本文承接上一篇《java.security.*篇(1) RSA 加密与解密demo》
涉及类:RSAPrivateKey RSAPublicKey X509EncodedKeySpec X509EncodedKeySpec PKCS8EncodedKeySpec Signature
rsa 私钥签名,公钥验证常用使用场景:1.客户端-服务端通讯发送消息,服务端私钥签名并发送消息/数据,客户端私钥验证消息/ 数据是否被篡改 2.机密文件私钥签名并保存,查看时用公钥验证文件是否被篡改 3.机密数据库数据内容签名并保存,使用时判断是否内容被篡改 4.文档内容签名并保存,打开时公钥校验是否被篡改
rsa 私钥签名公钥校验 demo
private final String ALGORITHM_NAME = "RSA";
private static final String MD5_RSA = "MD5withRSA";
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.11</version>
</dependency>
私钥加密公钥解密测试方法
/**
* @description: demos of jdk8 java.security KeyPairGenerator KeyPair
* RSAPrivateKey RSAPublicKey X509EncodedKeySpec X509EncodedKeySpec PKCS8EncodedKeySpec Signature
* ras private_key sign and public_key verify 用ras 私钥签名 公钥验证数据和签名是否匹配,也就是是否数据被篡改
*/
@Test
public void testRsaSignAndPublicVerify() throws Exception {
String message = "这是要签名的字符串";
// 初始化密钥生成器
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_NAME);
// 设置大小
keyPairGenerator.initialize(1024);
// 生成密钥对
KeyPair keyPair = keyPairGenerator.genKeyPair();
// 获取私钥
PrivateKey privateKey = keyPair.getPrivate();
// 获取公钥
PublicKey publicKey = keyPair.getPublic();
// 私钥字符串
String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded());
// 公钥字符串
String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded());
//用公钥签名字符串
String signStr = new String(privateKeySign(privateKeyStr,message));
//用私钥签名字符串
boolean verify = publicKeyVerify(publicKeyStr,signStr,message);
//签名校验结果为true
Assert.assertTrue(verify);
//模拟串改message
verify = publicKeyVerify(publicKeyStr,signStr,message+"change");
//签名校验结果为false
Assert.assertFalse(verify);
}
私钥签名方法
/**
* @description private key sign
* 私钥签名:实际情况一般是私钥和公钥是提前生成好的,我们需要读取配置文件或者输入值获取公钥私钥字符串去加密解密,因为传入参数需要是字符串,
* privateKey publicKey 对象进行后续操作
* Signature 初始化,并执行sign() 返回base64 bytes
**/
private byte[] privateKeySign(String privateKeyStr, String message) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, UnsupportedEncodingException, SignatureException {
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyStr));
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance(MD5_RSA);
signature.initSign(privateKey);
signature.update(message.getBytes());
return Base64.encodeBase64(signature.sign());
}
公钥验证方法
/**
* @description public key verify
* 公钥验证:实际情况一般是私钥和公钥是提前生成好的,我们需要读取配置文件或者输入值获取公钥私钥字符串去加密解密,因为传入参数需要是字符串,
* privateKey publicKey 对象进行后续操作
* Signature 初始化并执行verify 后验证message 是否与签名后的signStr 匹配
**/
private boolean publicKeyVerify(String publicKeyStr, String signStr, String message) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME);
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyStr));
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
Signature signature = Signature.getInstance(MD5_RSA);
signature.initVerify(publicKey);
signature.update(message.getBytes());
return signature.verify(Base64.decodeBase64(signStr.getBytes()));
}