如何在浏览器端实现RSA公私钥对生成、加解密?

Question

我找了很多实现RSA加解密的js库，基本都是需要先使用open-ssl命令生成RSA公私钥对。后来我使用Web Cryptography API，满足在浏览器端生成RSA公私钥对及加解密的需求。但是只能公钥加密、私钥解密，用私钥加密报错“Uncaught (in promise) DOMException: key.usages does not permit this operation”。有没有满足浏览器端生成公私钥对、公钥加密私钥解密和私钥加密公钥解密的解决方案？

Answer 1

<!--弄了好几天，通过Html生成RSA的公钥和私钥，是在浏览器中生成RSA的公钥私钥，用户本地保存私钥，公钥发送服务器。比较可靠。代码贡献。如有问题 ，联系我QQ：3076688760-->
<html>
<head>

<style>
    input, textarea {
        display: block;
        width: 100%;
    }
    #private {background: palevioletred;}
    #public {background: lightgreen;}
</style>

</head>
<body>
<input type="button" id="generate" value="generate keypair">
This is your PUBLIC key. Send it to sender and ask them to use encrypt.html to encrypt a message for you.
<textarea id="public" readonly onfocus="this.select();"></textarea>
This is your PRIVATE key. Do not send it to anyone! Instead, save it and use decrypt.html to decrypt an encrypted message.
<textarea id="private" readonly onfocus="this.select();"></textarea>
Note: These two keys form a pair: messages encrypted with above public key can be decrypted only with above private key.
<script>

function $(s){return document.querySelector(s)};
function bin2text(bin){return btoa(String.fromCharCode(...new Uint8Array(bin)));}
function autosize(textarea){textarea.style.height = "";textarea.style.height = textarea.scrollHeight +3 + "px"};

$('#generate').onclick=function(){

    window.crypto.subtle.generateKey(
        {
            name: "RSA-OAEP",
            modulusLength: 1024, //can be 1024, 2048, or 4096
            publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
            hash: {name: "SHA-256"}, //can be "SHA-1", "SHA-256", "SHA-384", or "SHA-512"
        },
        true, //whether the key is extractable (i.e. can be used in exportKey)
        ["encrypt", "decrypt"] //must be ["encrypt", "decrypt"] or ["wrapKey", "unwrapKey"]
    )
        .then(function(key){
            //returns a keypair object
            window.crypto.subtle.exportKey(
                "pkcs8", //can be "jwk" (public or private), "spki" (public only), or "pkcs8" (private only)
                key.privateKey //can be a publicKey or privateKey, as long as extractable was true
            )
                .then(function(keydata){
                    //returns the exported key data
                    console.log('private',keydata);
                    // $('#private').value=keydata.n;
                    $('#private').value=bin2text(keydata);
                    autosize($('#private'));
                })
                .catch(function(err){
                    console.error(err);
                });
            window.crypto.subtle.exportKey(
                "spki", //can be "jwk" (public or private), "spki" (public only), or "pkcs8" (private only)
                key.publicKey //can be a publicKey or privateKey, as long as extractable was true
            )
                .then(function(keydata){
                    //returns the exported key data
                    console.log('public',keydata);
                    $('#public').value=bin2text(keydata);
                    autosize($('#public'));
                })
                .catch(function(err){
                    console.error(err);
                });

        })
        .catch(function(err){
            console.error(err);
        });

}

</script>

</body>
</html>

Answer 2

可以参考mail.qq.com里面对password的加密

Answer 3

单纯的在浏览器做的话，DES不是同样能满足需求？因为RSA公私钥的一般的使用场景都是两端进行的，所以基本都是优先生成出来。私钥会下发给客户端或者其他方，比如接银行等都是类似的做法，不太清楚题主为何会有在浏览器做整个加解密的过程？而且还需要浏览器生成密钥对的需求。如果单纯需要浏览器进行加密敏感数据使用DES加密也足够了，因为你这样使用起来也没有利用到RSA非对称的特性，生成的私钥和公钥也都在一处进行使用。

Answer 4

问题应该是说：前端生成一组密钥对 后端生成一组密钥对 然后进行相互验证