一、
1.RSA数字签名:先使用消息摘要算法对原始消息摘要,再对摘要做数字签名;主要分为MD系列和SHA系列;
2.DSA数字签名:本身不包含任何消息摘要算法;
二、RSA数字签名:
数字签名部分主要为签名/验证两个部分:
签名:
public static byte[] sign(byte[] priKey,byte[] data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
验证:
public static boolean verify(byte[] data,byte[] publicKey,byte[] sign) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey pubKey = keyFactory.generatePublic(x509EncodedKeySpec);
Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(pubKey);
sig.update(data);
return sig.verify(sign);
}
拿到公钥后,init->update->verify
三、DataServlet实例:
RSACoder:
package com.dataserver;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
public abstract class RSACoder {
private static final String KEY_ALGORITHM= "RSA";
private static String SIGNATURE_ALGORITHM="MD5withRSA";
private static final int KEY_SIZE=512;
private static final String PUBLIC_KEY = "RSAPublicKey";
private static final String PRIVATE_KEY = "RSAPrivateKey";
public static Map<String,Object> initKey() throws NoSuchAlgorithmException{
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
keyPairGen.initialize(KEY_SIZE);
KeyPair keyPair = keyPairGen.generateKeyPair();
//生成密钥当然要生成最丰富的啦
RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();
RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();
Map<String,Object> keyMap = new HashMap<String,Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
public static byte[] encryptByPrivateKey(byte[] data,byte[] priKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
PKCS8EncodedKeySpec x509EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(x509EncodedKeySpec);
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
public static byte[] encryptByPublicKey(byte[] data, byte[] pubKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
X509EncodedKeySpec pkcs8EncodedKeySpec = new X509EncodedKeySpec(pubKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicKey = keyFactory.generatePublic(pkcs8EncodedKeySpec);
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
public static byte[] decryptByPublicKey(byte[] data,byte[] pubKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
X509EncodedKeySpec pkcs8EncodedKeySpec = new X509EncodedKeySpec(pubKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicKey = keyFactory.generatePublic(pkcs8EncodedKeySpec);
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
public static byte[] decryptByPrivateKey(byte[] data,byte[] priKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
PKCS8EncodedKeySpec x509EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(x509EncodedKeySpec);
Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
public static byte[] getPrivateKey(Map<String,Object> keyMap){
RSAPrivateKey privateKey = (RSAPrivateKey) keyMap.get(PRIVATE_KEY);
return privateKey.getEncoded();
}
public static byte[] getPublicKey(Map<String,Object> keyMap){
RSAPublicKey publicKey = (RSAPublicKey)keyMap.get(PUBLIC_KEY);
return publicKey.getEncoded();
}
public static byte[] encryptByPrivateKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
return encryptByPrivateKey(data,getKey(key));
}
public static byte[] encryptByPublicKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
return encryptByPublicKey(data,getKey(key));
}
private static byte[] getKey(String key) throws DecoderException {
// String十六进制解密到byte[]
return Hex.decodeHex(key.toCharArray());
}
public static byte[] decryptByPublicKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
return decryptByPublicKey(data,getKey(key));
}
public static byte[] decryptByPrivateKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
return decryptByPrivateKey(data,getKey(key));
}
public static String getPrivateKeyString(Map<String,Object> keyMap){
return Hex.encodeHexString(getPrivateKey(keyMap));
}
public static String getPublicKeyString(Map<String,Object> keyMap){
return Hex.encodeHexString(getPublicKey(keyMap));
}
public static byte[] sign(byte[] priKey,byte[] data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
public static String sign(byte[] data,String privateKey) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, DecoderException{
byte[] sign = sign(getKey(privateKey),data);
return Hex.encodeHexString(sign);
}
public static boolean verify(byte[] data,byte[] publicKey,byte[] sign) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey pubKey = keyFactory.generatePublic(x509EncodedKeySpec);
Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
sig.initVerify(pubKey);
sig.update(data);
return sig.verify(sign);
}
public static boolean verify(byte[] data,String publicKey,String sign) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, DecoderException{
return verify(data,publicKey.getBytes(),Hex.decodeHex(sign.toCharArray()));
}
}
注意十六进制String的转换:
private static byte[] getKey(String key) throws DecoderException {
// String十六进制解密到byte[]
return Hex.decodeHex(key.toCharArray());
}