文章目录
RSA(经典数字签名算法)
RSA数字签名算法主要可分为MD系列和SHA系列两大类。MD系列主要包括MD2withRSA和MD5withRSA;SHA系列主要包括SHA1withRSA、SHA224withRSA、SHA256withRSA、SHA384withRSA和SHA512withRSA。
RSA数字签名生成的签名长度与密钥长度相同。
RSASignCoder
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
/**
* RSA 数字签名
*
* @author shaozuo
* @date 2018/08/08
*/
public class RSASignCoder {
public static final String ALGORITHM_NAME = "RSA";
private RSASignCoder() {
}
private static final String SIGNATURE_ALGORITHM = "MD5WithRSA";
private static final int KEY_SIZE = 512;
private static final String PUBLIC_KEY = "public_key";
private static final String PRIVATE_KEY = "private_key";
/**
* 初始化公钥
*
* @return Map 密钥map
* @throws Exception
*/
public static Map<String, Object> initKey() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_NAME);
keyPairGenerator.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<>();
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
public static byte[] getPrivateKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return key.getEncoded();
}
public static byte[] getPublicKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return key.getEncoded();
}
/**
* 签名
*
* @param data
* 待签名数据
* @param encodedPriviteKey
* 私钥
* @return byte[] 签名数据
* @throws GeneralSecurityException
*/
public static byte[] sign(byte[] data, byte[] encodedPriviteKey)
throws GeneralSecurityException {
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedPriviteKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PrivateKey privateKey = keyFactory.generatePrivate(encodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
/**
* 校验
*
* @param data
* 待校验数据
* @param encodedPublicKey
* 公钥
* @param sign
* 数字签名
* @return boolean 校验是否通过
* @throws GeneralSecurityException
*/
public static boolean verfiy(byte[] data, byte[] encodedPublicKey, byte[] sign)
throws GeneralSecurityException {
X509EncodedKeySpec encodedKeySpec = new X509EncodedKeySpec(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PublicKey publicKey = keyFactory.generatePublic(encodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
}
RSASignCoderTest
import static org.junit.Assert.assertTrue;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.junit.Before;
import org.junit.Test;
public class RSASignCoderTest {
// 公钥
private byte[] publicKey;
// 私钥
private byte[] privateKey;
String rawStrForSign = "RSA 数字签名";
@Before
public final void initKey() throws Exception {
Map<String, Object> keyMap = RSACoder.initKey();
publicKey = RSASignCoder.getPublicKey(keyMap);
privateKey = RSASignCoder.getPrivateKey(keyMap);
System.out.println("公钥: " + Base64.encodeBase64String(publicKey));
System.out.println("私钥: " + Base64.encodeBase64String(privateKey));
}
@Test
public void testSign() throws Exception {
System.out.println("待签名数据:" + rawStrForSign);
byte[] data = rawStrForSign.getBytes();
byte[] sign = RSASignCoder.sign(data, privateKey);
System.out.println("数字签名: " + Base64.encodeBase64String(sign));
boolean status = RSASignCoder.verfiy(data, publicKey, sign);
System.out.println("验证结果是:" + status);
assertTrue(status);
}
}
DSA(数字签名标准算法)
与RSA相比,DSA仅包含数字签名算法,使用DSA算法的数字证书无法进行加密通讯;而RSA算法既包含加密/解密算法,同时兼有数字签名算法。
DSA算法的签名长度与算法无关,且不唯一。
DSACoder
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
/**
* DSA 数字签名
*
* @author shaozuo
* @date 2018/08/08
*/
public class DSACoder {
public static final String ALGORITHM_NAME = "DSA";
private DSACoder() {
}
private static final String SIGNATURE_ALGORITHM = "SHA1WithDSA";
private static final int KEY_SIZE = 512;
private static final String PUBLIC_KEY = "public_key";
private static final String PRIVATE_KEY = "private_key";
/**
* 初始化公钥
*
* @return Map 密钥map
* @throws Exception
*/
public static Map<String, Object> initKey() throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_NAME);
keyPairGenerator.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
DSAPublicKey publicKey = (DSAPublicKey) keyPair.getPublic();
DSAPrivateKey privateKey = (DSAPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<>();
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
public static byte[] getPrivateKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return key.getEncoded();
}
public static byte[] getPublicKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return key.getEncoded();
}
/**
* 签名
*
* @param data
* 待签名数据
* @param encodedPriviteKey
* 私钥
* @return byte[] 签名数据
* @throws GeneralSecurityException
*/
public static byte[] sign(byte[] data, byte[] encodedPriviteKey)
throws GeneralSecurityException {
PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(encodedPriviteKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PrivateKey privateKey = keyFactory.generatePrivate(encodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
/**
* 校验
*
* @param data
* 待校验数据
* @param encodedPublicKey
* 公钥
* @param sign
* 数字签名
* @return boolean 校验是否通过
* @throws GeneralSecurityException
*/
public static boolean verfiy(byte[] data, byte[] encodedPublicKey, byte[] sign)
throws GeneralSecurityException {
X509EncodedKeySpec encodedKeySpec = new X509EncodedKeySpec(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PublicKey publicKey = keyFactory.generatePublic(encodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
}
DSACoderTest
import static org.junit.Assert.assertTrue;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.junit.Before;
import org.junit.Test;
public class DSACoderTest {
// 公钥
private byte[] publicKey;
// 私钥
private byte[] privateKey;
String rawStrForSign = "DSA 数字签名";
@Before
public final void initKey() throws Exception {
Map<String, Object> keyMap = DSACoder.initKey();
publicKey = DSACoder.getPublicKey(keyMap);
privateKey = DSACoder.getPrivateKey(keyMap);
System.out.println("公钥: " + Base64.encodeBase64String(publicKey));
System.out.println("私钥: " + Base64.encodeBase64String(privateKey));
}
@Test
public void testSign() throws Exception {
System.out.println("待签名数据:" + rawStrForSign);
byte[] data = rawStrForSign.getBytes();
byte[] sign = DSACoder.sign(data, privateKey);
System.out.println("数字签名: " + Base64.encodeBase64String(sign));
boolean status = DSACoder.verfiy(data, publicKey, sign);
System.out.println("验证结果是:" + status);
assertTrue(status);
}
}
ECDSA(椭圆曲线数字签名算法)
ECDSA算法可能大家都不熟悉,但是如果提到微软操作系统或办公软件的序列号,大家就应该很熟悉了,而序列号的验证算法就是使用的ECDSA算法。
ECDSACoder
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.Signature;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* ECDSA 数字签名
*
* @author shaozuo
* @date 2018/08/08
*/
public class ECDSACoder {
public static final String ALGORITHM_NAME = "ECDSA";
static {
Security.addProvider(new BouncyCastleProvider());
}
private ECDSACoder() {
}
private static final String SIGNATURE_ALGORITHM = "SHA512WithECDSA";
private static final int KEY_SIZE = 512;
private static final String PUBLIC_KEY = "ECDSAPublicKey";
private static final String PRIVATE_KEY = "ECDSAPrivateKey";
/**
* 初始化密钥
*
* @return
* @throws Exception
*/
public static Map<String, Object> initKey() throws GeneralSecurityException {
BigInteger p = new BigInteger(
"883423532389192164791648750360308885314476597252960362792450860609699839");
ECFieldFp ecFieldFp = new ECFieldFp(p);
BigInteger a = new BigInteger(
"7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc",
16);
BigInteger b = new BigInteger(
"6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a",
16);
EllipticCurve ellipticCurve = new EllipticCurve(ecFieldFp, a, b);
BigInteger x = new BigInteger(
"110282003749548856476348533541186204577905061504881242240149511594420911");
BigInteger y = new BigInteger(
"869078407435509378747351873793058868500210384946040694651368759217025454");
ECPoint g = new ECPoint(x, y);
BigInteger n = new BigInteger(
"883423532389192164791648750360308884807550341691627752275345424702807307");
ECParameterSpec ecParameterSpec = new ECParameterSpec(ellipticCurve, g,
n, 1);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_NAME);
keyPairGenerator.initialize(ecParameterSpec, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 公钥
ECPublicKey publicKey = (ECPublicKey) keyPair.getPublic();
// 私钥
ECPrivateKey privateKey = (ECPrivateKey) keyPair.getPrivate();
Map<String, Object> keyMap = new HashMap<String, Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
/**
* 取得私钥
*
* @param keyMap
* @return
* @throws Exception
*/
public static byte[] getPrivateKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(PRIVATE_KEY);
return key.getEncoded();
}
/**
* 取得公钥
*
* @param keyMap
* @return
* @throws Exception
*/
public static byte[] getPublicKey(Map<String, Object> keyMap) {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return key.getEncoded();
}
/**
* 签名<br>
* 用私钥签名
*
* @param data
* @param encodedPrivateKey
* @return
* @throws Exception
*/
public static byte[] sign(byte[] data, byte[] encodedPrivateKey)
throws GeneralSecurityException {
// 取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
/**
* 验证<br>
* 用公钥验证
*
* @param data
* @param encodedPublicKey
* @param sign
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, byte[] encodedPublicKey, byte[] sign)
throws GeneralSecurityException {
// 取得公钥
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(encodedPublicKey);
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PublicKey publicKey = keyFactory
.generatePublic(x509KeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
}
ECDSACoderTest
import static org.junit.Assert.assertTrue;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.junit.Before;
import org.junit.Test;
public class ECDSACoderTest {
// 公钥
private byte[] publicKey;
// 私钥
private byte[] privateKey;
String rawStrForSign = "ECDSA 数字签名";
@Before
public final void initKey() throws Exception {
Map<String, Object> keyMap = ECDSACoder.initKey();
publicKey = ECDSACoder.getPublicKey(keyMap);
privateKey = ECDSACoder.getPrivateKey(keyMap);
System.out.println("公钥: " + Base64.encodeBase64String(publicKey));
System.out.println("私钥: " + Base64.encodeBase64String(privateKey));
}
@Test
public void testSign() throws Exception {
System.out.println("待签名数据:" + rawStrForSign);
byte[] data = rawStrForSign.getBytes();
byte[] sign = ECDSACoder.sign(data, privateKey);
System.out.println("数字签名: " + Base64.encodeBase64String(sign));
boolean status = ECDSACoder.verify(data, publicKey, sign);
System.out.println("验证结果是:" + status);
assertTrue(status);
}
}