- package utils;
- import java.io.ByteArrayOutputStream;
- import java.security.Key;
- import java.security.KeyFactory;
- import java.security.KeyPair;
- import java.security.KeyPairGenerator;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.Signature;
- import java.security.interfaces.RSAPrivateKey;
- import java.security.interfaces.RSAPublicKey;
- import java.security.spec.PKCS8EncodedKeySpec;
- import java.security.spec.X509EncodedKeySpec;
- import java.util.HashMap;
- import java.util.Map;
- import javax.crypto.Cipher;
- /**
- * <p>
- * RSA公鑰/私鑰/簽名工具包
- * </p>
- * <p>
- * 羅納德·李維斯特(Ron [R]ivest)、阿迪·薩莫爾(Adi [S]hamir)和倫納德·阿德曼(Leonard [A]dleman)
- * </p>
- * <p>
- * 字符串格式的密鑰在未在特殊說明情況下都爲BASE64編碼格式<br/>
- * 由於非對稱加密速度極其緩慢,一般文件不使用它來加密而是使用對稱加密,<br/>
- * 非對稱加密算法可以用來對對稱加密的密鑰加密,這樣保證密鑰的安全也就保證了數據的安全
- * </p>
- *
- * @author IceWee
- * @date 2012-4-26
- * @version 1.0
- */
- public class RSAUtils {
- /**
- * 加密算法RSA
- */
- public static final String KEY_ALGORITHM = "RSA";
- /**
- * 簽名算法
- */
- public static final String SIGNATURE_ALGORITHM = "MD5withRSA";
- /**
- * 獲取公鑰的key
- */
- private static final String PUBLIC_KEY = "RSAPublicKey";
- /**
- * 獲取私鑰的key
- */
- private static final String PRIVATE_KEY = "RSAPrivateKey";
- /**
- * RSA最大加密明文大小
- */
- private static final int MAX_ENCRYPT_BLOCK = 117;
- /**
- * RSA最大解密密文大小
- */
- private static final int MAX_DECRYPT_BLOCK = 128;
- /**
- * <p>
- * 生成密鑰對(公鑰和私鑰)
- * </p>
- *
- * @return
- * @throws Exception
- */
- public static Map<String, Object> genKeyPair() throws Exception {
- KeyPairGenerator keyPairGen = KeyPairGenerator
- .getInstance(KEY_ALGORITHM);
- keyPairGen.initialize(1024);
- KeyPair keyPair = keyPairGen.generateKeyPair();
- RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
- RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
- Map<String, Object> keyMap = new HashMap<String, Object>(2);
- keyMap.put(PUBLIC_KEY, publicKey);
- keyMap.put(PRIVATE_KEY, privateKey);
- return keyMap;
- }
- /**
- * <p>
- * 用私鑰對信息生成數字簽名
- * </p>
- *
- * @param data
- * 已加密數據
- * @param privateKey
- * 私鑰(BASE64編碼)
- *
- * @return
- * @throws Exception
- */
- public static String sign(byte[] data, String privateKey) throws Exception {
- byte[] keyBytes = Base64Utils.decode(privateKey);
- PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
- KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
- PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
- Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
- signature.initSign(privateK);
- signature.update(data);
- return Base64Utils.encode(signature.sign());
- }
- /**
- * <p>
- * 校驗數字簽名
- * </p>
- *
- * @param data
- * 已加密數據
- * @param publicKey
- * 公鑰(BASE64編碼)
- * @param sign
- * 數字簽名
- *
- * @return
- * @throws Exception
- *
- */
- public static boolean verify(byte[] data, String publicKey, String sign)
- throws Exception {
- byte[] keyBytes = Base64Utils.decode(publicKey);
- X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
- KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
- PublicKey publicK = keyFactory.generatePublic(keySpec);
- Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
- signature.initVerify(publicK);
- signature.update(data);
- return signature.verify(Base64Utils.decode(sign));
- }
- /**
- * <P>
- * 私鑰解密
- * </p>
- *
- * @param encryptedData
- * 已加密數據
- * @param privateKey
- * 私鑰(BASE64編碼)
- * @return
- * @throws Exception
- */
- public static byte[] decryptByPrivateKey(byte[] encryptedData,
- String privateKey) throws Exception {
- byte[] keyBytes = Base64Utils.decode(privateKey);
- PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
- KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
- Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
- Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
- cipher.init(Cipher.DECRYPT_MODE, privateK);
- int inputLen = encryptedData.length;
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- int offSet = 0;
- byte[] cache;
- int i = 0;
- // 對數據分段解密
- while (inputLen - offSet > 0) {
- if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
- cache = cipher
- .doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
- } else {
- cache = cipher
- .doFinal(encryptedData, offSet, inputLen - offSet);
- }
- out.write(cache, 0, cache.length);
- i++;
- offSet = i * MAX_DECRYPT_BLOCK;
- }
- byte[] decryptedData = out.toByteArray();
- out.close();
- return decryptedData;
- }
- /**
- * <p>
- * 公鑰解密
- * </p>
- *
- * @param encryptedData
- * 已加密數據
- * @param publicKey
- * 公鑰(BASE64編碼)
- * @return
- * @throws Exception
- */
- public static byte[] decryptByPublicKey(byte[] encryptedData,
- String publicKey) throws Exception {
- byte[] keyBytes = Base64Utils.decode(publicKey);
- X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
- KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
- Key publicK = keyFactory.generatePublic(x509KeySpec);
- Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
- cipher.init(Cipher.DECRYPT_MODE, publicK);
- int inputLen = encryptedData.length;
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- int offSet = 0;
- byte[] cache;
- int i = 0;
- // 對數據分段解密
- while (inputLen - offSet > 0) {
- if (inputLen - offSet > MAX_DECRYPT_BLOCK) {
- cache = cipher
- .doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK);
- } else {
- cache = cipher
- .doFinal(encryptedData, offSet, inputLen - offSet);
- }
- out.write(cache, 0, cache.length);
- i++;
- offSet = i * MAX_DECRYPT_BLOCK;
- }
- byte[] decryptedData = out.toByteArray();
- out.close();
- return decryptedData;
- }
- /**
- * <p>
- * 公鑰加密
- * </p>
- *
- * @param data
- * 源數據
- * @param publicKey
- * 公鑰(BASE64編碼)
- * @return
- * @throws Exception
- */
- public static byte[] encryptByPublicKey(byte[] data, String publicKey)
- throws Exception {
- byte[] keyBytes = Base64Utils.decode(publicKey);
- X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
- KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
- Key publicK = keyFactory.generatePublic(x509KeySpec);
- // 對數據加密
- Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
- cipher.init(Cipher.ENCRYPT_MODE, publicK);
- int inputLen = data.length;
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- int offSet = 0;
- byte[] cache;
- int i = 0;
- // 對數據分段加密
- while (inputLen - offSet > 0) {
- if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
- cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
- } else {
- cache = cipher.doFinal(data, offSet, inputLen - offSet);
- }
- out.write(cache, 0, cache.length);
- i++;
- offSet = i * MAX_ENCRYPT_BLOCK;
- }
- byte[] encryptedData = out.toByteArray();
- out.close();
- return encryptedData;
- }
- /**
- * <p>
- * 私鑰加密
- * </p>
- *
- * @param data
- * 源數據
- * @param privateKey
- * 私鑰(BASE64編碼)
- * @return
- * @throws Exception
- */
- public static byte[] encryptByPrivateKey(byte[] data, String privateKey)
- throws Exception {
- byte[] keyBytes = Base64Utils.decode(privateKey);
- PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
- KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
- Key privateK = keyFactory.generatePrivate(pkcs8KeySpec);
- Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
- cipher.init(Cipher.ENCRYPT_MODE, privateK);
- int inputLen = data.length;
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- int offSet = 0;
- byte[] cache;
- int i = 0;
- // 對數據分段加密
- while (inputLen - offSet > 0) {
- if (inputLen - offSet > MAX_ENCRYPT_BLOCK) {
- cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK);
- } else {
- cache = cipher.doFinal(data, offSet, inputLen - offSet);
- }
- out.write(cache, 0, cache.length);
- i++;
- offSet = i * MAX_ENCRYPT_BLOCK;
- }
- byte[] encryptedData = out.toByteArray();
- out.close();
- return encryptedData;
- }
- /**
- * <p>
- * 獲取私鑰
- * </p>
- *
- * @param keyMap
- * 密鑰對
- * @return
- * @throws Exception
- */
- public static String getPrivateKey(Map<String, Object> keyMap)
- throws Exception {
- Key key = (Key) keyMap.get(PRIVATE_KEY);
- return Base64Utils.encode(key.getEncoded());
- }
- /**
- * <p>
- * 獲取公鑰
- * </p>
- *
- * @param keyMap
- * 密鑰對
- * @return
- * @throws Exception
- */
- public static String getPublicKey(Map<String, Object> keyMap)
- throws Exception {
- Key key = (Key) keyMap.get(PUBLIC_KEY);
- return Base64Utils.encode(key.getEncoded());
- }
- }
Base64Utils文件
- package utils;
- import java.io.ByteArrayInputStream;
- import java.io.ByteArrayOutputStream;
- import java.io.File;
- import java.io.FileInputStream;
- import java.io.FileOutputStream;
- import java.io.InputStream;
- import java.io.OutputStream;
- import com.sun.org.apache.xml.internal.security.utils.Base64;
- /**
- * <p>
- * BASE64編碼解碼工具包
- * </p>
- * <p>
- * 依賴javabase64-1.3.1.jar
- * </p>
- *
- * @author IceWee
- * @date 2012-5-19
- * @version 1.0
- */
- public class Base64Utils {
- /**
- * 文件讀取緩衝區大小
- */
- private static final int CACHE_SIZE = 1024;
- /**
- * <p>
- * BASE64字符串解碼爲二進制數據
- * </p>
- *
- * @param base64
- * @return
- * @throws Exception
- */
- public static byte[] decode(String base64) throws Exception {
- return Base64.decode(base64.getBytes());
- }
- /**
- * <p>
- * 二進制數據編碼爲BASE64字符串
- * </p>
- *
- * @param bytes
- * @return
- * @throws Exception
- */
- public static String encode(byte[] bytes) throws Exception {
- return new String(Base64.encode(bytes));
- }
- /**
- * <p>
- * 將文件編碼爲BASE64字符串
- * </p>
- * <p>
- * 大文件慎用,可能會導致內存溢出
- * </p>
- *
- * @param filePath 文件絕對路徑
- * @return
- * @throws Exception
- */
- public static String encodeFile(String filePath) throws Exception {
- byte[] bytes = fileToByte(filePath);
- return encode(bytes);
- }
- /**
- * <p>
- * BASE64字符串轉回文件
- * </p>
- *
- * @param filePath 文件絕對路徑
- * @param base64 編碼字符串
- * @throws Exception
- */
- public static void decodeToFile(String filePath, String base64) throws Exception {
- byte[] bytes = decode(base64);
- byteArrayToFile(bytes, filePath);
- }
- /**
- * <p>
- * 文件轉換爲二進制數組
- * </p>
- *
- * @param filePath 文件路徑
- * @return
- * @throws Exception
- */
- public static byte[] fileToByte(String filePath) throws Exception {
- byte[] data = new byte[0];
- File file = new File(filePath);
- if (file.exists()) {
- FileInputStream in = new FileInputStream(file);
- ByteArrayOutputStream out = new ByteArrayOutputStream(2048);
- byte[] cache = new byte[CACHE_SIZE];
- int nRead = 0;
- while ((nRead = in.read(cache)) != -1) {
- out.write(cache, 0, nRead);
- out.flush();
- }
- out.close();
- in.close();
- data = out.toByteArray();
- }
- return data;
- }
- /**
- * <p>
- * 二進制數據寫文件
- * </p>
- *
- * @param bytes 二進制數據
- * @param filePath 文件生成目錄
- */
- public static void byteArrayToFile(byte[] bytes, String filePath) throws Exception {
- InputStream in = new ByteArrayInputStream(bytes);
- File destFile = new File(filePath);
- if (!destFile.getParentFile().exists()) {
- destFile.getParentFile().mkdirs();
- }
- destFile.createNewFile();
- OutputStream out = new FileOutputStream(destFile);
- byte[] cache = new byte[CACHE_SIZE];
- int nRead = 0;
- while ((nRead = in.read(cache)) != -1) {
- out.write(cache, 0, nRead);
- out.flush();
- }
- out.close();
- in.close();
- }
- }
測試用例:
- package util;
- import java.util.Map;
- import RSAUtils;
- public class RSATester {
- static String publicKey;
- static String privateKey;
- static {
- try {
- Map<String, Object> keyMap = RSAUtils.genKeyPair();
- publicKey = RSAUtils.getPublicKey(keyMap);
- privateKey = RSAUtils.getPrivateKey(keyMap);
- System.err.println("公鑰: \n\r" + publicKey);
- System.err.println("私鑰: \n\r" + privateKey);
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- public static void main(String[] args) throws Exception {
- test();
- testSign();
- }
- static void test() throws Exception {
- System.err.println("公鑰加密——私鑰解密");
- String source = "這是一行沒有任何意義的文字,你看完了等於沒看,不是嗎?";
- System.out.println("\r加密前文字:\r\n" + source);
- byte[] data = source.getBytes();
- byte[] encodedData = RSAUtils.encryptByPublicKey(data, publicKey);
- System.out.println("加密後文字:\r\n" + new String(encodedData));
- byte[] decodedData = RSAUtils.decryptByPrivateKey(encodedData, privateKey);
- String target = new String(decodedData);
- System.out.println("解密後文字: \r\n" + target);
- }
- static void testSign() throws Exception {
- System.err.println("私鑰加密——公鑰解密");
- String source = "這是一行測試RSA數字簽名的無意義文字";
- System.out.println("原文字:\r\n" + source);
- byte[] data = source.getBytes();
- byte[] encodedData = RSAUtils.encryptByPrivateKey(data, privateKey);
- System.out.println("加密後:\r\n" + new String(encodedData));
- byte[] decodedData = RSAUtils.decryptByPublicKey(encodedData, publicKey);
- String target = new String(decodedData);
- System.out.println("解密後: \r\n" + target);
- System.err.println("私鑰簽名——公鑰驗證簽名");
- String sign = RSAUtils.sign(encodedData, privateKey);
- System.err.println("簽名:\r" + sign);
- boolean status = RSAUtils.verify(encodedData, publicKey, sign);
- System.err.println("驗證結果:\r" + status);
- }
- }
生成RSA密鑰、保存到文件、從文件讀取、加密、解密等操作
- import java.security.Key;
- import java.security.KeyFactory;
- import java.security.KeyPair;
- import java.security.KeyPairGenerator;
- import java.security.NoSuchAlgorithmException;
- import java.security.PrivateKey;
- import java.security.PublicKey;
- import java.security.SecureRandom;
- import java.security.interfaces.RSAPrivateKey;
- import java.security.interfaces.RSAPublicKey;
- import java.security.spec.InvalidKeySpecException;
- import java.security.spec.PKCS8EncodedKeySpec;
- import java.security.spec.X509EncodedKeySpec;
- import javax.crypto.Cipher;
- import org.apache.commons.configuration.ConfigurationException;
- import org.apache.commons.configuration.PropertiesConfiguration;
- import org.bouncycastle.jce.provider.BouncyCastleProvider;
- public class RSATest {
- public static void main(String[] args) {
- try {
- RSATest encrypt = new RSATest();
- String encryptText = "encryptText";
- // Generate keys
- KeyPair keyPair = encrypt.generateKey();
- RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
- RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
- byte[] e = encrypt.encrypt(publicKey, encryptText.getBytes());
- byte[] de = encrypt.decrypt(privateKey, e);
- System.out.println(toHexString(e));
- System.out.println(toHexString(de));
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- public KeyPair generateKey() throws NoSuchAlgorithmException {
- KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
- keyPairGen.initialize(1024, new SecureRandom());
- KeyPair keyPair = keyPairGen.generateKeyPair();
- return keyPair;
- }
- public void saveKey(KeyPair keyPair, String publicKeyFile,
- String privateKeyFile) throws ConfigurationException {
- PublicKey pubkey = keyPair.getPublic();
- PrivateKey prikey = keyPair.getPrivate();
- // save public key
- PropertiesConfiguration publicConfig = new PropertiesConfiguration(
- publicKeyFile);
- publicConfig.setProperty("PULIICKEY", toHexString(pubkey.getEncoded()));
- publicConfig.save();
- // save private key
- PropertiesConfiguration privateConfig = new PropertiesConfiguration(
- privateKeyFile);
- privateConfig.setProperty("PRIVATEKEY",
- toHexString(prikey.getEncoded()));
- privateConfig.save();
- }
- /**
- * @param filename
- * @param type:
- * 1-public 0-private
- * @return
- * @throws ConfigurationException
- * @throws NoSuchAlgorithmException
- * @throws InvalidKeySpecException
- */
- public Key loadKey(String filename, int type)
- throws ConfigurationException, NoSuchAlgorithmException,
- InvalidKeySpecException {
- PropertiesConfiguration config = new PropertiesConfiguration(filename);
- KeyFactory keyFactory = KeyFactory.getInstance("RSA",
- new BouncyCastleProvider());
- if (type == 0) {
- // privateKey
- String privateKeyValue = config.getString("PULIICKEY");
- PKCS8EncodedKeySpec priPKCS8 = new PKCS8EncodedKeySpec(
- toBytes(privateKeyValue));
- PrivateKey privateKey = keyFactory.generatePrivate(priPKCS8);
- return privateKey;
- } else {
- // publicKey
- String privateKeyValue = config.getString("PRIVATEKEY");
- X509EncodedKeySpec bobPubKeySpec = new X509EncodedKeySpec(
- toBytes(privateKeyValue));
- PublicKey publicKey = keyFactory.generatePublic(bobPubKeySpec);
- return publicKey;
- }
- }
- /**
- * Encrypt String.
- *
- * @return byte[]
- */
- protected byte[] encrypt(RSAPublicKey publicKey, byte[] data) {
- if (publicKey != null) {
- try {
- Cipher cipher = Cipher.getInstance("RSA",
- new BouncyCastleProvider());
- cipher.init(Cipher.ENCRYPT_MODE, publicKey);
- return cipher.doFinal(data);
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- return null;
- }
- /**
- * Basic decrypt method
- *
- * @return byte[]
- */
- protected byte[] decrypt(RSAPrivateKey privateKey, byte[] raw) {
- if (privateKey != null) {
- try {
- Cipher cipher = Cipher.getInstance("RSA",
- new BouncyCastleProvider());
- cipher.init(Cipher.DECRYPT_MODE, privateKey);
- return cipher.doFinal(raw);
- } catch (Exception e) {
- e.printStackTrace();
- }
- }
- return null;
- }
- public static String toHexString(byte[] b) {
- StringBuilder sb = new StringBuilder(b.length * 2);
- for (int i = 0; i < b.length; i++) {
- sb.append(HEXCHAR[(b[i] & 0xf0) >>> 4]);
- sb.append(HEXCHAR[b[i] & 0x0f]);
- }
- return sb.toString();
- }
- public static final byte[] toBytes(String s) {
- byte[] bytes;
- bytes = new byte[s.length() / 2];
- for (int i = 0; i < bytes.length; i++) {
- bytes[i] = (byte) Integer.parseInt(s.substring(2 * i, 2 * i + 2),
- 16);
- }
- return bytes;
- }
- private static char[] HEXCHAR = { '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
- }
Java中RSA非對稱密鑰加解密使用示例
一、簡介:
RSA加密算法是最常用的非對稱加密算法,CFCA在證書服務中離不了它。RSA是第一個比較完善的公開密鑰算法,它既能用於加密,也能用於數字簽名。這個算法經受住了多年深入的密碼分析,雖然密碼分析者既不能證明也不能否定RSA的安全性,但這恰恰說明該算法有一定的可信性,目前它已經成爲最流行的公開密鑰算法。
二、RSA的公鑰、私鑰的組成,以及加密、解密的公式可見於下表
三、使用方式:
① 假設A、B機器進行通信,已A機器爲主;
② A首先需要用自己的私鑰爲發送請求數據簽名,並將公鑰一同發送給B;
③ B收到數據後,需要用A發送的公鑰進行驗證,已確保收到的數據是未經篡改的;
④ B驗籤通過後,處理邏輯,並把處理結果返回,返回數據需要用A發送的公鑰進行加密(公鑰加密後,只能用配對的私鑰解密);
⑤ A收到B返回的數據,使用私鑰解密,至此,一次數據交互完成。
四、代碼示例:
1、第一步獲取私鑰,爲簽名做準備。
- /**
- * 讀取私鑰 返回PrivateKey
- * @param path 包含私鑰的證書路徑
- * @param password 私鑰證書密碼
- * @return 返回私鑰PrivateKey
- * @throws KeyStoreException
- * @throws NoSuchAlgorithmException
- * @throws CertificateException
- * @throws IOException
- * @throws UnrecoverableKeyException
- */
- private static PrivateKey getPrivateKey(String path,String password)
- throws KeyStoreException, NoSuchAlgorithmException, CertificateException,
- IOException, UnrecoverableKeyException {
- KeyStore ks = KeyStore.getInstance("PKCS12");
- FileInputStream fis = new FileInputStream(path);
- char[] nPassword = null;
- if ((password == null) || password.trim().equals("")) {
- nPassword = null;
- } else {
- nPassword = password.toCharArray();
- }
- ks.load(fis, nPassword);
- fis.close();
- Enumeration<String> en = ks.aliases();
- String keyAlias = null;
- if (en.hasMoreElements()) {
- keyAlias = (String) en.nextElement();
- }
- return (PrivateKey) ks.getKey(keyAlias, nPassword);
- }
2、簽名示例:通過第一步得到的私鑰,進行簽名操作,具體請看以下代碼:
- /**
- * 私鑰簽名: 簽名方法如下:BASE64(RSA(MD5(src),privatekey)),其中src爲需要簽名的字符串,
- privatekey是商戶的CFCA證書私鑰。
- * @param plainText 待簽名字符串
- * @param path 簽名私鑰路徑
- * @param password 簽名私鑰密碼
- * @return 返回簽名後的字符串
- * @throws Exception
- */
- public static String sign(String plainText,String path,String password)
- throws Exception {
- /*
- * MD5加密
- */
- MessageDigest md5 = MessageDigest.getInstance("MD5");
- md5.update(plainText.getBytes("utf-8"));
- byte[] digestBytes = md5.digest();
- /*
- * 用私鑰進行簽名 RSA
- * Cipher負責完成加密或解密工作,基於RSA
- */
- Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
- //ENCRYPT_MODE表示爲加密模式
- cipher.init(Cipher.ENCRYPT_MODE, getPrivateKey(path, password));
- //加密
- byte[] rsaBytes = cipher.doFinal(digestBytes);
- //Base64編碼
- return Base64.byteArrayToBase64(rsaBytes);}
3、B收到數據後,需要使用A提供的公鑰信息進行驗籤,此處使用公鑰的N、E進行驗籤
首先通過公鑰N、E得到公鑰PublicKey,如下:
- /**
- * 根據公鑰n、e生成公鑰
- * @param modulus 公鑰n串
- * @param publicExponent 公鑰e串
- * @return 返回公鑰PublicKey
- * @throws Exception
- */
- public static PublicKey getPublickKey(String modulus, String publicExponent)
- throws Exception {
- KeySpec publicKeySpec = new RSAPublicKeySpec(
- new BigInteger(modulus, 16), new BigInteger(publicExponent, 16));
- KeyFactory factory = KeyFactory.getInstance("RSA");
- PublicKey publicKey = factory.generatePublic(publicKeySpec);
- return publicKey;
- }
得到公鑰PublicKey後,再去驗證簽名,代碼如下:
- /**
- * 用公鑰證書進行驗籤
- * @param message 簽名之前的原文
- * @param cipherText 簽名
- * @param pubKeyn 公鑰n串
- * @param pubKeye 公鑰e串
- * @return boolean 驗籤成功爲true,失敗爲false
- * @throws Exception
- */
- public static boolean verify(String message, String cipherText,String pubKeyn,
- String pubKeye) throws Exception {
- Cipher c4 = Cipher.getInstance("RSA/ECB/PKCS1Padding");
- // 根據密鑰,對Cipher對象進行初始化,DECRYPT_MODE表示解密模式
- c4.init(Cipher.DECRYPT_MODE, getPublickKey(pubKeyn,pubKeye));
- // 解密
- byte[] desDecTextBytes = c4.doFinal(Base64.base64ToByteArray(cipherText));
- // 得到前置對原文進行的MD5
- String md5Digest1 = Base64.byteArrayToBase64(desDecTextBytes);
- MessageDigest md5 = MessageDigest.getInstance("MD5");
- md5.update(message.getBytes("utf-8"));
- byte[] digestBytes = md5.digest();
- // 得到商戶對原文進行的MD5
- String md5Digest2 = Base64.byteArrayToBase64(digestBytes);
- // 驗證簽名
- if (md5Digest1.equals(md5Digest2)) {
- return true;
- } else {
- return false;
- }
- }
至此,簽名驗籤已經完畢
4、提供一個從.cer文件讀取公鑰的方法:
- /**
- * 讀取公鑰cer
- * @param path .cer文件的路徑 如:c:/abc.cer
- * @return base64後的公鑰串
- * @throws IOException
- * @throws CertificateException
- */
- public static String getPublicKey(String path) throws IOException,
- CertificateException{
- InputStream inStream = new FileInputStream(path);
- ByteArrayOutputStream out = new ByteArrayOutputStream();
- int ch;
- String res = "";
- while ((ch = inStream.read()) != -1) {
- out.write(ch);
- }
- byte[] result = out.toByteArray();
- res = Base64.byteArrayToBase64(result);
- return res;
- }