pom.xml文件加上:
<!-- SM2加密解密签名组件 -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
public class SM2SignDemo {
public static void main(String[] args) throws Exception {
// 初始化 BouncyCastle 提供程序:
Security.addProvider(new BouncyCastleProvider());
// 生成密钥对
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC");
keyPairGenerator.initialize(new ECGenParameterSpec("sm2p256v1"), new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// 获取公私钥
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
// 公私钥转换为Base64字符串
//String privateKeyStr = Base64.getEncoder().encodeToString(privateKey.getEncoded());
//String publicKeyStr = Base64.getEncoder().encodeToString(publicKey.getEncoded());
String privateKeyStr = "MIGTAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBHkwdwIBAQQgADS8Wo/rDl0+9o6O5tJ1mDbnDnLqyix+AKidC2JughigCgYIKoEcz1UBgi2hRANCAAQa/0tZAnVKm11ZzMmkdOThMVvhgu9yLpDuab3xhQWvTJq1W8Ft4bKSonwT8GqWL0rDX/6xEuaxeqk9oqUZH7k/";
String publicKeyStr = "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEGv9LWQJ1SptdWczJpHTk4TFb4YLvci6Q7mm98YUFr0yatVvBbeGykqJ8E/Bqli9Kw1/+sRLmsXqpPaKlGR+5Pw==";
System.out.println("私钥: " + privateKeyStr);
System.out.println("公钥: " + publicKeyStr);
//将Base64的私钥串转为私钥对象
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyStr));
KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
//将Base64的公钥串转为公钥对象
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyStr));
publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
// 创建签名器及初始化
SM2Signer signer = new SM2Signer();
ECPrivateKeyParameters ecPrivateKeyParameters = (ECPrivateKeyParameters) PrivateKeyFactory.createKey(privateKey.getEncoded());
signer.init(true, ecPrivateKeyParameters); //初始化私钥串
// 签名
String message = "code=销售单号&ts=时间戳";
System.out.println("原始字符串: " + message);
byte[] messageBytes = message.getBytes();
signer.update(messageBytes, 0, messageBytes.length);
byte[] signBytes = signer.generateSignature();
// 签名换为Base64字符串
String signBase64Str = Base64.getEncoder().encodeToString(signBytes);
System.out.println("数据签名串: " + signBase64Str);
//将Base64的签名串转为byte[]对象
signBytes = Base64.getDecoder().decode(signBase64Str);
// 验证签名
ECPublicKeyParameters ecPublicKeyParameters = (ECPublicKeyParameters) PublicKeyFactory.createKey(publicKey.getEncoded());
signer.init(false, ecPublicKeyParameters); //初始化公钥串
signer.update(messageBytes, 0, messageBytes.length);
System.out.println("签名验证: " + signer.verifySignature(signBytes));
}
}