RSA算法 token生成與解析

本文演示兩種方式，一種是把密鑰文件放在配置文件中，一種是把密鑰文件本身放入項目或者容器中。

下面兩種的區別在于私鑰公鑰的初始化， init方法，需要哪種取哪種。

1. 通過文件讀取

• 首先是密鑰文件（privateKey），放在如config目錄下。

-----BEGIN RSA PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMu4IDG1XU6a7bXo
4V1jSnbKk9Eum2WguAyq+maCRcP9JoHlE/HmhPOjl91aN5gDHw3pgB7QMMkPkuyY
0aG9UiIo7PbBgjXsNBErprKa8G7GKhDN4B3m8jxEi1NLtCk2H8AEf8H/deGFXCde
fjQx0NcTbJ8STfbsqrLhOq2xzAgMBAAECgYEAg1kZMNOd8IOFxqb7P2o4ZbUh
b1rciL8CS/CleBiAgOgkvtWDcZFOoYQV83sqoxFIIYEuwS88dTZcZb32U5EsdYEx
JvJwAAYnzpch/YAz0llvXSHzZwNfGGvs4qt0d74bFpPfveli82wSKMlykeajP2Ro
RQpOniTYOWrJ01UHdUECQQDt1KTj/Xs5BNmEZAkJVmGekQROADk+ztceAe9UMj/J
s5xECdXVwuFh2Rm62MMQNNoW2Pjz4Y5NqhjRu0MMZnlTAkEA20hZsgA78aqTO7s+
+y/CLgP3Cd7uG/5RkcmjBWq2eXkt6wmazZl0BMYb7vshblnMjFXJwuOmfBJl7rTr
1fg8YQJAEo4Jg0QObgdj1QFc9x6HJTDZLiC0VqMag1vRSTdWZK0fnutJhJDctp6S
dFJe/Y+yCCBLY/OP/50qrIo4k+oWwwJAIn8hTTVoOL6C5xSv9cgvnhmVlYHyp4i8
wFieQs3k4vtDVARwzANmExIvdssfGUMbQMCGOxihKkeirYjcyQ6CQQJAbsbpzCjD
wd9JCogmTu/xYqtL898ek7LeNkhgIY2KhYtlptxlHfzgLBUgiSTNTcD1YWtSSp6u
A5ImxrryDYPmfg==
-----END RSA PRIVATE KEY-----

• 處理私鑰，生成token與解析

package mainimport ("crypto/rsa""crypto/x509""encoding/base64""errors""github.com/golang-jwt/jwt/v4""io/ioutil""log""time"
)var (publicKey  *rsa.PublicKeyprivateKey *rsa.PrivateKey
)func main() {token, _ := createToken(privateKey)println("-------------")println(token)println("-------------")a1, _ := getSubFromToken(token)println(a1)
}func init() {publicKeyByte, err := ioutil.ReadFile("公鑰的路徑/public.key")if err != nil {log.Println(err.Error())}publicKey, err = jwt.ParseRSAPublicKeyFromPEM(publicKeyByte)privateKeyByte, err := ioutil.ReadFile("私鑰的路徑/private.key")if err != nil {log.Println(err.Error())}privateKey, _ = jwt.ParseRSAPrivateKeyFromPEM(privateKeyByte)
}// createToken 生成一個RS256驗證的Token
// Token里面包括的值，可以自己根據情況添加，
func createToken(privateKey *rsa.PrivateKey) (tokenStr string, err error) {expireTime := time.Now().Add(7 * 24 * time.Hour)var audi = jwt.ClaimStrings{"zwmgc",}var expir = jwt.NewNumericDate(expireTime)claim := jwt.RegisteredClaims{Audience:  audi,ExpiresAt: expir, //過期時間//IssuedAt:  time.Now().Unix(),Issuer:  "simba-sdk",                              // 簽名頒發者Subject: "23258bd202e451a988234c2145d754a", //簽名主題}// jwt.SigningMethodHS256token := jwt.NewWithClaims(jwt.SigningMethodRS256, claim)tokenStr, _ = token.SignedString(privateKey)return
}// getSubFromToken 獲取Token的主題（也可以更改獲取其他值）
// 參數tokenStr指的是 從客戶端傳來的待驗證Token
// 驗證Token過程中，如果Token生成過程中，指定了iat與exp參數值，將會自動根據時間戳進行時間驗證
func getSubFromToken(tokenStr string) (sub string, err error) {// 基于公鑰驗證Token合法性token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {// 基于JWT的第一部分中的alg字段值進行一次驗證if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {return nil, errors.New("驗證Token的加密類型錯誤")}return publicKey, nil})if err != nil {return}if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {return claims["sub"].(string), nil}return "", errors.New("token無效或者無對應值")
}

2. 通過配置文件或者字符串

package mainimport ("crypto/rsa""crypto/x509""encoding/base64""errors""github.com/golang-jwt/jwt/v4""io/ioutil""log""time"
)var (publicKey  *rsa.PublicKeyprivateKey *rsa.PrivateKey
)func main() {token, _ := createToken(privateKey)println("-------------")println(token)println("-------------")a1, _ := getSubFromToken(token)println(a1)
}func init() {// 初始化 public Keyvar publicKeyStr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDLuCAxtV1Omu216OFdY0p2ypPR\n" +"LptloLgMqvpmgkXD/SaB5RPx5oTzo5fdWjeYAx8N6YAe0DDJD5LsmNGhvVIiKOz2\n" +"wYI17DQRK6aymvBuxioQzeAd5vI8RBH/B/3XhhVwnXn40MdDQxA3E\n" +"2yfEk327Kqy4TqtscwIDAQAB"publicKeyBinary := make([]byte, base64.StdEncoding.DecodedLen(len(publicKeyStr)))publicKeyLen, _ := base64.StdEncoding.Decode(publicKeyBinary, []byte(publicKeyStr))publicKeyBinary = publicKeyBinary[:publicKeyLen]pubInterface, _ := x509.ParsePKIXPublicKey(publicKeyBinary)publicKey = pubInterface.(*rsa.PublicKey)// 初始化 private Keyvar privateKeyStr = "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMu4IDG1XU6a7bXo\n" +"4V1jSnbKk9Eum2WguAyq+maCRcP9JoHlE/HmhPOjl91aN5gDHw3pgB7QMMkPkuyY\n" +"0aG9UiIo7PbBgjXsNBErprKa8G7GKhDN4B3m8jxEi1NLtCk2H8AEf8H/deGFXCde\n" +"fjQx0NDEDcTbJ8STfbsqrLhOq2YEAg1kZMNOd8IOFxqb7P2o4ZbUh\n" +"b1rciL8CS/CleBiAgOgkvtWDcZFOoYQV83sqoxFIIYEuwS88dTZcZb32U5EsdYEx\n" +"JvJwAAYnzpch/YAz0llvXSHzZwNfGGvs4qt0d74bFpPfveli82wSKMlykeajP2Ro\n" +"RQpOniTYOWrJ01UHdUECQQDt1KTj/Xs5BNmEZAkJVmGekQROADk+ztceAe9UMj/J\n" +"s5xECdXVwuFh2Rm62MMQNNoW2Pjz4Y5NqhjRu0MMZnlTAkEA20hZsgA78aqTO7s+\n" +"+y/CLgP3Cd7uG/5RkcmjBWq2eXkt6wmazZl0BMYb7vshblnMjFXJwuOmfBJl7rTr\n" +"1fg8YQJAEo4Jg0QObgdj1QFc9x6HJTDZLiC0VqMag1vRSTdWZK0fnutJhJDctp6S\n" +"dFJe/Y+yCCBLY/OP/50qrIo4k+oWwwJAIn8hTTVoOL6C5xSv9cgvnhmVlYHyp4i8\n" +"wFieQs3k4vtDVARwzANmExIvdssfGUMbQMCGOxihKkeirYjcyQ6CQQJAbsbpzCjD\n" +"wd9JCogmTu/xYqtL898ek7LeNkhgIY2KhYtlptxlHfzgLBUgiSTNTcD1YWtSSp6u\n" +"A5ImxrryDYPmfg=="privateKeyBinary := make([]byte, base64.StdEncoding.DecodedLen(len(privateKeyStr)))privateKeyLen, _ := base64.StdEncoding.Decode(privateKeyBinary, []byte(privateKeyStr))privateKeyBinary = privateKeyBinary[:privateKeyLen]privateInterface, _ := x509.ParsePKCS8PrivateKey(privateKeyBinary)privateKey = privateInterface.(*rsa.PrivateKey)
}// createToken 生成一個RS256驗證的Token
// Token里面包括的值，可以自己根據情況添加，
func createToken(privateKey *rsa.PrivateKey) (tokenStr string, err error) {expireTime := time.Now().Add(7 * 24 * time.Hour)var audi = jwt.ClaimStrings{"zwmgc",}var expir = jwt.NewNumericDate(expireTime)claim := jwt.RegisteredClaims{Audience:  audi,ExpiresAt: expir, //過期時間//IssuedAt:  time.Now().Unix(),Issuer:  "simba-sdk",                              // 簽名頒發者Subject: "23258bd202e451a988234c2145d754a", //簽名主題}// jwt.SigningMethodHS256token := jwt.NewWithClaims(jwt.SigningMethodRS256, claim)tokenStr, _ = token.SignedString(privateKey)return
}// getSubFromToken 獲取Token的主題（也可以更改獲取其他值）
// 參數tokenStr指的是 從客戶端傳來的待驗證Token
// 驗證Token過程中，如果Token生成過程中，指定了iat與exp參數值，將會自動根據時間戳進行時間驗證
func getSubFromToken(tokenStr string) (sub string, err error) {// 基于公鑰驗證Token合法性token, err := jwt.Parse(tokenStr, func(token *jwt.Token) (interface{}, error) {// 基于JWT的第一部分中的alg字段值進行一次驗證if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {return nil, errors.New("驗證Token的加密類型錯誤")}return publicKey, nil})if err != nil {return}if claims, ok := token.Claims.(jwt.MapClaims); ok && token.Valid {return claims["sub"].(string), nil}return "", errors.New("token無效或者無對應值")
}

總結

以上是生活随笔為你收集整理的golang通过RSA算法生成token，go从配置文件中注入密钥文件，go从文件中读取密钥文件，go RSA算法下token生成与解析；go java token共用的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。