请选择 进入手机版 | 继续访问电脑版
 找回密码
 立即注册
搜索

本文来自

安全运维工具

安全运维工具

人已关注

请添加对本版块的简短描述

精选帖子

k8s apiserver --v  日志级别
k8s apiserver --v 日志级别
0阅读|43人阅读
阿里云CDN计费
阿里云CDN计费
0阅读|342人阅读
信用卡空当接龙
信用卡空当接龙
0阅读|399人阅读
HTTP/1.0和HTTP/1.1、HTTP/2请求对比
HTTP/1.0和HTTP/1.1、HTTP/2请求对比
3阅读|778人阅读

Nginx Lua RSA

[复制链接]
931 abc 发表于 2019-9-24 17:56:15


Nginx + Lua程序开发,非对称加解密应用的演示,库使用的是lua-resty-rsa,顺便介绍一下RSA公钥和私钥的创建。

创建RSA公钥和私钥:

1 openssl genrsa -out rsa_private_key.pem 1024
2 openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt -out private_key.pem
3 openssl rsa -in private_key.pem -RSAPublicKey_out -out rsa_public_key.pem

rsa_public_key.pem和rsa_private_key.pem就是需要用到的公钥和私钥文件,文件内容分别用于替换下面程序中的RSA_PUBLIC_KEY和RSA_PRIV_KEY,替换完成后执行程序:

1 local RSA_PUBLIC_KEY = [[
2 -----BEGIN RSA PUBLIC KEY-----
3 MIGJAoGBAMAa77bRpUbJrwgKeR6pq1BO2jSgFbL6mhTjiczfnhqcYH82ojWm2Xmy
4 VfNXxm+ctRj0i0+pqKcQtd+SKgdHwfbs7+vOQGvWxvly1zi7GATjstTLaPWwqpYC
5 dwTutTgpZqz9n5l1lA/phB6+9IR9siroQInrrTwdddjxiLk/psa7AgMBAAE=
6 -----END RSA PUBLIC KEY-----
7 ]]
8 local RSA_PRIV_KEY = [[
9 -----BEGIN RSA PRIVATE KEY-----
10 MIICXQIBAAKBgQDAGu+20aVGya8ICnkeqatQTto0oBWy+poU44nM354anGB/NqI1
11 ptl5slXzV8ZvnLUY9ItPqainELXfkioHR8H27O/rzkBr1sb5ctc4uxgE47LUy2j1
12 sKqWAncE7rU4KWas/Z+ZdZQP6YQevvSEfbIq6ECJ6608HXXY8Yi5P6bGuwIDAQAB
13 AoGBALupVKTeFbuaB98uA/XdP1o7PVQNUkU+I8jmIlY92IAcZPPA1iLdNDN68BXA
14 mDut9QdE1NZkYTmazGBzs5TbF3FBaDxbp2FKHZx2Fwe8Gr/b0o1z2/SmOKj8sSXG
15 rf7kfdpoqqy0cxprefDa9mqwHQe6HKIELD76GM6cEHJBLUlxAkEA9vzQ5J5HfWAt
16 j5c5WPFKqfxXjE7hH1rhZg6WuvQllYwRfWsi32nSOCI7OgA9J5AdUph4Arb1TS/Y
17 aPVNVT2mmQJBAMcdcrt1IxFSVC8lqbYCg/YBYzemk4Je+stmZK2QKY5aTlDoeopx
18 DeTumOVu98Gmn0jCpAbfBAGQ7kCD6dHicHMCQG2fiJfwKIrdRVuWIz322szX04PS
19 /tiL3b8OephABO57XMft5WyD62o+x0rXEE2fCWS/h4Ss7/NyaPss5UYQNwECQQCe
20 umb/8P0njc32V7vWkGLJ9Yk2j9//id+7zcBsbAP0qyDLdshZHI7K9TmFjNSM11sb
21 Ea7Ym2gCJ5sGayI2YqDpAkBHIG0wfG861N8+4erg4OLNJILRo/woDD1W74pAJT79
22 wrgswyEFEMeBtPnAkO90ib75IgFIPxQaYKFXghjDebg1
23 -----END RSA PRIVATE KEY-----
24 ]]
25
26 local Rsa = require "resty.rsa"
27 local pub, err = Rsa:new({ public_key = RSA_PUBLIC_KEY })
28 if not pub then
29     ngx.say("new rsa err: ", err)
30     return
31 end
32 local encrypted, err = pub:encrypt("hello")
33 if not encrypted then
34     ngx.say("failed to encrypt: ", err)
35     return
36 end
37 ngx.say("encrypted length: ", #encrypted)
38
39 local priv, err = Rsa:new({ private_key = RSA_PRIV_KEY })
40 if not priv then
41     ngx.say("new rsa err: ", err)
42     return
43 end
44 local decrypted = priv:decrypt(encrypted)
45 ngx.say(decrypted == "hello")
46
47 local algorithm = "SHA"
48 local priv, err = Rsa:new({ private_key = RSA_PRIV_KEY, algorithm = algorithm })
49 if not priv then
50     ngx.say("new rsa err: ", err)
51     return
52 end
53
54 local str = "hello"
55 local sig, err = priv:sign(str)
56 if not sig then
57     ngx.say("failed to sign:", err)
58     return
59 end
60 ngx.say("sig length: ", #sig)
61
62 local pub, err = Rsa:new({ public_key = RSA_PUBLIC_KEY, algorithm = algorithm })
63 if not pub then
64     ngx.say("new rsa err: ", err)
65     return
66 end
67 local verify, err = pub:verify(str, sig)
68 if not verify then
69     ngx.say("verify err: ", err)
70     return
71 end
72 ngx.say(verify)

运行结果:

encrypted length: 128
true
sig length: 128
true

    https://github.com/doujiang24/lua-resty-rsa
    https://openssl.org/docs/manmaster/apps/rsa.html
https://laijinman.com/nginx-lua-rsa

回复

使用道具 举报

 楼主| abc 发表于 2019-9-24 17:59:48
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表