工作中用到了,記錄一下
通過pfx私鑰提取私鑰、公鑰
openssl pkcs12 -in huiyuandanweisishi.pfx -nocerts -nodes -out huiyuandanweisishi.key
openssl rsa -in huiyuandanweisishi.key -out huiyuandanweisishi_pri.key
openssl rsa -in huiyuandanweisishi.key -pubout -out huiyuandanweisishi_pub.key
openssl pkcs8 -topk8 -inform PEM -in huiyuandanweisishi_pri.key -outform PEM -nocrypt
通過cer公鑰提取公鑰
openssl x509 -inform der -in xiehuigongshi.cer -pubkey -noout > xiehuigongshi.pem
通過提取的私鑰、公鑰轉換成PrivateKey、PublicKey的工具類:
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.crypto.Cipher;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.spec.PKCS8EncodedKeySpec;
/**
* RSA加密工具類
*
*/
public class RsaUtils {
private static final String CHARSET = "UTF-8";
private static final String algorithm = "SHA256withRSA";
private static final String KEY_ALGORITHM = "RSA";
private static final Logger logger = LoggerFactory.getLogger(RsaUtils.class);
/**
* 網聯請求報文簽名
*
* @param privateKey--機構私鑰字符串
* @param content--簽名原文
* @return 簽名密文
* @throws Exception
*/
public static String sign(String privateKey, String content){
try{
Signature signature = Signature.getInstance(algorithm);
signature.initSign(convertPrivateKey(privateKey));
signature.update(content.getBytes(CHARSET));
return Base64.encodeBase64String(signature.sign());
} catch (Exception e) {
logger.error("簽名失敗:生成簽名明文--"+content,e);
return null;
}
}
/**
* 網聯返回報文驗籤
*
* @param publicKey--網聯公鑰字符串
* @param content--驗籤原文報文
* @param signStr--網聯返回簽名字符串
* @return 驗簽結果
* @throws Exception
*/
public static boolean vertify(String publicKey, String content, String signStr){
try {
Signature signature = Signature.getInstance(algorithm);
signature.initVerify(convertPublicKey(publicKey));
signature.update(content.getBytes(CHARSET));
return signature.verify(Base64.decodeBase64(signStr.getBytes(CHARSET)));
} catch (Exception e) {
logger.error("簽名驗籤失敗:驗簽報文--"+content+"|收到簽名--"+signStr,e);
return false;
}
}
/**
* 對稱密鑰公鑰加密
*
* @param publicKey--網聯公鑰字符串
* @param content--密鑰原文
* @return 加密密文
* @throws Exception
*/
public static String encryptByPublicKey(String publicKey, String content){
try {
Cipher cipher = cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, convertPublicKey(publicKey));
byte[] encoded = cipher.doFinal(content.getBytes(CHARSET));
return Base64.encodeBase64String(encoded);
} catch (Exception e) {
logger.error("對稱密鑰公鑰加密失敗",e);
return null;
}
}
/**
* 對稱密鑰密文解密(用於數字信封的加密)
* @param privateKey--機構私鑰字符串
* @param content--網聯對稱密鑰密文
* @return 對稱密鑰明文
* @throws Exception
*/
public static String decryptByPrivateKey(String privateKey, String content){
String result = null;
try {
Cipher cipher = cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, convertPrivateKey(privateKey));
byte[] encoded = cipher.doFinal(Base64.decodeBase64(content.getBytes(CHARSET)));
result = new String(encoded, CHARSET);
} catch (Exception e) {
logger.error("對稱密鑰密文解密",e);
}
return result;
}
/**
* 提取Base64 編碼的私鑰
* @param keyStr--Base64 編碼字符串
* @return
* @throws Exception
*/
public static PrivateKey convertPrivateKey(String keyStr) {
try {
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(keyStr.getBytes(CHARSET)));
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePrivate(keySpec);
} catch (Exception e) {
logger.error("提取私鑰失敗,失敗原因", e);
return null;
}
}
/**
* 提取Base64 編碼的公鑰
* @param keyStr--Base64 編碼字符串
* @return
*/
public static PublicKey convertPublicKey(String keyStr) {
try {
CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
Certificate certificate = certificateFactory
.generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(keyStr.getBytes(CHARSET))));
return certificate.getPublicKey();
} catch (Exception e) {
logger.error("提取公鑰失敗,失敗原因", e);
return null;
}
}
}