4LOZmZYhYXaYuWfkRfFAZivATrvXA9BHmZ8GI4MKXyv4Cr+ wd6uI0Ak/Umgh1C4RAlUHkY0qv0t3mQ23P5Jb5w8plOGx2SuncbHGslNl7d9/dmkMFvu8UiOwvJn9lFqBWZYvTjPBUs6giOMnLCgPv9w5Fu55ggZ6dF1A46kIxger4lWskJ7rHdh1d6FvUlaHRlqWZDMoNTFJvA3Hkt02OW6ZSrqx+u+Wr4urgUiSj/8daxg3kGG7D+8ync9dKE83aR8KeNmMJ+YuMjJxYFgS91p8zBBB8O6hKIqE3/muN0fC4TSgUWrF3vtVvkQJioPsJfKLO/8AMcfXu5A5jpojwY2ix4FG+Qfh76Hu7m1WlBumMNyqEzDhf0WpqwQQ0ZnTBxvxob1XeFicCZAec+X5m2+h2GZFoPrlhr3FRv1HeYOc4TxkCyd7365lK7gjXvdzDpLPzYFhblQXbIJXI3hSA0EptNWll+4bEKheEmXrQ5WcGpLUStBNInDOuo+GFgGhDRZ0Z38jc0axIGqm+9U7A2SYkdadnZ9TqkDbY9dUSxnwUN/j/GBGX4QuUuf/QPCPdod7bIo6H+PMII2Zggv3k4VqfIgwVjREIlTYDe5C2O0nYrhAoIBAQDxWlfsP5zMHXbeBT83EH60MMxZ1ZvvmWTs/LnSW5jWPHY7s1Z+JMna1AqCL8PocUAukUZGekUbdn0t0rlzVKcaBHLRaZuuY3A6geYwmw4CqK0gIPLOQ8OBAHUmBaHB7Bctz4rLIdkF6VePL6OCa9kxyhw083q1/mCd2TIQKdoH8+ 4qxiKOz+TfNe57ajGy5Ipqh2pJwLXGze3p+ywR/V+8wabb+Tuj6nig5T5KpjY14B9ifiVPqNI3RZj92xfvFp0O386Cukuhd0HsB0YTP1bJQnm/wnbmgHnfEGaZGSte0zqYiLO420Ivcbw6H4AwFrW0dZ5OlLAyzhSnpx6DnbpxAoIBAQCOvUwXX+z2HuxTU9TNXS3SObewpdpchsMdrQE1FYVNgRgf1v156AscCW79SHyg5ecuorgdqlR5DtTNrWVNY77e02jVOZH8idCO/0dn2pXJ8EaCV2kz7Objj+LyGlyIgPY0S0FswLI5eg/iRL4DeMkMRqQwcp92wPTMU+IrTvKEcAgVPybMSRt6Rirh7iKzxHUjbkjGYv0XOUaWacOg7i0pVyh+WhUBMkag8dOsYEQGzdpY9vlJl5irSxwb7lnCMMc0YJT05PyKbmYYTI08KaMLB4R6F4KXl56Mh4CAsnpNlAQt23miMO2ZF9FlXiRNR74bjc+pG7oWhzduCUjHDNEDAoIBAQCMG7MgzYjboVso5gjdkXDMb+uhVvTQMc86GDhTWqMt8yl73M8gKYEYzLFRBCOJY30ry1/td/t4Rt/CYysPPZxH6T8yPEmJAebbwB7+JnUKrBrcpOPvQ71RvQ9ExE40Ajcue+YJqBuRZ/VRhQk5pBwQ4FBhmNqqngI+gCCk63bL2RpwsFbNavhlb6yC7pHtVOjZkMTuDbY4s8EibJIX22vhatXPqy6pKGtgk9QGh9i+i94MUkicptdqCLgY3kBVpl4EjX4Xu8g98rpNJ6fRcpqR+UouPNjDVN/q012MEOVxhdPlSq5yaK5SVoc7gp/qyrQvD3yYB48F30Z0UPrQ0xaxAoIBAGQUyAhPovcCwZK/YaLIZXtUKr5523wqpR3mksUknL21+TNB66IRF9EFsEN5EqFB8XFaeBuctPPYeU7o9/FmMYtM0eFHJ1vZSVkqFmfz9DiN9vIm1cWpok4GMgqsfxrayUXrSik1hwET25U7u7r1conf8fliNPrv2fR2EEtrZFGFt7Ul/U8ZJ2H5VtHoxX4kDjnUdsRa3bft2ddWuurYdOPaj7Lf+IBJPwpT5KWlLa1TonfkWu/Fki7wT/opidfFmbbYzThUYdmyBHWfHxwC2aW/FJ0CZPdjQLCpxWj3Oxev46o/i64z/jPsZk5bzro8xkfNi7+3iCeJkUzex5+BFf8CggEASv2oLIyZYqRIxYh91mZVk0HNFeWTa9LbrxW8w0foQVY3eabmccLOuLV/7/pHzqxBu7dL2UF83sjDXJK7+U8bQjr8r3Tq40NQCqamgxVQ4/QHmeOw5ww9s2FYrLG7gekf4QuML1vsSIsVYsfcZKDAiAzoQldd06dcqUeJ6aO6Y9OVDxOoIDbnTDRhMHK+US3AbG8n/ZzInbyq8DjwPcv6pwkZ2L5ma6fLBB/IyI6XfChkIeFedys9Y7K/vkfCKrPYW2mLbr1s/A5fOPgw8OiE/e83biMhO1NLJDQ1r4gdMEeZXiJrTE16tJLUaIMDofrPlRPTlLijFwZ6piduDETH4g==

TL;DR 请只依赖私钥本身的安全性,不要依赖任何其他东西;做到这一点已经够难了。如果您想提高安全性,请使用外部设备来存储密钥,最好是 HSM 或智能卡。


I've come to understand that this is the algorithm being encoded to the start. However, I think I'd prefer if third parties had as little info as possible, including what is being used to generate them.

这直接违背了Kerckhoff的原则。如果你依赖这些东西是秘密的,那么你已经输了。它们会泄漏,鉴于它们没什么特别的,攻击者只需猜测一次。

How can I remove this info from the header? And what are the consequences? It is really only to be used internally so we can hardcode the missing pieces if necessary.

RSA 密钥包含多个组件。其中只有 CRT 参数和/或私有指数需要保密。但是您仍然需要以某种方式对它们进行编码。其余的只是指定它是一个 RSA 密钥,但无论如何从参数中看这一点是显而易见的。

Any other ideas on why this information is included by default and so hard to code away? RsaPublicKey is final. We should be able to get the public key and private key in their mathematical form if we required to. Prime number and exponent. Why is all this crap included?

您可以直接获取模数和指数作为 BigInteger 值。这是你的数学形式,对吧?您可以使用 RSAPublicKeySpec 再次从中重建一个 RSAPublicKey,它可以与 KeyFactory.getInstance("RSA").

一起使用

这些是 ASN.1 编码结构。一个称为 SubjectPublicKeyInfo 结构,指定用于 X.509(即证书)和 PKCS#1 用于实际的 public 密钥。另一个是 PKCS#8 编码的私钥(您正在查看可以加密的内部结构),它也依赖于 PKCS#1 作为实际私钥。