🔐 Asymmetric Encryption Tool
Generate key pairs, encrypt/decrypt data, and create digital signatures using RSA, ECC, SM2, and other public-key cryptography algorithms
What is Asymmetric Encryption?
Asymmetric encryption, also known as public-key cryptography, uses a pair of mathematically related keys: a public key and a private key. The public key can be freely shared and is used to encrypt data; the private key must be kept secret and is used to decrypt data. This design solves the key distribution problem in symmetric encryption.
Key Features
- Uses public-private key pairs
- Public key can be shared, private key must be secret
- Supports digital signatures for identity verification
- Common algorithms: RSA, ECC, SM2, etc.
Main Use Cases
- HTTPS/TLS website security
- Digital certificates and PKI systems
- Email encryption and digital signatures
- Blockchain and cryptocurrency
Security Note
The security of private keys is crucial. Once compromised, it can lead to serious security issues. It is recommended to use strong random number generators for key generation, properly secure private keys, regularly update key pairs, and consider using Hardware Security Modules (HSM) to protect high-value private keys.
Algorithm Settings
Output
Output Length: 0
Key Management
Algorithm Details & Implementation Examples
Algorithm Basic Information
Algorithm Name:RSA-2048
Algorithm Category:Traditional Standard
Key Length:2048 bits
Key Format:PKCS#1
Security Level:Good
Performance:Moderate
Algorithm Characteristics
• RSA algorithm based on large integer factorization mathematical problem
• Supports both encryption/decryption and digital signature operations
• Longer key length provides higher security but lower performance
• Widely used in HTTPS, SSH, email encryption and other scenarios
• Mature and stable, but relatively large key size and lower performance
Use Cases & Examples
HTTPS Certificates
Website SSL/TLS certificate signing and key exchange
SSH Key Authentication
Server remote login public key authentication
Code Signing
Software release and update digital signatures
Code Implementation Examples
JavaScript (Node.js + crypto)
const crypto = require('crypto');
// RSA 非对称加密示例
class AsymmetricCrypto {
constructor() {
this.keySize = 2048; // RSA密钥长度
}
// 生成RSA密钥对
generateKeyPair() {
const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
modulusLength: this.keySize,
publicKeyEncoding: {
type: 'spki',
format: 'pem'
},
privateKeyEncoding: {
type: 'pkcs8',
format: 'pem'
}
});
return { publicKey, privateKey };
}
// 使用公钥加密
encrypt(plaintext, publicKey) {
const buffer = Buffer.from(plaintext, 'utf8');
const encrypted = crypto.publicEncrypt(publicKey, buffer);
return encrypted.toString('base64');
}
// 使用私钥解密
decrypt(encryptedData, privateKey) {
const buffer = Buffer.from(encryptedData, 'base64');
const decrypted = crypto.privateDecrypt(privateKey, buffer);
return decrypted.toString('utf8');
}
// 使用私钥签名
sign(data, privateKey) {
const sign = crypto.createSign('SHA256');
sign.update(data);
sign.end();
return sign.sign(privateKey, 'base64');
}
// 使用公钥验证签名
verify(data, signature, publicKey) {
const verify = crypto.createVerify('SHA256');
verify.update(data);
verify.end();
return verify.verify(publicKey, signature, 'base64');
}
}
// 使用示例
const cryptoInstance = new AsymmetricCrypto();
const { publicKey, privateKey } = cryptoInstance.generateKeyPair();
const plaintext = "Hello, RSA!";
// 加密
const encrypted = cryptoInstance.encrypt(plaintext, publicKey);
console.log('加密结果:', encrypted);
// 解密
const decrypted = cryptoInstance.decrypt(encrypted, privateKey);
console.log('解密结果:', decrypted);
// 签名
const signature = cryptoInstance.sign(plaintext, privateKey);
console.log('数字签名:', signature);
// 验证签名
const isValid = cryptoInstance.verify(plaintext, signature, publicKey);
console.log('签名验证:', isValid);Python (cryptography库)
from cryptography.hazmat.primitives.asymmetric import rsa, padding
from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.backends import default_backend
import base64
class AsymmetricCrypto:
def __init__(self):
self.key_size = 2048 # RSA密钥长度
self.backend = default_backend()
def generate_key_pair(self):
"""生成RSA密钥对"""
private_key = rsa.generate_private_key(
public_exponent=65537,
key_size=self.key_size,
backend=self.backend
)
public_key = private_key.public_key()
# 序列化密钥为PEM格式
private_pem = private_key.private_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PrivateFormat.PKCS8,
encryption_algorithm=serialization.NoEncryption()
)
public_pem = public_key.public_bytes(
encoding=serialization.Encoding.PEM,
format=serialization.PublicFormat.SubjectPublicKeyInfo
)
return private_pem.decode(), public_pem.decode()
def encrypt(self, plaintext, public_key_pem):
"""使用公钥加密"""
public_key = serialization.load_pem_public_key(
public_key_pem.encode(),
backend=self.backend
)
ciphertext = public_key.encrypt(
plaintext.encode(),
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
return base64.b64encode(ciphertext).decode()
def decrypt(self, ciphertext_b64, private_key_pem):
"""使用私钥解密"""
private_key = serialization.load_pem_private_key(
private_key_pem.encode(),
password=None,
backend=self.backend
)
ciphertext = base64.b64decode(ciphertext_b64)
plaintext = private_key.decrypt(
ciphertext,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
return plaintext.decode()
def sign(self, message, private_key_pem):
"""使用私钥签名"""
private_key = serialization.load_pem_private_key(
private_key_pem.encode(),
password=None,
backend=self.backend
)
signature = private_key.sign(
message.encode(),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return base64.b64encode(signature).decode()
def verify(self, message, signature_b64, public_key_pem):
"""使用公钥验证签名"""
public_key = serialization.load_pem_public_key(
public_key_pem.encode(),
backend=self.backend
)
signature = base64.b64decode(signature_b64)
try:
public_key.verify(
signature,
message.encode(),
padding.PSS(
mgf=padding.MGF1(hashes.SHA256()),
salt_length=padding.PSS.MAX_LENGTH
),
hashes.SHA256()
)
return True
except Exception:
return False
# 使用示例
crypto_instance = AsymmetricCrypto()
private_key, public_key = crypto_instance.generate_key_pair()
message = "Hello, RSA!"
# 加密
encrypted = crypto_instance.encrypt(message, public_key)
print(f"加密结果: {encrypted}")
# 解密
decrypted = crypto_instance.decrypt(encrypted, private_key)
print(f"解密结果: {decrypted}")
# 签名
signature = crypto_instance.sign(message, private_key)
print(f"数字签名: {signature}")
# 验证签名
is_valid = crypto_instance.verify(message, signature, public_key)
print(f"签名验证: {is_valid}")Java (javax.crypto)
import javax.crypto.Cipher;
import java.security.*;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public class AsymmetricCrypto {
private static final int KEY_SIZE = 2048;
private static final String ALGORITHM = "RSA";
private static final String TRANSFORMATION = "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING";
private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
public static class KeyPair {
public final String publicKey;
public final String privateKey;
public KeyPair(String publicKey, String privateKey) {
this.publicKey = publicKey;
this.privateKey = privateKey;
}
}
/**
* 生成RSA密钥对
*/
public static KeyPair generateKeyPair() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM);
keyPairGenerator.initialize(KEY_SIZE);
java.security.KeyPair keyPair = keyPairGenerator.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
String publicKeyStr = Base64.getEncoder().encodeToString(publicKey.getEncoded());
String privateKeyStr = Base64.getEncoder().encodeToString(privateKey.getEncoded());
return new KeyPair(publicKeyStr, privateKeyStr);
}
/**
* 使用公钥加密
*/
public static String encrypt(String plaintext, String publicKeyStr) throws Exception {
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyStr);
X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
PublicKey publicKey = keyFactory.generatePublic(spec);
Cipher cipher = Cipher.getInstance(TRANSFORMATION);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] encryptedBytes = cipher.doFinal(plaintext.getBytes("UTF-8"));
return Base64.getEncoder().encodeToString(encryptedBytes);
}
/**
* 使用私钥解密
*/
public static String decrypt(String ciphertext, String privateKeyStr) throws Exception {
byte[] privateKeyBytes = Base64.getDecoder().decode(privateKeyStr);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(spec);
Cipher cipher = Cipher.getInstance(TRANSFORMATION);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] ciphertextBytes = Base64.getDecoder().decode(ciphertext);
byte[] decryptedBytes = cipher.doFinal(ciphertextBytes);
return new String(decryptedBytes, "UTF-8");
}
/**
* 使用私钥签名
*/
public static String sign(String message, String privateKeyStr) throws Exception {
byte[] privateKeyBytes = Base64.getDecoder().decode(privateKeyStr);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(spec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey);
signature.update(message.getBytes("UTF-8"));
byte[] signatureBytes = signature.sign();
return Base64.getEncoder().encodeToString(signatureBytes);
}
/**
* 使用公钥验证签名
*/
public static boolean verify(String message, String signatureStr, String publicKeyStr)
throws Exception {
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKeyStr);
X509EncodedKeySpec spec = new X509EncodedKeySpec(publicKeyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
PublicKey publicKey = keyFactory.generatePublic(spec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicKey);
signature.update(message.getBytes("UTF-8"));
byte[] signatureBytes = Base64.getDecoder().decode(signatureStr);
return signature.verify(signatureBytes);
}
// 使用示例
public static void main(String[] args) {
try {
AsymmetricCrypto crypto = new AsymmetricCrypto();
KeyPair keyPair = crypto.generateKeyPair();
String message = "Hello, RSA!";
// 加密
String encrypted = crypto.encrypt(message, keyPair.publicKey);
System.out.println("加密结果: " + encrypted);
// 解密
String decrypted = crypto.decrypt(encrypted, keyPair.privateKey);
System.out.println("解密结果: " + decrypted);
// 签名
String signatureStr = crypto.sign(message, keyPair.privateKey);
System.out.println("数字签名: " + signatureStr);
// 验证签名
boolean isValid = crypto.verify(message, signatureStr, keyPair.publicKey);
System.out.println("签名验证: " + isValid);
} catch (Exception e) {
e.printStackTrace();
}
}
}관련 JSON 도구
더 강력한 JSON 처리 도구 탐색
Hash Generator
Description
Symmetric Encryption Tool
Encrypt and decrypt data using symmetric encryption algorithms like AES, SM4, and ChaCha20
JSON 포매터
실시간 구문 검사와 오류 감지로 JSON 데이터를 포맷, 미화, 압축합니다.
JSON 검증기
상세 오류 리포트와 분석으로 JSON 구문과 구조를 검증합니다.
JSON 편집기
강력한 온라인 JSON 편집기: 포맷팅, 미화, 검증, 압축, 트리/테이블/시각화 뷰, 온라인 파싱, CSV/Excel 내보내기, 다운로드 등을 지원합니다.
JSON→XML 변환기
구조 매핑과 타입 처리를 자동으로 지원하는 JSON→XML 변환 도구입니다.