常用的Java加密技術和核心代碼系列:
Base64以及關於Base64遇到的坑 https://blog.csdn.net/haponchang/article/details/106094115
消息摘要算法 https://blog.csdn.net/haponchang/article/details/106096542
對稱加密(DES、3DES、AES、PBE) https://blog.csdn.net/haponchang/article/details/106096766
非對稱加密(RSA、DH) https://blog.csdn.net/haponchang/article/details/106097998
數字簽名證書 https://blog.csdn.net/haponchang/article/details/106098779
非對稱加密已經灰常安全了,但是還有一個破綻:
服務器A公佈了自己的公鑰,我的電腦是用服務器A的公鑰加密數據後再發給服務器A的;這時候服務器B侵入了我的電腦,把我用來加密的公鑰換成了它的公鑰,於是我發出去的數據就會被服務器B的私鑰破解了。
如何防止公鑰被篡改呢?
可以使用消息摘要,服務器A把公鑰丟給我的時候,同時去CA申請一份數字證書,其實主要就是公鑰的消息摘要,有了這份證書,當我再用公鑰加密的時候,我就可以先驗證一下當前的公鑰是否確定是服務器A發送給我的。
例子:RSASign:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
public class RSASign {
public static boolean verifySign(String src) {
try {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance ("RSA");
keyPairGenerator.initialize (512);
KeyPair keyPair = keyPairGenerator.generateKeyPair ( );
PublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic ( );
PrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate ( );
PKCS8EncodedKeySpec pkcs8EncodedKeySpec
= new PKCS8EncodedKeySpec (rsaPrivateKey.getEncoded ( ));
KeyFactory keyFactory = KeyFactory.getInstance ("RSA");
PrivateKey privateKey = keyFactory.generatePrivate (pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance ("MD5withRSA");
signature.initSign (privateKey);
signature.update (src.getBytes ( ));
//生成簽名bytes
byte[] signBytes = signature.sign ( );
X509EncodedKeySpec x509EncodedKeySpec =
new X509EncodedKeySpec (rsaPublicKey.getEncoded ( ));
keyFactory = KeyFactory.getInstance ("RSA");
PublicKey publicKey = keyFactory.generatePublic (x509EncodedKeySpec);
signature = Signature.getInstance ("MD5withRSA");
signature.initVerify (publicKey);
signature.update (src.getBytes ( ));
boolean isVerified = signature.verify (signBytes);
return isVerified;
} catch (Exception e) {
e.printStackTrace ( );
}
return false;
}
}