国密算法SM2 的JAVA实现(基于BC实现)

JAVA·Ｄ·WangJing

已于 2024-07-03 16:05:17 修改

阅读量8.3k

点赞数 11

分类专栏： # JAVA 文章标签：算法加密解密

于 2021-11-24 16:37:48 首次发布

本文链接：https://blog.csdn.net/wang_jing_jing/article/details/121518561

版权

JAVA 专栏收录该内容

56 篇文章

订阅专栏

该博客介绍了如何使用BouncyCastle库实现国密SM2算法，包括生成公私钥对、加密解密、签名及验签的功能。KeyUtils类用于创建和解析公私钥，Sm2Util类则提供了具体的加密、解密、签名和验证方法，测试类展示了这些功能的实际运用。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

一、pom文件引用

<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcprov-jdk15on</artifactId>
    <version>1.58</version>
</dependency>

二、SM2实现工具类

import org.bouncycastle.asn1.gm.GMObjectIdentifiers;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;

import java.security.*;
import java.security.spec.ECGenParameterSpec;

/**
 * @author WangJing
 * @Description SM2实现工具类
 * @date 2021/11/24 16:10
 */
public class Sm2Util {

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    /**
     * 生成国密公私钥对
     *
     * @return
     * @throws Exception
     */
    public static KeyPair createECKeyPair() throws Exception {
        KeyPairGenerator keyPairGenerator = null;
        SecureRandom secureRandom = new SecureRandom();
        ECGenParameterSpec sm2Spec = new ECGenParameterSpec("sm2p256v1");
        keyPairGenerator = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
        keyPairGenerator.initialize(sm2Spec);
        keyPairGenerator.initialize(sm2Spec, secureRandom);
        return keyPairGenerator.generateKeyPair();
    }

    /**
     * 根据publicKey对原始数据data，使用SM2加密
     *
     * @param data
     * @param publicKey
     * @return
     */
    public static byte[] encrypt(byte[] data, PublicKey publicKey) {
        ECPublicKeyParameters localECPublicKeyParameters = null;

        if (publicKey instanceof BCECPublicKey) {
            BCECPublicKey localECPublicKey = (BCECPublicKey) publicKey;
            ECParameterSpec localECParameterSpec = localECPublicKey.getParameters();
            ECDomainParameters localECDomainParameters = new ECDomainParameters(localECParameterSpec.getCurve(), localECParameterSpec.getG(), localECParameterSpec.getN());
            localECPublicKeyParameters = new ECPublicKeyParameters(localECPublicKey.getQ(), localECDomainParameters);
        }
        SM2Engine localSM2Engine = new SM2Engine();
        localSM2Engine.init(true, new ParametersWithRandom(localECPublicKeyParameters, new SecureRandom()));
        byte[] arrayOfByte2;
        try {
            arrayOfByte2 = localSM2Engine.processBlock(data, 0, data.length);
            return arrayOfByte2;
        } catch (InvalidCipherTextException e) {

            e.printStackTrace();
            return null;
        }
    }

    /**
     * 根据privateKey对加密数据encodedata，使用SM2解密
     *
     * @param encodedata
     * @param privateKey
     * @return
     */
    public static byte[] decrypt(byte[] encodedata, PrivateKey privateKey) {
        SM2Engine localSM2Engine = new SM2Engine();
        BCECPrivateKey sm2PriK = (BCECPrivateKey) privateKey;
        ECParameterSpec localECParameterSpec = sm2PriK.getParameters();
        ECDomainParameters localECDomainParameters = new ECDomainParameters(localECParameterSpec.getCurve(), localECParameterSpec.getG(), localECParameterSpec.getN());
        ECPrivateKeyParameters localECPrivateKeyParameters = new ECPrivateKeyParameters(sm2PriK.getD(), localECDomainParameters);
        localSM2Engine.init(false, localECPrivateKeyParameters);
        try {
            byte[] arrayOfByte3 = localSM2Engine.processBlock(encodedata, 0, encodedata.length);
            return arrayOfByte3;
        } catch (InvalidCipherTextException e) {
            e.printStackTrace();
            return null;
        }
    }

    /**
     * 私钥签名
     *
     * @param data
     * @param privateKey
     * @return
     * @throws Exception
     */
    public static byte[] signByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception {
        Signature sig = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), BouncyCastleProvider.PROVIDER_NAME);
        sig.initSign(privateKey);
        sig.update(data);
        byte[] ret = sig.sign();
        return ret;
    }

    /**
     * 公钥验签
     *
     * @param data
     * @param publicKey
     * @param signature
     * @return
     * @throws Exception
     */
    public static boolean verifyByPublicKey(byte[] data, PublicKey publicKey, byte[] signature) throws Exception {
        Signature sig = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), BouncyCastleProvider.PROVIDER_NAME);
        sig.initVerify(publicKey);
        sig.update(data);
        boolean ret = sig.verify(signature);
        return ret;
    }

}

三、Sm2Util 的测试类

import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.util.encoders.Hex;

import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;

/**
 * @author WangJing
 * @Description Sm2Util 的测试类
 * @date 2021/11/24 16:10
 */
public class Sm2UtilTest {

    private static String testStr = "wangjing";

    public static void main(String[] args) throws Exception {
        //生成公私钥对
        KeyPair ecKeyPair = Sm2Util.createECKeyPair();

        System.out.println("原始字符串：" + testStr);

        PublicKey publicKey = ecKeyPair.getPublic();
        if (publicKey instanceof BCECPublicKey) {
            //获取64字节非压缩缩的十六进制公钥串(0x04)
            String publicKeyHex = Hex.toHexString(((BCECPublicKey) publicKey).getQ().getEncoded(false));
            System.out.println("SM2公钥：" + publicKeyHex);
        }

        PrivateKey privateKey = ecKeyPair.getPrivate();
        if (privateKey instanceof BCECPrivateKey) {
            //获取32字节十六进制私钥串
            String privateKeyHex = ((BCECPrivateKey) privateKey).getD().toString(16);
            System.out.println("SM2私钥：" + privateKeyHex);
        }

        byte[] encrypt = Sm2Util.encrypt(testStr.getBytes(), publicKey);
        String encryptBase64Str = Base64.getEncoder().encodeToString(encrypt);
        System.out.println("加密数据：" + encryptBase64Str);

        byte[] decode = Base64.getDecoder().decode(encryptBase64Str);
        byte[] decrypt = Sm2Util.decrypt(decode, privateKey);
        System.out.println("解密数据：" + new String(decrypt));

        byte[] sign = Sm2Util.signByPrivateKey(testStr.getBytes(), privateKey);
        System.out.println("数据签名：" + Base64.getEncoder().encodeToString(sign));

        boolean b = Sm2Util.verifyByPublicKey(testStr.getBytes(), publicKey, sign);
        System.out.println("数据验签：" + b);
    }
}

四、执行效果

原始字符串：wangjing
SM2公钥：043d622a934fdcd8d062cbbd3171708f6a600bc0965209d69058310a23538c3133a82fad956ecb23274bc16446f3912b928b9e2e5b66c1ad794481b83bf7606a8c
SM2私钥：400e1d2a80324015e6dd4eaf5ce6e3e235e6fde8d4e7f64082800d78b17d13d1
加密数据：BLy9P5a9Lqo6ltsOYUwMrh3tQ5tBWSq02iShaiHJCaWvn7A0pyLy0AoWcl96dwY08vqmsLyJvQDJ9RnTIDpJntVAVHenOU5Vvug4+t2bQDY0RyLxGvz8bdMop8iNXlV7WoLVTCNrBngq
解密数据：wangjing
数据签名：MEYCIQC2v8X9D88OR8Gpp4UIzV6/KKF2oGuepjtWr4RoZZ/sZQIhAMsi0nNkU8K5neinsDagDTuKkktGX8fH+Ag06hyrpHhT
数据验签：true

注：以上内容仅提供参考和交流，请勿用于商业用途，如有侵权联系本人删除！