AES+RSA加密解密（js和java互通）

/* * Copyright (c) 2015 Eric Wilde. * Copyright 1998-2015 David Shapiro. * * RSA.js is a suite of routines for performing RSA public-key computations * in JavaScript. The cryptographic functions herein are used for encoding * and decoding strings to be sent over unsecure channels. * * To use these routines, a pair of public/private keys is created through a * number of means (OpenSSL tools on Linux/Unix, Dave Shapiro's * RSAKeyGenerator program on Windows). These keys are passed to RSAKeyPair * as hexadecimal strings to create an encryption key object. This key object * is then used with encryptedString to encrypt blocks of plaintext using the * public key. The resulting cyphertext blocks can be decrypted with * decryptedString. * * Note that the cryptographic functions herein are complementary to those * found in CryptoFuncs.php and CryptoFuncs.pm. Hence, encrypted messages may * be sent between programs written in any of those languages. The most * useful, of course is to send messages encrypted by a Web page using RSA.js * to a PHP or Perl script running on a Web servitron. * * Also, the optional padding flag may be specified on the call to * encryptedString, in which case blocks of cyphertext that are compatible * with real crypto libraries such as OpenSSL or Microsoft will be created. * These blocks of cyphertext can then be sent to Web servitron that uses one * of these crypto libraries for decryption. This allows messages encrypted * with longer keys to be decrypted quickly on the Web server as well as * making for more secure communications when a padding algorithm such as * PKCS1v1.5 is used. * * These routines require BigInt.js and Barrett.js. */ /*****************************************************************************/ /* * Modifications * ------------- * * 2014 Jan 11 E. Wilde Add optional padding flag to encryptedString * for compatibility with real crypto libraries * such as OpenSSL or Microsoft. Add PKCS1v1.5 * padding. * * 2015 Jan 5 D. Shapiro Add optional encoding flag for encryptedString * and encapsulate padding and encoding constants * in RSAAPP object. * * Original Code * ------------- * * Copyright 1998-2005 David Shapiro. * * You may use, re-use, abuse, copy, and modify this code to your liking, but * please keep this header. * * Thanks! * * Dave Shapiro * dave@ohdave.com */ /*****************************************************************************/ var RSAAPP = {}; RSAAPP.NoPadding = "NoPadding"; RSAAPP.PKCS1Padding = "PKCS1Padding"; RSAAPP.RawEncoding = "RawEncoding"; RSAAPP.NumericEncoding = "NumericEncoding" /*****************************************************************************/ function RSAKeyPair(encryptionExponent, decryptionExponent, modulus, keylen) /* * encryptionExponent The encryption exponent (i.e. public * encryption key) to be used for * encrypting messages. If you aren't * doing any encrypting, a dummy * exponent such as "10001" can be * passed. * * decryptionExponent The decryption exponent (i.e. private * decryption key) to be used for * decrypting messages. If you aren't * doing any decrypting, a dummy * exponent such as "10001" can be * passed. * * modulus The modulus to be used both for * encrypting and decrypting messages. * * keylen The optional length of the key, in * bits. If omitted, RSAKeyPair will * attempt to derive a key length (but, * see the notes below). * * returns The "new" object creator returns an * instance of a key object that can be * used to encrypt/decrypt messages. * * This routine is invoked as the first step in the encryption or decryption * process to take the three numbers (expressed as hexadecimal strings) that * are used for RSA asymmetric encryption/decryption and turn them into a key * object that can be used for encrypting and decrypting. * * The key object is created thusly: * * RSAKey = new RSAKeyPair("ABC12345", 10001, "987654FE"); * * or: * * RSAKey = new RSAKeyPair("ABC12345", 10001, "987654FE", 64); * * Note that RSAKeyPair will try to derive the length of the key that is being * used, from the key itself. The key length is especially useful when one of * the padding options is used and/or when the encrypted messages created by * the routine encryptedString are exchanged with a real crypto library such * as OpenSSL or Microsoft, as it determines how many padding characters are * appended. * * Usually, RSAKeyPair can determine the key length from the modulus of the * key but this doesn't always work properly, depending on the actual value of * the modulus. If you are exchanging messages with a real crypto library, * such as OpenSSL or Microsoft, that depends on the fact that the blocks * being passed to it are properly padded, you'll want the key length to be * set properly. If that's the case, of if you just want to be sure, you * should specify the key length that you used to generated the key, in bits * when this routine is invoked. */ { /* * Convert from hexadecimal and save the encryption/decryption exponents and * modulus as big integers in the key object. */ this.e = biFromHex(encryptionExponent); this.d = biFromHex(decryptionExponent); this.m = biFromHex(modulus); /* * Using big integers, we can represent two bytes per element in the big * integer array, so we calculate the chunk size as: * * chunkSize = 2 * (number of digits in modulus - 1) * * Since biHighIndex returns the high index, not the number of digits, the * number 1 has already been subtracted from its answer. * * However, having said all this, "User Knows Best". If our caller passes us * a key length (in bits), we'll treat it as gospel truth. */ if (typeof(keylen) != 'number') { this.chunkSize = 2 * biHighIndex(this.m); } else { this.chunkSize = keylen / 8; } this.radix = 16; /* * Precalculate the stuff used for Barrett modular reductions. */ this.barrett = new BarrettMu(this.m); } /*****************************************************************************/ function encryptedString(key, s, pad, encoding) /* * key The previously-built RSA key whose * public key component is to be used to * encrypt the plaintext string. * * s The plaintext string that is to be * encrypted, using the RSA assymmetric * encryption method. * * pad The optional padding method to use * when extending the plaintext to the * full chunk size required by the RSA * algorithm. To maintain compatibility * with other crypto libraries, the * padding method is described by a *