一、工具类
POM中增加hutool
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-core</artifactId>
<version>5.6.5</version>
</dependency>package cn.test.encrypt.utils.sm2;
/**
* SM2签名所计算的值 可以根据实际情况增加删除字段属性
*/
public class SM2SignVO {
//16进制的私钥
public String sm2_userd;
//椭圆曲线点X
public String x_coord;
//椭圆曲线点Y
public String y_coord;
//SM3摘要Z
public String sm3_z;
//明文数据16进制
public String sign_express;
//SM3摘要值
public String sm3_digest;
//R
public String sign_r;
//S
public String sign_s;
//R
public String verify_r;
//S
public String verify_s;
//签名值
public String sm2_sign;
//sign 签名 verfiy验签
public String sm2_type;
//是否验签成功 true false
public boolean isVerify;
public String getX_coord() {
return x_coord;
}
public void setX_coord(String x_coord) {
this.x_coord = x_coord;
}
public String getY_coord() {
return y_coord;
}
public void setY_coord(String y_coord) {
this.y_coord = y_coord;
}
public String getSm3_z() {
return sm3_z;
}
public void setSm3_z(String sm3_z) {
this.sm3_z = sm3_z;
}
public String getSm3_digest() {
return sm3_digest;
}
public void setSm3_digest(String sm3_digest) {
this.sm3_digest = sm3_digest;
}
public String getSm2_signForSoft() {
return sm2_sign;
}
public String getSm2_signForHard() {
//System.out.println("R:"+getSign_r());
//System.out.println("s:"+getSign_s());
return getSign_r()+getSign_s();
}
public void setSm2_sign(String sm2_sign) {
this.sm2_sign = sm2_sign;
}
public String getSign_express() {
return sign_express;
}
public void setSign_express(String sign_express) {
this.sign_express = sign_express;
}
public String getSm2_userd() {
return sm2_userd;
}
public void setSm2_userd(String sm2_userd) {
this.sm2_userd = sm2_userd;
}
public String getSm2_type() {
return sm2_type;
}
public void setSm2_type(String sm2_type) {
this.sm2_type = sm2_type;
}
public boolean isVerify() {
return isVerify;
}
public void setVerify(boolean isVerify) {
this.isVerify = isVerify;
}
public String getSign_r() {
return sign_r;
}
public void setSign_r(String sign_r) {
this.sign_r = sign_r;
}
public String getSign_s() {
return sign_s;
}
public void setSign_s(String sign_s) {
this.sign_s = sign_s;
}
public String getVerify_r() {
return verify_r;
}
public void setVerify_r(String verify_r) {
this.verify_r = verify_r;
}
public String getVerify_s() {
return verify_s;
}
public void setVerify_s(String verify_s) {
this.verify_s = verify_s;
}
}
package cn.test.encrypt.utils.sm2;
import org.bouncycastle.math.ec.ECPoint;
import java.math.BigInteger;
/**
* SM2
*/
public class SM2Result {
public SM2Result() {
}
// 签名r
public BigInteger r;
public BigInteger s;
//验签R
public BigInteger R;
// 密钥交换
public byte[] sa;
public byte[] sb;
public byte[] s1;
public byte[] s2;
public ECPoint keyra;
public ECPoint keyrb;
}
package cn.test.encrypt.utils.sm2;
import cn.test.encrypt.utils.Util;
import org.bouncycastle.asn1.*;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.math.ec.ECPoint;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.util.Enumeration;
/**
* 国密算法的签名、验签
*/
public class SM2SignVerUtils {
/**
* 默认USERID
*/
public static String USER_ID = "1234567812345678";
/**
* 私钥签名
* 使用SM3进行对明文数据计算一个摘要值
* @param privatekey 私钥
* @param sourceData 明文数据
* @return 签名后的值
* @throws Exception
*/
public static SM2SignVO Sign2SM2(byte[] privatekey,byte[] sourceData) throws Exception{
SM2SignVO sm2SignVO = new SM2SignVO();
sm2SignVO.setSm2_type("sign");
SM2Factory factory = SM2Factory.getInstance();
BigInteger userD = new BigInteger(privatekey);
//System.out.println("userD:"+userD.toString(16));
sm2SignVO.setSm2_userd(userD.toString(16));
ECPoint userKey = factory.ecc_point_g.multiply(userD);
//System.out.println("椭圆曲线点X: "+ userKey.getXCoord().toBigInteger().toString(16));
//System.out.println("椭圆曲线点Y: "+ userKey.getYCoord().toBigInteger().toString(16));
SM3Digest sm3Digest = new SM3Digest();
byte [] z = factory.sm2GetZ(USER_ID.getBytes(), userKey);
//System.out.println("加签SM3摘要Z: " + Util.getHexString(z));
//System.out.println("被加密数据的16进制: " + Util.getHexString(sourceData));
sm2SignVO.setSm3_z(Util.getHexString(z));
sm2SignVO.setSign_express(Util.getHexString(sourceData));
sm3Digest.update(z, 0, z.length);
sm3Digest.update(sourceData,0,sourceData.length);
byte [] md = new byte[32];
sm3Digest.doFinal(md, 0);
//System.out.println("SM3摘要值: " + Util.getHexString(md));
sm2SignVO.setSm3_digest(Util.getHexString(md));
SM2Result sm2Result = new SM2Result();
factory.sm2Sign(md, userD, userKey, sm2Result);
//System.out.println("r: " + sm2Result.r.toString(16));
//System.out.println("s: " + sm2Result.s.toString(16));
sm2SignVO.setSign_r(sm2Result.r.toString(16));
sm2SignVO.setSign_s(sm2Result.s.toString(16));
ASN1Integer d_r = new ASN1Integer(sm2Result.r);
ASN1Integer d_s = new ASN1Integer(sm2Result.s);
ASN1EncodableVector v2 = new ASN1EncodableVector();
v2.add(d_r);
v2.add(d_s);
DERSequence sign = new DERSequence(v2);
String result = Util.byteToHex(sign.getEncoded());
sm2SignVO.setSm2_sign(result);
return sm2SignVO;
}
/**
* 验证签名
* @param publicKey 公钥信息
* @param sourceData 密文信息
* @param signData 签名信息
* @return 验签的对象 包含了相关参数和验签结果
*/
@SuppressWarnings("unchecked")
public static SM2SignVO VerifySignSM2(byte[] publicKey,byte[] sourceData,byte[] signData){
try {
byte[] formatedPubKey;
SM2SignVO verifyVo = new SM2SignVO();
verifyVo.setSm2_type("verify");
if (publicKey.length == 64) {
// 添加一字节标识,用于ECPoint解析
formatedPubKey = new byte[65];
formatedPubKey[0] = 0x04;
System.arraycopy(publicKey, 0, formatedPubKey, 1, publicKey.length);
} else{
formatedPubKey = publicKey;
}
SM2Factory factory = SM2Factory.getInstance();
ECPoint userKey = factory.ecc_curve.decodePoint(formatedPubKey);
SM3Digest sm3Digest = new SM3Digest();
byte [] z = factory.sm2GetZ(USER_ID.getBytes(), userKey);
System.out.println("SM3摘要Z: " + Util.getHexString(z));
verifyVo.setSm3_z(Util.getHexString(z));
sm3Digest.update(z,0,z.length);
sm3Digest.update(sourceData,0,sourceData.length);
byte [] md = new byte[32];
sm3Digest.doFinal(md, 0);
System.out.println("SM3摘要值: " + Util.getHexString(md));
verifyVo.setSm3_digest(Util.getHexString(md));
ByteArrayInputStream bis = new ByteArrayInputStream(signData);
ASN1InputStream dis = new ASN1InputStream(bis);
SM2Result sm2Result = null;
ASN1Primitive derObj = dis.readObject();
Enumeration<ASN1Integer> e = ((ASN1Sequence)derObj).getObjects();
BigInteger r = ((ASN1Integer) e.nextElement()).getValue();
BigInteger s = ((ASN1Integer) e.nextElement()).getValue();
sm2Result = new SM2Result();
sm2Result.r = r;
sm2Result.s = s;
//System.out.println("vr: " + sm2Result.r.toString(16));
//System.out.println("vs: " + sm2Result.s.toString(16));
verifyVo.setVerify_r(sm2Result.r.toString(16));
verifyVo.setVerify_s(sm2Result.s.toString(16));
factory.sm2Verify(md, userKey, sm2Result.r, sm2Result.s, sm2Result);
boolean verifyFlag = sm2Result.r.equals(sm2Result.R);
verifyVo.setVerify(verifyFlag);
return verifyVo;
} catch (IllegalArgumentException e) {
return null;
}catch (Exception e) {
e.printStackTrace();
return null;
}
}
}
工具类
package cn.test.encrypt.utils;
import java.math.BigInteger;
public class Util {
/**
* 整形转换成网络传输的字节流(字节数组)型数据
*
* @param num 一个整型数据
* @return 4个字节的自己数组
*/
public static byte[] intToBytes(int num) {
byte[] bytes = new byte[4];
bytes[0] = (byte) (0xff & (num >> 0));
bytes[1] = (byte) (0xff & (num >> 8));
bytes[2] = (byte) (0xff & (num >> 16));
bytes[3] = (byte) (0xff & (num >> 24));
return bytes;
}
/**
* 四个字节的字节数据转换成一个整形数据
*
* @param bytes 4个字节的字节数组
* @return 一个整型数据
*/
public static int byteToInt(byte[] bytes) {
int num = 0;
int temp;
temp = (0x000000ff & (bytes[0])) << 0;
num = num | temp;
temp = (0x000000ff & (bytes[1])) << 8;
num = num | temp;
temp = (0x000000ff & (bytes[2])) << 16;
num = num | temp;
temp = (0x000000ff & (bytes[3])) << 24;
num = num | temp;
return num;
}
/**
* 长整形转换成网络传输的字节流(字节数组)型数据
*
* @param num 一个长整型数据
* @return 4个字节的自己数组
*/
public static byte[] longToBytes(long num) {
byte[] bytes = new byte[8];
for (int i = 0; i < 8; i++) {
bytes[i] = (byte) (0xff & (num >> (i * 8)));
}
return bytes;
}
/**
* 大数字转换字节流(字节数组)型数据
*
* @param n
* @return
*/
public static byte[] byteConvert32Bytes(BigInteger n) {
byte tmpd[] = (byte[]) null;
if (n == null) {
return null;
}
if (n.toByteArray().length == 33) {
tmpd = new byte[32];
System.arraycopy(n.toByteArray(), 1, tmpd, 0, 32);
} else if (n.toByteArray().length == 32) {
tmpd = n.toByteArray();
} else {
tmpd = new byte[32];
for (int i = 0; i < 32 - n.toByteArray().length; i++) {
tmpd[i] = 0;
}
System.arraycopy(n.toByteArray(), 0, tmpd, 32 - n.toByteArray().length, n.toByteArray().length);
}
return tmpd;
}
/**
* 换字节流(字节数组)型数据转大数字
*
* @param b
* @return
*/
public static BigInteger byteConvertInteger(byte[] b) {
if (b[0] < 0) {
byte[] temp = new byte[b.length + 1];
temp[0] = 0;
System.arraycopy(b, 0, temp, 1, b.length);
return new BigInteger(temp);
}
return new BigInteger(b);
}
/**
* 根据字节数组获得值(十六进制数字)
*
* @param bytes
* @return
*/
public static String getHexString(byte[] bytes) {
return getHexString(bytes, true);
}
/**
* 根据字节数组获得值(十六进制数字)
*
* @param bytes
* @param upperCase
* @return
*/
public static String getHexString(byte[] bytes, boolean upperCase) {
String ret = "";
for (int i = 0; i < bytes.length; i++) {
ret += Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1);
}
return upperCase ? ret.toUpperCase() : ret;
}
/**
* 打印十六进制字符串
*
* @param bytes
*/
public static void printHexString(byte[] bytes) {
for (int i = 0; i < bytes.length; i++) {
String hex = Integer.toHexString(bytes[i] & 0xFF);
if (hex.length() == 1) {
hex = '0' + hex;
}
System.out.print("0x" + hex.toUpperCase() + ",");
}
System.out.println("");
}
/**
* Convert hex string to byte[]
*
* @param hexString the hex string
* @return byte[]
*/
public static byte[] hexStringToBytes(String hexString) {
if (hexString == null || hexString.equals("")) {
return null;
}
hexString = hexString.toUpperCase();
int length = hexString.length() / 2;
char[] hexChars = hexString.toCharArray();
byte[] d = new byte[length];
for (int i = 0; i < length; i++) {
int pos = i * 2;
d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
}
return d;
}
/**
* Convert char to byte
*
* @param c char
* @return byte
*/
public static byte charToByte(char c) {
return (byte) "0123456789ABCDEF".indexOf(c);
}
/**
* 用于建立十六进制字符的输出的小写字符数组
*/
private static final char[] DIGITS_LOWER = {'0', '1', '2', '3', '4', '5',
'6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
/**
* 用于建立十六进制字符的输出的大写字符数组
*/
private static final char[] DIGITS_UPPER = {'0', '1', '2', '3', '4', '5',
'6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
/**
* 将字节数组转换为十六进制字符数组
*
* @param data byte[]
* @return 十六进制char[]
*/
public static char[] encodeHex(byte[] data) {
return encodeHex(data, true);
}
/**
* 将字节数组转换为十六进制字符数组
*
* @param data byte[]
* @param toLowerCase <code>true</code> 传换成小写格式 , <code>false</code> 传换成大写格式
* @return 十六进制char[]
*/
public static char[] encodeHex(byte[] data, boolean toLowerCase) {
return encodeHex(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER);
}
/**
* 将字节数组转换为十六进制字符数组
*
* @param data byte[]
* @param toDigits 用于控制输出的char[]
* @return 十六进制char[]
*/
protected static char[] encodeHex(byte[] data, char[] toDigits) {
int l = data.length;
char[] out = new char[l << 1];
// two characters form the hex value.
for (int i = 0, j = 0; i < l; i++) {
out[j++] = toDigits[(0xF0 & data[i]) >>> 4];
out[j++] = toDigits[0x0F & data[i]];
}
return out;
}
/**
* 将字节数组转换为十六进制字符串
*
* @param data byte[]
* @return 十六进制String
*/
public static String encodeHexString(byte[] data) {
return encodeHexString(data, true);
}
/**
* 将字节数组转换为十六进制字符串
*
* @param data byte[]
* @param toLowerCase <code>true</code> 传换成小写格式 , <code>false</code> 传换成大写格式
* @return 十六进制String
*/
public static String encodeHexString(byte[] data, boolean toLowerCase) {
return encodeHexString(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER);
}
/**
* 将字节数组转换为十六进制字符串
*
* @param data byte[]
* @param toDigits 用于控制输出的char[]
* @return 十六进制String
*/
protected static String encodeHexString(byte[] data, char[] toDigits) {
return new String(encodeHex(data, toDigits));
}
/**
* 将十六进制字符数组转换为字节数组
*
* @param data 十六进制char[]
* @return byte[]
* @throws RuntimeException 如果源十六进制字符数组是一个奇怪的长度,将抛出运行时异常
*/
public static byte[] decodeHex(char[] data) {
int len = data.length;
if ((len & 0x01) != 0) {
throw new RuntimeException("Odd number of characters.");
}
byte[] out = new byte[len >> 1];
// two characters form the hex value.
for (int i = 0, j = 0; j < len; i++) {
int f = toDigit(data[j], j) << 4;
j++;
f = f | toDigit(data[j], j);
j++;
out[i] = (byte) (f & 0xFF);
}
return out;
}
/**
* 将十六进制字符转换成一个整数
*
* @param ch 十六进制char
* @param index 十六进制字符在字符数组中的位置
* @return 一个整数
* @throws RuntimeException 当ch不是一个合法的十六进制字符时,抛出运行时异常
*/
protected static int toDigit(char ch, int index) {
int digit = Character.digit(ch, 16);
if (digit == -1) {
throw new RuntimeException("Illegal hexadecimal character " + ch
+ " at index " + index);
}
return digit;
}
/**
* 数字字符串转ASCII码字符串
*
* @param String 字符串
* @return ASCII字符串
*/
public static String StringToAsciiString(String content) {
String result = "";
int max = content.length();
for (int i = 0; i < max; i++) {
char c = content.charAt(i);
String b = Integer.toHexString(c);
result = result + b;
}
return result;
}
/**
* 十六进制转字符串
*
* @param hexString 十六进制字符串
* @param encodeType 编码类型4:Unicode,2:普通编码
* @return 字符串
*/
public static String hexStringToString(String hexString, int encodeType) {
String result = "";
int max = hexString.length() / encodeType;
for (int i = 0; i < max; i++) {
char c = (char) hexStringToAlgorism(hexString
.substring(i * encodeType, (i + 1) * encodeType));
result += c;
}
return result;
}
/**
* 十六进制字符串装十进制
*
* @param hex 十六进制字符串
* @return 十进制数值
*/
public static int hexStringToAlgorism(String hex) {
hex = hex.toUpperCase();
int max = hex.length();
int result = 0;
for (int i = max; i > 0; i--) {
char c = hex.charAt(i - 1);
int algorism = 0;
if (c >= '0' && c <= '9') {
algorism = c - '0';
} else {
algorism = c - 55;
}
result += Math.pow(16, max - i) * algorism;
}
return result;
}
/**
* 十六转二进制
*
* @param hex 十六进制字符串
* @return 二进制字符串
*/
public static String hexStringToBinary(String hex) {
hex = hex.toUpperCase();
String result = "";
int max = hex.length();
for (int i = 0; i < max; i++) {
char c = hex.charAt(i);
switch (c) {
case '0':
result += "0000";
break;
case '1':
result += "0001";
break;
case '2':
result += "0010";
break;
case '3':
result += "0011";
break;
case '4':
result += "0100";
break;
case '5':
result += "0101";
break;
case '6':
result += "0110";
break;
case '7':
result += "0111";
break;
case '8':
result += "1000";
break;
case '9':
result += "1001";
break;
case 'A':
result += "1010";
break;
case 'B':
result += "1011";
break;
case 'C':
result += "1100";
break;
case 'D':
result += "1101";
break;
case 'E':
result += "1110";
break;
case 'F':
result += "1111";
break;
}
}
return result;
}
/**
* ASCII码字符串转数字字符串
*
* @param String ASCII字符串
* @return 字符串
*/
public static String AsciiStringToString(String content) {
String result = "";
int length = content.length() / 2;
for (int i = 0; i < length; i++) {
String c = content.substring(i * 2, i * 2 + 2);
int a = hexStringToAlgorism(c);
char b = (char) a;
String d = String.valueOf(b);
result += d;
}
return result;
}
/**
* 将十进制转换为指定长度的十六进制字符串
*
* @param algorism int 十进制数字
* @param maxLength int 转换后的十六进制字符串长度
* @return String 转换后的十六进制字符串
*/
public static String algorismToHexString(int algorism, int maxLength) {
String result = "";
result = Integer.toHexString(algorism);
if (result.length() % 2 == 1) {
result = "0" + result;
}
return patchHexString(result.toUpperCase(), maxLength);
}
/**
* 字节数组转为普通字符串(ASCII对应的字符)
*
* @param bytearray byte[]
* @return String
*/
public static String byteToString(byte[] bytearray) {
String result = "";
char temp;
int length = bytearray.length;
for (int i = 0; i < length; i++) {
temp = (char) bytearray[i];
result += temp;
}
return result;
}
/**
* 二进制字符串转十进制
*
* @param binary 二进制字符串
* @return 十进制数值
*/
public static int binaryToAlgorism(String binary) {
int max = binary.length();
int result = 0;
for (int i = max; i > 0; i--) {
char c = binary.charAt(i - 1);
int algorism = c - '0';
result += Math.pow(2, max - i) * algorism;
}
return result;
}
/**
* 十进制转换为十六进制字符串
*
* @param algorism int 十进制的数字
* @return String 对应的十六进制字符串
*/
public static String algorismToHEXString(int algorism) {
String result = "";
result = Integer.toHexString(algorism);
if (result.length() % 2 == 1) {
result = "0" + result;
}
result = result.toUpperCase();
return result;
}
/**
* HEX字符串前补0,主要用于长度位数不足。
*
* @param str String 需要补充长度的十六进制字符串
* @param maxLength int 补充后十六进制字符串的长度
* @return 补充结果
*/
static public String patchHexString(String str, int maxLength) {
String temp = "";
for (int i = 0; i < maxLength - str.length(); i++) {
temp = "0" + temp;
}
str = (temp + str).substring(0, maxLength);
return str;
}
/**
* 将一个字符串转换为int
*
* @param s String 要转换的字符串
* @param defaultInt int 如果出现异常,默认返回的数字
* @param radix int 要转换的字符串是什么进制的,如16 8 10.
* @return int 转换后的数字
*/
public static int parseToInt(String s, int defaultInt, int radix) {
int i = 0;
try {
i = Integer.parseInt(s, radix);
} catch (NumberFormatException ex) {
i = defaultInt;
}
return i;
}
/**
* 将一个十进制形式的数字字符串转换为int
*
* @param s String 要转换的字符串
* @param defaultInt int 如果出现异常,默认返回的数字
* @return int 转换后的数字
*/
public static int parseToInt(String s, int defaultInt) {
int i = 0;
try {
i = Integer.parseInt(s);
} catch (NumberFormatException ex) {
i = defaultInt;
}
return i;
}
/**
* 十六进制串转化为byte数组
*
* @return the array of byte
*/
public static byte[] hexToByte(String hex)
throws IllegalArgumentException {
if (hex.length() % 2 != 0) {
throw new IllegalArgumentException();
}
char[] arr = hex.toCharArray();
byte[] b = new byte[hex.length() / 2];
for (int i = 0, j = 0, l = hex.length(); i < l; i++, j++) {
String swap = "" + arr[i++] + arr[i];
int byteint = Integer.parseInt(swap, 16) & 0xFF;
b[j] = new Integer(byteint).byteValue();
}
return b;
}
/**
* 字节数组转换为十六进制字符串
*
* @param b byte[] 需要转换的字节数组
* @return String 十六进制字符串
*/
public static String byteToHex(byte b[]) {
if (b == null) {
throw new IllegalArgumentException(
"Argument b ( byte array ) is null! ");
}
String hs = "";
String stmp = "";
for (int n = 0; n < b.length; n++) {
stmp = Integer.toHexString(b[n] & 0xff);
if (stmp.length() == 1) {
hs = hs + "0" + stmp;
} else {
hs = hs + stmp;
}
}
return hs.toLowerCase();
//return hs.toUpperCase();
}
public static byte[] subByte(byte[] input, int startIndex, int length) {
byte[] bt = new byte[length];
for (int i = 0; i < length; i++) {
bt[i] = input[i + startIndex];
}
return bt;
}
}
测试Demo
public static void main(String[] args) throws Exception {
String req = "123456";
String toHex = Convert.toHex(req, CharsetUtil.CHARSET_UTF_8);
String appPubKey = "0411d9bb4605afe2b652effe75ee1d75a5bcdfec7f4bf3e59a4e79736176c09906a7d3bb8a275111f8669f09f7f38249d05caedf43309fd7584e786774b2066d0f";
String appPriKey ="12d39a6f96885dab71cf12392a8d497981101b32729dcf89904253661cd8ba4f";
SM2SignVO sm2SignVO = SM2SignVerUtils.Sign2SM2(Util.hexStringToBytes(appPriKey), toHex.getBytes());
System.out.println("签名是:"+sm2SignVO.sm2_sign);
SM2SignVO verify = SM2SignVerUtils.VerifySignSM2(Util.hexStringToBytes(appPubKey), toHex.getBytes(), Util.hexToByte(sm2SignVO.sm2_sign));
System.out.println("结果:"+verify.isVerify);
}注意:
加签逻辑中要用SM3计算摘要,对于工具类中的计算逻辑 在如图所示位置
工具类加签验签计算摘要逻辑一致,可以验签,若和第三方对接需要调整逻辑!!!
5931
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
