[JAVA加解密]数字签名

一、

1.RSA数字签名：先使用消息摘要算法对原始消息摘要，再对摘要做数字签名；主要分为MD系列和SHA系列；

2.DSA数字签名：本身不包含任何消息摘要算法；

二、RSA数字签名：

数字签名部分主要为签名/验证两个部分：

签名：

public static byte[] sign(byte[] priKey,byte[] data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
		PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
		Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
		signature.initSign(privateKey);
		signature.update(data);
		return signature.sign();
	}

拿到还原后的私钥后，init->update->sign

验证：

public static boolean verify(byte[] data,byte[] publicKey,byte[] sign) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
		X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PublicKey pubKey = keyFactory.generatePublic(x509EncodedKeySpec);
		Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
		sig.initVerify(pubKey);
		sig.update(data);
		return sig.verify(sign);
	}
	

拿到公钥后，init->update->verify

三、DataServlet实例：

RSACoder:

package com.dataserver;

import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;

import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;

public abstract class RSACoder {
	private static final String KEY_ALGORITHM= "RSA";
	private static String SIGNATURE_ALGORITHM="MD5withRSA";
	private static final int KEY_SIZE=512;
	private static final String PUBLIC_KEY = "RSAPublicKey";
	private static final String PRIVATE_KEY = "RSAPrivateKey";
	
	public static Map<String,Object> initKey() throws NoSuchAlgorithmException{
		KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);
		keyPairGen.initialize(KEY_SIZE);
		KeyPair keyPair = keyPairGen.generateKeyPair();
		//生成密钥当然要生成最丰富的啦
		RSAPublicKey publicKey = (RSAPublicKey)keyPair.getPublic();
		RSAPrivateKey privateKey = (RSAPrivateKey)keyPair.getPrivate();
		
		Map<String,Object> keyMap = new HashMap<String,Object>(2);
		keyMap.put(PUBLIC_KEY, publicKey);
		keyMap.put(PRIVATE_KEY, privateKey);
		return keyMap;
		
	}
	
	public static byte[] encryptByPrivateKey(byte[] data,byte[] priKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
		PKCS8EncodedKeySpec x509EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PrivateKey privateKey = keyFactory.generatePrivate(x509EncodedKeySpec);
		
		Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
		cipher.init(Cipher.ENCRYPT_MODE, privateKey);
		return cipher.doFinal(data);
		
	}
	
	public static byte[] encryptByPublicKey(byte[] data, byte[] pubKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
		X509EncodedKeySpec pkcs8EncodedKeySpec = new X509EncodedKeySpec(pubKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PublicKey publicKey = keyFactory.generatePublic(pkcs8EncodedKeySpec);
		
		Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
		cipher.init(Cipher.ENCRYPT_MODE, publicKey);
		return cipher.doFinal(data);
	}
		

	
	public static byte[] decryptByPublicKey(byte[] data,byte[] pubKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
		X509EncodedKeySpec pkcs8EncodedKeySpec = new X509EncodedKeySpec(pubKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PublicKey publicKey = keyFactory.generatePublic(pkcs8EncodedKeySpec);
		
		Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
		cipher.init(Cipher.DECRYPT_MODE, publicKey);
		return cipher.doFinal(data);
	}
	
	public static byte[] decryptByPrivateKey(byte[] data,byte[] priKey) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
		PKCS8EncodedKeySpec x509EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PrivateKey privateKey = keyFactory.generatePrivate(x509EncodedKeySpec);
		
		Cipher cipher = Cipher.getInstance(KEY_ALGORITHM);
		cipher.init(Cipher.DECRYPT_MODE, privateKey);
		return cipher.doFinal(data);
	}
	
	public static byte[] getPrivateKey(Map<String,Object> keyMap){
		RSAPrivateKey privateKey = (RSAPrivateKey) keyMap.get(PRIVATE_KEY);
		return privateKey.getEncoded();
	}
	
	public static byte[] getPublicKey(Map<String,Object> keyMap){
		RSAPublicKey publicKey = (RSAPublicKey)keyMap.get(PUBLIC_KEY);
		return publicKey.getEncoded();
	}
	
	public static byte[] encryptByPrivateKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
		return encryptByPrivateKey(data,getKey(key));
	}
	
	public static byte[] encryptByPublicKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
		return encryptByPublicKey(data,getKey(key));
	}
	
	private static byte[] getKey(String key) throws DecoderException {
		// String十六进制解密到byte[]
		return Hex.decodeHex(key.toCharArray());
	}

	public static byte[] decryptByPublicKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
		return decryptByPublicKey(data,getKey(key));
	}
	
	public static byte[] decryptByPrivateKey(byte[] data,String key) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, DecoderException{
		return decryptByPrivateKey(data,getKey(key));
	}
	
	public static String getPrivateKeyString(Map<String,Object> keyMap){
		return Hex.encodeHexString(getPrivateKey(keyMap));
	}
	
	public static String getPublicKeyString(Map<String,Object> keyMap){
		return Hex.encodeHexString(getPublicKey(keyMap));
	}
	
	public static byte[] sign(byte[] priKey,byte[] data) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
		PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(priKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
		Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
		signature.initSign(privateKey);
		signature.update(data);
		return signature.sign();
	}
	
	public static String sign(byte[] data,String privateKey) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, DecoderException{
		byte[] sign = sign(getKey(privateKey),data);
		return Hex.encodeHexString(sign);
		
	}
	
	public static boolean verify(byte[] data,byte[] publicKey,byte[] sign) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException{
		X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(publicKey);
		KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
		PublicKey pubKey = keyFactory.generatePublic(x509EncodedKeySpec);
		Signature sig = Signature.getInstance(SIGNATURE_ALGORITHM);
		sig.initVerify(pubKey);
		sig.update(data);
		return sig.verify(sign);
	}
	
	public static boolean verify(byte[] data,String publicKey,String sign) throws InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, SignatureException, DecoderException{
		return verify(data,publicKey.getBytes(),Hex.decodeHex(sign.toCharArray()));
	}
	
	
	
}

注意十六进制String的转换：

private static byte[] getKey(String key) throws DecoderException {
		// String十六进制解密到byte[]
		return Hex.decodeHex(key.toCharArray());
	}