项目中用户登陆密码需要前端RSA加密，后端RSA解密。项目验收前的安全审查说有高危漏洞，RSA使用的模式不够安全啥的。

之前使用的RSA模式RSA/ECB/PKCS1Padding，RSA/ECB/OAEPWithMD5AndMGF1Padding都报高危，只能使用RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

网上现成的例子好像没有，连在线加密解密rsa的网站都没用这个模式。外网找到个有这个模式的在线加密解密网站Online RSA Encryption, Decryption And Key Generator Tool

其中The generated private key is generated in PKCS#8 format and the generated public key is generated in X.509 format.这句话还解答了我疑惑。因为从String类型的私钥公钥，转换成对象类型的，用到了PKCS8EncodedKeySpec和X509EncodedKeySpec。单独的一个加密/解密接口，入参是String，后续要转成对象。

前端加密/解密参考​​​​​​GitHub - digitalbazaar/forge: A native implementation of TLS in Javascript and tools to write crypto-based and network-heavy webapps

贴一个解密的简单java接口代码，sourceBase64RSA加密后的密码，privateKeyBase64Str私钥

public static String decode(String sourceBase64RSA,String privateKeyBase64Str) throws Exception{

Cipher oaepFromInit = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSource.PSpecified.DEFAULT);

byte[] privateBytes = Base64.decodeBase64(privateKeyBase64Str);
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(privateBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_RSA_TYPE);
PrivateKey privkey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);

oaepFromInit.init(Cipher.DECRYPT_MODE, privkey, oaepParams);

byte[] ct = Base64.decodeBase64(sourceBase64RSA);

byte[] pt = oaepFromInit.doFinal(ct);
System.out.println(new String(pt, StandardCharsets.UTF_8));

return new String(pt, StandardCharsets.UTF_8);

}