<p>感谢<a href="https://stackoverflow.com/a/50396222/6587564">Alastair McCormack's answer above</a>,以下是对我有用的(Python代码):</p>
<pre><code>from Crypto.PublicKey import RSA
from Crypto.Random import get_random_bytes
from Crypto.Cipher import AES, PKCS1_OAEP
from Crypto.Hash import SHA256, SHA1
from Crypto.Signature import pss
from base64 import b64encode
data = 'hello world'.encode("utf-8")
with open("joe.pub", "rb") as f:
encodedKey = f.read()
pubkey = RSA.importKey(encodedKey)
if pubkey.has_private():
raise Exception('need a public key for encryption')
session_key = get_random_bytes(16)
# Encrypt the session key with the public RSA key
cipher_rsa = PKCS1_OAEP.new(pubkey, hashAlgo=SHA256, mgfunc=lambda x,y: pss.MGF1(x,y, SHA1))
enc_session_key = cipher_rsa.encrypt(session_key)
# Encrypt the data with the AES session key
cipher_aes = AES.new(session_key, AES.MODE_GCM)
ciphertext, tag = cipher_aes.encrypt_and_digest(data)
ciphertext = ciphertext + tag
mesg = ''.join([x for x in (enc_session_key, cipher_aes.nonce, tag, ciphertext)])
print b64encode(mesg)
</code></pre>
<p>以及相关的Java代码:</p>
^{pr2}$