RSA加簽驗籤流程:
|
本地發送請求時(本地已對請求根據私鑰進行加簽) 接收方平臺根據公鑰進行驗籤 判斷是否合法
接收來自平臺的響應時(平臺已根據私鑰進行加簽) 需要根據本地公鑰對響應進行驗籤 判斷是否合法
|
生成公私鑰方法:
在Linuxx下輸入openssl 進入openssl 獲取公私鑰
生成私鑰: openssl>genrsa
-out rsa_private_key.pem 1024 默認輸出pkcs1
生成公鑰: openssl>rsa
-in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
私鑰需要做pkcs1轉pkcs8
---------------------------------------------------------------------
- PKCS8格式私鑰轉換爲PKCS1(傳統私鑰格式) -
- openssl pkcs8 -in pkcs8.pem -nocrypt -out pri_key.pem -
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
- PKCS1格式私鑰轉換爲PKCS8(傳統私鑰格式) -
- pkcs8 -topk8 -inform PEM -in rsa_key.pem -outform
PEM -nocrypt -
-----------------------------------------------------------------------------------------------------------
生成私鑰:
Last login: Fri Aug 4 09:30:12 2017 from 192.168.88.211
[koolapp@aop-70-104 ~]$ openssl
OpenSSL> genrsa -out rsa_oo_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus
...............................++++++
.......................++++++
e is 65537 (0x10001)
----------Java開發者需將私鑰轉換成PKCS8格式再做簽名使用,轉換方法如下:--------
OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_oo_private_key.pem -outform PEM -nocrypt
--pkcs1轉pkcs8
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALzHKDGu18RHHJUT
2+ufbzoq+8L41HYRzosZQ+EoCucMmosUaxX6DWB/uFPKOMsWbgrFk9qkB5sAXnR/
Xwy+zQ9p6WisBY8I0NqihnBcA0MqksJcBYMXuWrlsZait4I7v5rOC1hDpz6RVVWl
R2Ft2Mb/k5ckzWm1UDoBIbjF28pjAgMBAAECgYBewNwk6+yzQTpQfZJSV0ld+fs6
ZulFhjSUzw6qMg4e4M2lZ49EjakvOYxMymDtVwnO8FMBWHnUzD+c293aqN6Fs/cU
MK7rFDdR0GQcclezHfkL/j0xvj+y8DgYd2JiAqh/qeuwbTs4Z0o6dMlqazJ7l16R
s3MnYzU8ABdK6rv9wQJBAOn4brXDH2jcHR4/PWYH1/uNU0FWHwfT9jg9KLTU8k5H
m6c2K5l1eHhir9KmyZhncrPYCynC1iwZzK7ik3GZhwMCQQDOjWpvJEgE+7SLwe2D
+j1vEY8kU3NR3xyZAqVz1fWkd2kW4kr0TPPchVbJBGJpOOa0wwRtf04Lb/nONZDR
jiEhAkAaPlJ0stE4GtBtTxyc8C5KufxnrLhIUX8hqcKCHgybuS59X/cd/G4p2q/s
Cec84AWepJID+iW5xp8N0r5FFLpvAkEAmEB9V/dybtnqt6n3HfVzG0/iJ3Cr7Il9
VvwwYTYxn0211PxxK6sdhktzMTFeKRmcVVn7BYt1R9D+XhX17cHKgQJBANjpDrt1
T+qYZPgGbiEonb0bmjunnMY9Dn5GOh4YDHuv5ObnZZCkNTRJQUCJPjgsF/bkVhPg
dqL+gUqh3ZFVIg4=
-----END PRIVATE KEY-----生成公鑰:
OpenSSL> rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
writing RSA key
OpenSSL> quit openssl退出openssl 輸入ls檢查是否生成對應的公私鑰文件
[aofdapp@root-01 ~]$ ls
0219.zip backup key.pem notify notify.2 ops rsa_oo_private_key.pem rsa_public_key.pem
genrsa pub_key.pem rsa_private_key.pem token
[aofdapp@root-01 ~]$ vi rsa_public_key.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8xygxrtfERxyVE9vrn286KvvC
+NR2Ec6LGUPhKArnDJqLFGsV+g1gf7hTyjjLFm4KxZPapAebAF50f18Mvs0Paelo
rAWPCNDaooZwXANDKpLCXAWDF7lq5bGWoreCO7+azgtYQ6c+kVVVpUdhbdjG/5OX
JM1ptVA6ASG4xdvKYwIDAQAB
-----END PUBLIC KEY-----
公鑰、私鑰
publicstatic String privatestr = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANlx8rhWlKYH54BaTuL8jRuXtssu7zr04O6KvZDTzIycvArF3ohMUcgFIQ4a+JlvN5S1sokmxLTKPr4xrS6xRnaUvIW1qXh5SXvwpBEHPpCoHXqP5zNMftxA2MH4ktPfKBtWpoKLP2DsJ4EpGRr34wP3CrchYbjlYyGdY5lvMcbHAgMBAAECgYAvzDJ0fuOyE2658iABGU7TT+gohaqkpQuEpA7DdSszhYh4PcKK52vasfXwKdGXuLDZCY+zQkhfDU35dOYCq4k3Q84cjiLVe5sFlJNucBgqlEcxrLsUkTuXzNntOWjTpWjAnfUXB7GkvT7ekpnCwqWb8qlUGHzsGioTkTOy0cfIUQJBAPuQmI0EpORqP+v/Vd6SWlxq6Be20hsT5erVpz2Ke1KczbQwRi2ogBpYRMaAmT4kWfsl2hU/hbmESG/yymWS+BMCQQDdR1uCJXSJqu7Urlg4zCa4kBk0rwYYttLJj1jL6d5kKawf9iEgoAElVlRZWWXRnyD4Nesf8n5kTlgtawz+jnT9AkEAi1aP6KwF2S6wsTsAiQNvYXkljN0Ki0z+MJCezYuCu0N2/LMwa+HE8tKpZXmdZ7oizOUuYk6I9zS6GqfUS2aYWQJBAJMjzxK0y1B77IJaSGnEPv89OrWQqNIoR/QlsNsvcWVTXJSIOzERlJF6XW5ohs8kLG1AlU/SFP+oJPRWmfZvThUCQDbM7X6PF+DHa9x2YPEWYYiiThbTGTO1mOxBt2V6GuFqnGHFIa3OeZZpv7SW+aDzTGEmrtByqxRkSd3WpeJzu0I=";
public static String publicstr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjyiajomfYD80A7tN8vdeXllTiGrSdocq1nvgceicanNb8QaoNGdAPE6AMuSqnMWs40tj/XoXQmPxNrdUmclwwLJza5Aq5PNqDiFC5QLmIFtATN/n3ymqIYnw78ME8Dv5yjYJs1xk0EL6+1wlFFrylApBWKUGE2c2m2seBY+in5wIDAQAB";加簽:
public String signWhole(String keycode, String param) {
// 使用私鑰加簽
byte[] signature = null;
try {
//獲取privatekey
byte[] keyByte = Base64.decode(keycode);
KeyFactory keyfactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec encoderule = new PKCS8EncodedKeySpec(keyByte);
PrivateKey privatekey = keyfactory.generatePrivate(encoderule);
//用私鑰給入參加籤
Signature sign = Signature.getInstance("SHA1WithRSA");
sign.initSign(privatekey);
sign.update(param.getBytes());
signature = sign.sign();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//將加簽後的入參轉成16進制
String terminal = Hex.encodeHexStr(signature);
return terminal;
}驗籤:
public boolean verifyWhole(String param,String signature,String keycode){
try {
//獲取公鑰
KeyFactory keyFactory=KeyFactory.getInstance("RSA");
byte[] keyByte=Base64.decode(keycode);
X509EncodedKeySpec encodeRule=new X509EncodedKeySpec(keyByte);
PublicKey publicKey= keyFactory.generatePublic(encodeRule);
//用獲取到的公鑰對 入參中未加簽參數param 與 入參中的加簽之後的參數signature 進行驗籤
Signature sign=Signature.getInstance("SHA1WithRSA");
sign.initVerify(publicKey);
sign.update(param.getBytes());
//將16進制碼轉成字符數組
byte[] hexByte=Hex.hexStringToBytes(signature);
//驗證簽名
return sign.verify(hexByte);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return false;
}
