第四十八篇：JAVA加密解密之DSA（Digital Signature Algorithm）算法

DSA算法简介

DSA-Digital Signature Algorithm是Schnorr和ElGamal签名算法的变种，被美国NIST作为DSS(DigitalSignature Standard)。简单的说，这是一种更高级的验证方式，用作数字签名。不单单只有公钥、私钥，还有数字签名。私钥加密生成数字签名，公钥验证数据及签名。如果数据和签名不匹配则认为验证失败！数字签名的作用就是校验数据在传输过程中不被修改。数字签名，是单向加密的升级！

DSA算法实现

package com.jianggujin.codec;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * DSA
 * 
 * @author jianggujin
 *
 */
public class HQDSA
{
   private static HQDSA dsa = new HQDSA();

   public static HQDSA getInstance()
   {
      return dsa;
   }

   private HQDSA()
   {
   }

   /**
    * DSA签名算法
    * 
    * @author jianggujin
    *
    */
   public static enum HQDSASignatureAlgorithm
   {

      DSA("DSA"), SHA1withDSA("SHA1withDSA"), SHA224withDSA("SHA224withDSA"), SHA256withDSA("SHA256withDSA");
      private String name;

      private HQDSASignatureAlgorithm(String name)
      {
         this.name = name;
      }

      public String getName()
      {
         return this.name;
      }
   }

   public static final String ALGORITHM = "DSA";

   public byte[] sign(byte[] data, byte[] privateKey, HQDSASignatureAlgorithm signatureAlgorithm) throws Exception
   {
      return sign(data, privateKey, signatureAlgorithm.getName());
   }

   public byte[] sign(byte[] data, byte[] privateKey, String signatureAlgorithm) throws Exception
   {
      PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);

      KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);

      PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);

      Signature signature = Signature.getInstance(signatureAlgorithm);
      signature.initSign(priKey);
      signature.update(data);
      return signature.sign();
   }

   public boolean verify(byte[] data, byte[] publicKey, byte[] sign, HQDSASignatureAlgorithm signatureAlgorithm)
         throws Exception
   {
      return verify(data, publicKey, sign, signatureAlgorithm.getName());
   }

   public boolean verify(byte[] data, byte[] publicKey, byte[] sign, String signatureAlgorithm) throws Exception
   {
      X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);

      KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);

      PublicKey pubKey = keyFactory.generatePublic(keySpec);

      Signature signature = Signature.getInstance(signatureAlgorithm);
      signature.initVerify(pubKey);
      signature.update(data);

      return signature.verify(sign);
   }

   /**
    * 初始化密钥
    * 
    * @return
    */
   public HQKeyPair initKey() throws Exception
   {
      return initKey(1024);
   }

   /**
    * 初始化密钥
    * 
    * @param keySize
    * @return
    */
   public HQKeyPair initKey(int keySize) throws Exception
   {
      KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM);
      keyPairGen.initialize(1024);
      KeyPair keyPair = keyPairGen.generateKeyPair();
      return new HQKeyPair(keyPair);
   }
}
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

测试代码：

import org.junit.Test;

import com.jianggujin.codec.HQBase64;
import com.jianggujin.codec.HQDSA;
import com.jianggujin.codec.HQDSA.HQDSASignatureAlgorithm;
import com.jianggujin.codec.HQKeyPair;

public class DSATest
{
   HQDSA dsa = HQDSA.getInstance();
   HQBase64 base64 = HQBase64.getInstance();

   @Test
   public void encode() throws Exception
   {
      byte[] data = "jianggujin".getBytes();
      HQKeyPair keyPair = dsa.initKey();
      HQDSASignatureAlgorithm[] algorithms = HQDSASignatureAlgorithm.values();
      for (HQDSASignatureAlgorithm algorithm : algorithms)
      {
         System.err.println("=========================================");
         System.err.println(algorithm);
         byte[] sign = dsa.sign(data, keyPair.getPrivateKey(), algorithm);
         System.err.println("签名:" + base64.encodeToString(sign));
         System.err.println("验签:" + dsa.verify(data, keyPair.getPublicKey(), sign, algorithm));
      }
   }
}
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

测试结果： 
========================================= 
DSA 
签名:MC0CFQCRt2xFSIBJ/XSPHGYmSHhTOCjkwAIUSn8r6egiLg/d+Puq/AjE+IPGEvE= 
验签:true 
========================================= 
SHA1withDSA 
签名:MCwCFGOsJKBaGWXR5QA+YK3Z/QQ2li/LAhRQLQM3BFmM9B2jjyxrBUaO11xqVA== 
验签:true 
========================================= 
SHA224withDSA 
签名:MCwCFANthkgvsQ/zMFDUlkfMiv386bszAhRJCOvQI5LKRuvZdoyOOomNy2R7RA== 
验签:true 
========================================= 
SHA256withDSA 
签名:MCwCFH/IFt1WfO/y6cRAX2GHaA0PkqoSAhRVHgecDEVkXmuZwePvfeLuU/3lqA== 
验签:true