package com.ethan.security;
import java.io.FileInputStream;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
/**
* 数字签名的基础是 公钥和私钥的非对称加密
* 发送者使用私钥加密消息摘要(签名),
* 接受者使用公钥解密消息摘要
* 来验证签名是否 是否个人的
* 验证个人身份
* @author ETHAN
*
*私钥和公钥的发布 需要认可
*这就需要证书,有权威机构的签名来保证密钥的真实性
*/
/**
* keyStore:
* 1.存储多个私钥和其附带的数字证书
* 2.存储信任的第三方数字证书
* 3.keyStore中的每一个私钥和信任度第三方数字证书用一个alias进行标识
*
* 应用:
* 产生私钥与导入第三方证书
* 导出证书 与 产生CSR Certificate Signing Request 文件
* 修改KeyStore 与 其中存储项的密码
* 打印keystore 与 其中的存储项信息
* 删除keystore中的存储项
* @author ETHAN
*
*/
/*
* keytool -genkeypair 默认名是 mykey
* keytool -genkeypair -alias forethan 起别名
* keytool -list
*
* 该别名 mykey--->forethan2 还有指定密码
* 这样不用交互了
* keytool -changealias -alias mykey -destalias forethan2 -storepass 123456
*
* 导出:
* keytool -exportcert -alias forethan -file c:/1.cer (-rfc)
*
* 把证书从keystore中删除
* keytool -delete -alias forethan -storepass 123456
* keytool -list -v
*
* 把证书导入keystore
* keytool -importcert -file c:/1.cer
*/
public class RSATest {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
}
private static void sign() throws Exception {
//其中一种非对称加密算法
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
KeyPair keyPair = generator.generateKeyPair();
//公钥 需要备案 比如公司签章
PublicKey publicKey = keyPair.getPublic();
//私钥
PrivateKey privateKey = keyPair.getPrivate();
//得到签名
//SHA1withRSA(20 byte)
//SHA256(32)withRSA
Signature signature = Signature.getInstance("MD5withRSA");//签名算法
signature.initSign(privateKey);//签名传递 私钥,验证用公钥
//填充内容
signature.update("i love you".getBytes());
byte[] sign = signature.sign();//摘要的加密,签名的结果
saveKey(publicKey,"sign_public.key");
saveData(sign,"mysign.dat");
}
//验证数字签名
private static void verity() throws Exception {
Signature signature = Signature.getInstance("MD5withRSA");
//拿到公钥
PublicKey publicKey = (PublicKey) readKey("sign_public.key");
//初始化签名对象
signature.initVerify(publicKey);
signature.update("i love you".getBytes());
byte[] sign = readData("mysign.dat");
//校验签名
boolean isYourSigned = signature.verify(sign);
System.out.println(isYourSigned);
}
private static byte[] readData(String string) {
// TODO Auto-generated method stub
return null;
}
private static PublicKey readKey(String string) {
// TODO Auto-generated method stub
return null;
}
private static void saveData(byte[] sign, String string) {
// TODO Auto-generated method stub
}
private static void saveKey(Key publicKey, String string) {
// TODO Auto-generated method stub
}
private static void loadCertificateFromStore() throws Exception {
KeyStore keyStore = KeyStore.getInstance("jks");//jks---->java keystore
FileInputStream fis = new FileInputStream("C:\\Users\\ETHAN\\.keystore");
keyStore.load(fis,"123456".toCharArray());//文件,密码
fis.close();
//获取对应名字的证书
Certificate cert = keyStore.getCertificate("mykey");
System.out.println(cert.toString());
}
//直接拿到证书文件
private static void loadCertificateFromFile() throws Exception {
CertificateFactory factory = CertificateFactory.getInstance("X.509");//证书的标准
FileInputStream fis = new FileInputStream("C:\\Users\\ETHAN\\1.cert");
Certificate cert = factory.generateCertificate(fis);
fis.close();
X509Certificate x509cert = (X509Certificate) cert;
System.out.println("公钥:"+x509cert.getPublicKey());
System.out.println("签名:"+x509cert.getSignature());
System.out.println("签名算法:"+x509cert.getSigAlgName());
System.out.println("类型:"+x509cert.getType());
System.out.println("证书所有者:"+x509cert.getSubjectDN());
System.out.println("证书发布者:"+x509cert.getIssuerDN());
System.out.println("证书起始有效日期:"+x509cert.getNotBefore());
System.out.println("证书终止有效日期:"+x509cert.getNotAfter());
}
}
java 之 数字签名和数字证书
最新推荐文章于 2024-06-24 10:08:01 发布