数字签名
数字签名算法用于验证数据完整性、认证数据来源及抗否认服务。数字签名算法包含签名和验证两项操作,用私钥进行签名,用公钥进行验证。实际运用时,通常先使用消息摘要算法对原始消息做摘要处理,然后使用私钥对摘要值做签名处理,在验证签名时,则使用公钥验证码消息的摘要值。数字签名可以基于RSA、DSA或ECDSA实现。
public class RSA {
private static String src = "tingkl security rsa";
private static String publicKeyBase64;
private static String privateKeyBase64;
static {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(512);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
publicKeyBase64 = Base64.encodeBase64String(rsaPublicKey.getEncoded());
privateKeyBase64 = Base64.encodeBase64String(rsaPrivateKey.getEncoded());
System.out.println("Public Key:" + Base64.encodeBase64String(rsaPublicKey.getEncoded()));
System.out.println("Private Key:" + Base64.encodeBase64String(rsaPrivateKey.getEncoded()));
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
private static String decrypt(byte[] encryptBytesReceived, Key key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, key);
byte[] result = cipher.doFinal(encryptBytesReceived);
return new String(result);
}
private static byte[] encrypt(String src, Key key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] result = cipher.doFinal(src.getBytes());
return result;
}
private static PrivateKey getPrivateKey(byte[] bytes) throws NoSuchAlgorithmException, InvalidKeySpecException {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(bytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
return privateKey;
}
private static PublicKey getPublicKey(byte[] bytes) throws NoSuchAlgorithmException, InvalidKeySpecException {
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(bytes);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
return publicKey;
}
private byte[] sign(String src, PrivateKey privateKey) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(privateKey);
signature.update(src.getBytes());
return signature.sign();
}
private boolean verify(byte[] encryptBytesReceived, PublicKey publicKey, String src) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
Signature signature = Signature.getInstance("MD5withRSA");
signature.initVerify(publicKey);
signature.update(src.getBytes());
boolean bool = signature.verify(encryptBytesReceived);
return bool;
}
@Test
public void signature() throws SignatureException {
/*
数字签名算法包含签名和验证两项操作,用私钥进行签名,用公钥进行验证。
实际运用时,通常先使用消息摘要算法对原始消息做摘要处理,
然后使用私钥对摘要值做签名处理,在验证签名时,则使用公钥验证码消息的摘要值。
*/
try {
//1.签名(MD5 + 私钥加密)
PrivateKey privateKey = getPrivateKey(Base64.decodeBase64(privateKeyBase64));
byte[] encryptBytesToSend = sign(src, privateKey);
String encryptBytesBase64 = Base64.encodeBase64String(encryptBytesToSend);
System.out.println("签名 + base64编码:" + encryptBytesBase64);
// 网络传输
//2.验证(公钥解密 + 对比MD5)
PublicKey publicKey = getPublicKey(Base64.decodeBase64(publicKeyBase64));
byte[] encryptBytesReceived = Base64.decodeBase64(encryptBytesBase64);
boolean bool = verify(encryptBytesReceived, publicKey, src);
System.out.println("base64解码 + 验证:" + bool);
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (InvalidKeySpecException e) {
e.printStackTrace();
} catch (InvalidKeyException e) {
e.printStackTrace();
}
}
}
网友评论