数字签名借助RSA算法实现,由于RSA算法的特点是非对称类算法,同时将破解的风险转移到数学难题(分解公因数)上,使其难以破解。由于算法有公钥和私钥,私钥就是私有的,仅自己能够知道,公钥就是公开给别人的。那如果我用我的私钥加密然后你用我的公钥解密,这就能唯一确定这个东西我是发给你的。
这是基于jdk的数字签名, 代码如下:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
public class jdkRSA {
private static String src="我爱你";
public static void main(String[] args)
{
rsa();
}
public static void rsa(){
try {
/*
* 初始化签名
*/
KeyPairGenerator keyPairGenerator=KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(512);
KeyPair keyPair=keyPairGenerator.generateKeyPair();
RSAPublicKey rsaPublicKey=(RSAPublicKey) keyPair.getPublic();
RSAPrivateKey rsaPrivateKey=(RSAPrivateKey) keyPair.getPrivate();
/*
* 执行签名
*/
PKCS8EncodedKeySpec pkcs8EncodedKeySpec=new PKCS8EncodedKeySpec(rsaPrivateKey.getEncoded());
KeyFactory keyFactory=KeyFactory.getInstance("RSA");
PrivateKey privateKey=keyFactory.generatePrivate(pkcs8EncodedKeySpec);
Signature signature=Signature.getInstance("MD5withRSA");
signature.initSign(privateKey);
signature.update(src.getBytes());
byte[] result=signature.sign();
System.out.println("jdk rsa sign:" + result.toString() );
/*
* 验证签名
*/
X509EncodedKeySpec x509EncodedKeySpec=new X509EncodedKeySpec(rsaPublicKey.getEncoded());
keyFactory=KeyFactory.getInstance("RSA");
PublicKey publicKey=keyFactory.generatePublic(x509EncodedKeySpec);
signature=Signature.getInstance("MD5withRSA");
signature.initVerify(publicKey);
signature.update(src.getBytes());
boolean bool=signature.verify(result);
System.out.println("jdk rsa verify"+" "+bool);
} catch (Exception e) {
e.printStackTrace();
}
}
}
结果如下:
jdk rsa sign:[B@75786e64
jdk rsa verify true