Nginx使用Lua脚本加解密RSA字符串
本文主要介绍使用Lua脚本对采用RSA加密后的字符串进行解密的过程。
使用第三方类库lua-resty-rsa
,参考地址:https://github.com/spacewander/lua-resty-rsa
下载并安装第三方依赖库
# Redis集群连接库依赖RSA加解密第三方依赖库[lua-resty-rsa],因此需要提前安装此第三方依赖库
# 对应第三方类库下载地址如下:
https://github.com/spacewander/lua-resty-rsa
# 进入系统第三方包目录
cd /usr/local/lib
# 将解压后的文件上传至该目录
# 目录名称:lua-resty-rsa-master
# 包文件路径
cd /usr/local/lib/lua-resty-rsa-master/lib/resty
在nginx配置文件中添加依赖
# 进入目录
cd /root/data/program/nginx/conf/
# 修改配置文件
vim nginx.conf
# 修改内容如下,具体视需求而定
# 在http节点下添加下面配置,将包路径追加在lua_package_path参数内,需要追加的字符串为:
##################
/usr/local/lib/lua-resty-rsa-master/lib/?.lua;;
##################
# 由于之前添加了Redis相关的第三方依赖包,最终添加后如下所示(注意用分号进行分割):
lua_package_path "/usr/local/lib/lua-resty-redis-master/lib/?.lua;;;/usr/local/lib/lua-resty-lock/lib/?.lua;;;/usr/local/lib/resty-redis-cluster-master/lib/?.lua;;;/usr/local/lib/resty-redis-cluster-master/lib/resty/?.lua;;;/usr/local/lib/lua-resty-rsa-master/lib/?.lua;;";
##################
# 添加跳转的location信息
##################
location /testLuaDecrypt {
default_type 'text/html';
lua_code_cache off;
content_by_lua_file /root/data/program/nginx/conf/test.oa.conf/testLuaDecrypt.lua;
}
##################
# 验证配置文件
nginx -t
# 重新加载配置文件
nginx -s reload
编写解密脚本文件
# 进入脚本文件目录
cd /root/data/program/nginx/conf/test.oa.conf
# 修改脚本
vim testLuaDecrypt.lua
# 脚本内容如下所示:
local resty_rsa = require "resty.rsa"
local rsa_priv_key = [[-----BEGIN RSA PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAvOYPxu3MJAd0bHgnOS+VnLAlBm6fvcgivRVPwN1aEm9XXxnkJiH+FK9b+8d5XT2jfbVq/CQtyiq89bH9Ng//TwIDAQABAkBnrs+SHQwj6oOY1gqRdPDl5DkuYqIDhUqsBnqUHetGmi0L+N1V//q371YJF8gj2BkvoK4tyJPjmn6bx97YASmBAiEA42mWKLUGxkPC//TKStp42/P4HUAvv4QZ7gcOPH6EWx8CIQDUpQ3tm6eNnXDqEo/ceQgJ5UZUNQDqakliWC0V3IYF0QIhAIueS556Zcpb1+ClPX1vXDxOMMpkmewPAoxssITbeA8pAiBtSiOdcnmsNDX7Z+zegKocA+Wgk9lToarzy6Pob33GcQIhAIVrwYq2IX5+t6AJtkv3McU*********/UNcQSch
-----END RSA PRIVATE KEY-----]]
--明文:/2020/01/02/
local encrypted = "Z3SRkON2NEmvIjUg1Oqn7pfOvAh8vf5SqnmUTLviJX6Ku2N1blXPz1Zl325FL5uFzftlbKkS1VJJyQueDDw6hQ=="
local priv, err = resty_rsa:new({ private_key = rsa_priv_key })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local decrypted = priv:decrypt(ngx.decode_base64(encrypted))
ngx.say(decrypted)
请求测试
http://XXXXXX.net/testLuaDecrypt
其他加解密参考
local resty_rsa = require "resty.rsa"
--生成公钥和私钥
--[[
local rsa_public_key1, rsa_priv_key1, err = resty_rsa:generate_rsa_keys(512)
if not rsa_public_key1 then
ngx.say('generate rsa keys err: ', err)
end
ngx.say(rsa_public_key1)
ngx.say(rsa_priv_key1)
]]
--私钥
local rsa_priv_key = [[-----BEGIN RSA PRIVATE KEY-----
MIIBOwIBAAJBAKjMyC+BImsChQlNXeBMTjXDIQbzVFEzc0q2GUUGs5fL/VIO9Bwv
YDUQr/5ocKx3l86qN2/jHtRmGjLw5nkakdECAwEAAQJBAIZEBUOMAvV9Vpa0nGRK
Lbej00R1Dm9cbmtR9z2pe/bT87jyvprMQlS1y3gkB70McvVMneoYf1YQv9oIr98k
m7UCIQDyajM7ps1PaDpPHmRYWjGnJN9Yt3ElZu9nLcJNEzLhwwIhALJCd4aYdlZQ
YooT6XBzr54aP8XVX45tH9h7SpJ299DbAiEA006dgCbjGo/JHARrBdUBKShsA+JL
n4W9s5vgndzZYo8CIHyAedTS9YvRdxFzWM7Grfjh4nq9TZE/XEepzOrBFtKTAiAn
DzJu8xpGMYoYLIh***************==
-----END RSA PRIVATE KEY-----]]
--公钥
local rsa_public_key = [[-----BEGIN PUBLIC KEY-----
MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKjMyC+BImsChQlNXeBMTjXDIQbzVFEz
c0q2GUUGs5fL/VIO9BwvYDUQr/5ocKx3l86qN2/jHtRmGjLw5nkakdECAwEAAQ==
-----END PUBLIC KEY-----]]
--[[ 加密
local pub, err = resty_rsa:new({ public_key = rsa_public_key })
if not pub then
ngx.say("new rsa err: ", err)
return
end
local encrypted, err = pub:encrypt("测试字符串")
if not encrypted then
ngx.say("failed to encrypt: ", err)
return
end
ngx.say("encrypted length: ", ngx.encode_base64(encrypted))
]]
--解密
local encrypted = "Nx2IW62S4ZCjn46CjL00HQcckFTNWVqs2jxQRnw+M1AMihZbagBjyx2249Kqzz6wpMO8/PL2qogWsILzLr/wHQ=="
--解密
local priv, err = resty_rsa:new({ private_key = rsa_priv_key })
if not priv then
ngx.say("new rsa err: ", err)
return
end
local decrypted = priv:decrypt(ngx.decode_base64(encrypted))
ngx.say(decrypted)