用数字签名实现防篡改

    通过数字签名来避免篡改的。一般思路如下：

    1.将信息生成数字签名，并将数字签名用公私加密

    2.用私钥解密数字签名，然后将信息再生成一次签名，将两个签名作比较得出结论

 

    以下用JAVA模拟过程：首先生成一个公钥一个私钥，分别保存文件为 public.key和private.key；任给一个信息文件 demo.txt，用private.key生成数字签名（已加密），将签名存放于文件sign.sgn；用公私 public.key 验证数字签名。

    签名算法选用DSA

 

    注：本例仅对小数据可行，大数据会出现内存溢出。

import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.ObjectInputStream; import java.io.ObjectOutputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; public class P14_Key_Gener { //存放公钥 private String public_file = "D://public.key"; //存放私钥 private String private_file = "D://private.key"; //原始数据 private String indata = "D://demo.txt"; //数字签名文件 private String sign_file = "D://sign.sgn"; //签名算法 private String signatureAlgorithm = "DSA"; public static void main(String args[]) throws Exception { P14_Key_Gener pp = new P14_Key_Gener(); //第一步：创建公私钥文件 pp.createKey(); //第二步：用私钥对原始数据签名 pp.signGen(); //第三步：利用公私验证数字签名 pp.verify(); } /** * 生成一个公钥一个私钥，分别保存为文件public.key和private.key * @throws Exception */ public void createKey() throws Exception{ //定义public.key文件 FileOutputStream fos_public = new FileOutputStream(public_file); ObjectOutputStream oos_public = new ObjectOutputStream(fos_public); //定义private.key文件 FileOutputStream fos_private = new FileOutputStream(private_file); ObjectOutputStream oos_private = new ObjectOutputStream(fos_private); //形成DSA公私对 KeyPairGenerator keyGen = KeyPairGenerator.getInstance(signatureAlgorithm); keyGen.initialize(1024); //生成公钥和私钥对 KeyPair key = keyGen.generateKeyPair(); PublicKey publicKey = key.getPublic(); PrivateKey privateKey = key.getPrivate(); //写入文件 oos_public.writeObject(publicKey); oos_private.writeObject(privateKey); fos_public.close(); oos_public.close(); fos_private.close(); oos_private.close(); System.out.println("公私钥文件生成成功"); } /** * 对信息文件用private.key生成数字签名，将签名存放于signature.sgn * @throws Exception */ public void signGen() throws Exception{ File file_info = new File(indata); FileInputStream fis_info = new FileInputStream(file_info); int file_input_length = (int)file_info.length(); byte[] infoBytes = new byte[file_input_length]; fis_info.read(infoBytes); fis_info.close(); //读入私钥 FileInputStream fis_private = new FileInputStream(private_file); ObjectInputStream ois_private = new ObjectInputStream(fis_private); PrivateKey privateKey = (PrivateKey)ois_private.readObject(); ois_private.close(); fis_private.close(); //生成签名 Signature sig = Signature.getInstance(signatureAlgorithm); //用私钥初始化数字签名对象 sig.initSign(privateKey); //对数据实施签名 sig.update(infoBytes); //完成签名，将结果放入字节数组 byte[] signatureBytes = sig.sign(); //将签名写入文件sign.sgn FileOutputStream os_signature = new FileOutputStream(sign_file); os_signature.write(signatureBytes); os_signature.close(); System.out.println("签名文件生成成功"); } /** * 用公私验证数字签名 * @throws Exception */ public void verify() throws Exception{ //读取原文数据 File file_info = new File(indata); FileInputStream fis_info = new FileInputStream(file_info); int fileinfolength = (int)file_info.length(); byte[] fileBytes = new byte[fileinfolength]; fis_info.read(fileBytes); fis_info.close(); //读入公钥 FileInputStream fis_public = new FileInputStream(public_file); ObjectInputStream oos_public = new ObjectInputStream(fis_public); PublicKey publicKey = (PublicKey)oos_public.readObject(); fis_public.close(); oos_public.close(); //读入签名文件 File file_sign = new File(sign_file); FileInputStream fis_sig = new FileInputStream(file_sign); int sign_length = (int)file_sign.length(); byte[] signBytes = new byte[sign_length]; fis_sig.read(signBytes); fis_sig.close(); //使用公私验证 Signature sig = Signature.getInstance(signatureAlgorithm); sig.initVerify(publicKey); //对msgBytes重新实施签名 sig.update(fileBytes); if(sig.verify(signBytes)) { System.out.println("文件没有被篡改"); }else{ System.out.println("文件被篡改"); } } }