SM2算法简介
SM2算法是中国国家密码局推出的国产化算法,是基于椭圆曲线的非对称算法,相对于RSA算法,SM2具有密钥更小,运算速度更快,相同密钥长度下具有更高安全性等优势。
package com.my;
import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.asn1.x9.X9ECPoint;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.*;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.encoders.Hex;
import org.junit.jupiter.api.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.swing.plaf.PanelUI;
import java.math.BigInteger;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
public class SM2Util {
private final static Logger serverLogger = LoggerFactory.getLogger(SM2Util.class);
private static final String ENCRYPT_KEY = "";
private static final String DECRYPT_KEY = "";
/**
* 生成国密公私钥对
*
* @return
* @throws Exception
*/
@Test
public void t1(){
List<String> list = null;
try {
list = SM2Util.genKeyPair();
}catch (Exception e){
e.printStackTrace();
}
list.forEach(s -> System.out.println(s));
}
@Test
public void t2() throws Exception {
String mima = encrypt("libai李白",ENCRYPT_KEY);
String jiemi = decrypt(mima,DECRYPT_KEY);
System.out.println("加密后字符串:"+mima );
System.out.println("解密后字符串:"+jiemi );
}
public static List<String> genKeyPair() throws Exception {
//生成密钥对
X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
keyPairGenerator.init(new ECKeyGenerationParameters(domainParameters, SecureRandom.getInstance("SHA1PRNG")));
AsymmetricCipherKeyPair asymmetricCipherKeyPair = keyPairGenerator.generateKeyPair();
//私钥,16进制格式,自己保存,格式如a2081b5b81fbea0b6b973a3ab6dbbbc65b1164488bf22d8ae2ff0b8260f64853
BigInteger privatekey = ((ECPrivateKeyParameters) asymmetricCipherKeyPair.getPrivate()).getD();
String privateKeyHex = privatekey.toString(16);
//公钥,16进制格式,发给前端,格式如04813d4d97ad31bd9d18d785f337f683233099d5abed09cb397152d50ac28cc0ba43711960e811d90453db5f5a9518d660858a8d0c57e359a8bf83427760ebcbba
ECPoint ecPoint = ((ECPublicKeyParameters) asymmetricCipherKeyPair.getPublic()).getQ();
String publicKeyHex = Hex.toHexString(ecPoint.getEncoded(false));
List<String> result = new ArrayList<>();
result.add(publicKeyHex);
result.add(privateKeyHex);
return result;
}
/**
* 加密SM2
*
* @param plaintext 明文
* @return 密文
*/
public static String encrypt(String plaintext,String publicKey) {
byte[] plaintextByte = Base64.getEncoder().encode(plaintext.getBytes());
X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
ECDomainParameters domainParams = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
X9ECPoint localX9ECPoint = new X9ECPoint(sm2ECParameters.getCurve(), Hex.decode(publicKey.getBytes()));
ECPublicKeyParameters pk = new ECPublicKeyParameters(localX9ECPoint.getPoint(), domainParams);
CipherParameters pubKeyParameters = new ParametersWithRandom(pk);
SM2Engine sm2Engine = new SM2Engine();
sm2Engine.init(true, pubKeyParameters);
try {
return Hex.toHexString(sm2Engine.processBlock(plaintextByte, 0, plaintextByte.length));
} catch (InvalidCipherTextException e) {
e.printStackTrace();
}
return null;
}
/**
* 根据privateKey对加密数据encodedata,使用SM2解密
*
* @return
*/
public static String decrypt(String cipherData, String privateKey)throws Exception {
byte[] cipherDataByte = Hex.decode(cipherData);
//刚才的私钥Hex,先还原私钥
BigInteger privateKeyD = new BigInteger(privateKey, 16);
X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(privateKeyD, domainParameters);
//用私钥解密
SM2Engine sm2Engine = new SM2Engine();
sm2Engine.init(false, privateKeyParameters);
//processBlock得到Base64格式,记得解码
byte[] arrayOfBytes = Base64.getDecoder().decode(sm2Engine.processBlock(cipherDataByte, 0, cipherDataByte.length));
//得到明文:SM2 Encryption Test
return new String(arrayOfBytes);
}
}