java签名主要用于防止用户修改文件中的敏感信息。
1.生成公私钥对,代码如下:
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
public class Test {
public static void main(String[] args) throws Exception{
FileOutputStream fos_public = new FileOutputStream("f:\\public.key");
ObjectOutputStream oos_public = new ObjectOutputStream(fos_public);
FileOutputStream fos_private = new FileOutputStream("f:\\private.key");
ObjectOutputStream oos_private = new ObjectOutputStream(fos_private);
// 生成DSA公私钥对
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA");
keyGen.initialize(1024);
// 生成公钥和私钥对
KeyPair key = keyGen.generateKeyPair();
PublicKey publicKey = key.getPublic();
PrivateKey privateKey = key.getPrivate();
//写入文件
oos_public.writeObject(publicKey);
oos_private.writeObject(privateKey);
fos_public.close();
oos_public.close();
fos_private.close();
oos_private.close();
}
}
2.给需要保护的文件加上签名
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.security.PrivateKey;
import java.security.Signature;
public class GenSgn {
public static void main(String[] args) throws Exception{
File file_info = new File("f:\\test.txt");
FileInputStream fis_info = new FileInputStream(file_info);
int fileInfoLength = (int)file_info.length();
byte[] infoBytes = new byte[fileInfoLength];
fis_info.read(infoBytes);
fis_info.close();
FileInputStream fis_private = new FileInputStream("f:\\private.key");
ObjectInputStream ois_private = new ObjectInputStream(fis_private);
PrivateKey privateKey = (PrivateKey)ois_private.readObject();
fis_private.close();
ois_private.close();
//生成签名
Signature sig=Signature.getInstance("DSA");
//用私钥来初始化数字签名对象
sig.initSign(privateKey);
//对msgBytes实施签名
sig.update(infoBytes);
//完成签名,将结果放入字节数组signatureBytes
byte[] signatureBytes = sig.sign();
/*
//将签名写入文件signature.sgn
FileOutputStream fos_signature = new FileOutputStream("f:\\signature.sgn");
fos_signature.write(signatureBytes);
fos_signature.close();
*/
FileOutputStream fos_xxx = new FileOutputStream("f:\\signature.xxx");
String s1 = "";
for(byte b:infoBytes){
s1 += b+",";
}
String s2 = "";
for(byte b:signatureBytes){
s2 += b+",";
}
System.out.println(new String(infoBytes));
System.out.println();
String t = s1.substring(0,s1.length())+"\n\n"+s2.substring(0,s2.length());
fos_xxx.write(t.getBytes());
fos_xxx.close();
}
}
3.验证文件
import java.io.File;
import java.io.FileInputStream;
import java.io.ObjectInputStream;
import java.security.PublicKey;
import java.security.Signature;
public class ValiSgn {
public static void main(String[] args)throws Exception {
/*
// 读入文件
File file_info = new File("D:\\upload\\test.txt");
FileInputStream fis_info = new FileInputStream(file_info);
int fileInfoLength = (int)file_info.length();
byte[] infoBytes = new byte[fileInfoLength];
fis_info.read(infoBytes);
fis_info.close();
// 读入发送方公钥
FileInputStream fis_public = new FileInputStream("f:\\public.key");
ObjectInputStream ois_public = new ObjectInputStream(fis_public);
PublicKey publicKey = (PublicKey)ois_public.readObject();
fis_public.close();
ois_public.close();
// 读入签名文件
File file_signature = new File("D:\\upload\\signature.sgn");
FileInputStream fis_signature = new FileInputStream(file_signature);
int fileSignatureLength = (int)file_signature.length();
byte[] signatureBytes = new byte[fileSignatureLength];
fis_signature.read(signatureBytes);
fis_signature.close();
System.out.println(new String(signatureBytes));
// 使用公鈅验证
Signature sig=Signature.getInstance("DSA");
sig.initVerify(publicKey);
sig.update(infoBytes);
if(sig.verify(signatureBytes)){
System.out.println("文件没有被篡改");
}else{
System.out.println("文件被篡改");
}
*/
File file_t = new File("f:\\signature.xxx");
FileInputStream fis_t = new FileInputStream(file_t);
int fileInfoLength = (int)file_t.length();
byte[] tBytes = new byte[fileInfoLength];
fis_t.read(tBytes);
fis_t.close();
String t = new String(tBytes);
String[] s1 = t.substring(0,t.indexOf("\n\n")).replace("\n\n", "").split(",");
String[] s2 = t.substring(t.indexOf("\n\n")).replace("\n\n", "").split(",");
byte[] b1 = new byte[s1.length];
for(int i=0;i<s1.length;i++){
b1[i]=Byte.parseByte(s1[i]);
}
byte[] b2 = new byte[s2.length];
for(int i=0;i<s2.length;i++){
b2[i]=Byte.parseByte(s2[i]);
}
FileInputStream fis_public = new FileInputStream("f:\\public.key");
ObjectInputStream ois_public = new ObjectInputStream(fis_public);
PublicKey publicKey = (PublicKey)ois_public.readObject();
fis_public.close();
ois_public.close();
Signature sig=Signature.getInstance("DSA");
sig.initVerify(publicKey);
sig.update(b1);
if(sig.verify(b2)){
System.out.println("文件没有被篡改");
}else{
System.out.println("文件被篡改");
}
}
}
如果文件未被修改,可以通过验证,反之,不能通过。
需要注意的是,要加上签名被修改的异常处理。