1、概述
RSA 算法既是非对称加密算法中的经典,同样也是数字签名算法中的经典,也是迄今为止应用最为广泛的数字签名算法。
RSA数字签名算法的密钥实现和 RSA加密算法一致,算法名称同为“RSA“,密钥产生与转换完全一致。
2、注意事项
》经过反复测试发现,RSA数字签名算法的签名值与密钥长度相同;RSA 密钥默认长度为1024位,密钥长度必须是64的倍数,范围为 512 - 65536.
3、实现
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
/**
* 数字签名 RSA
*/
public class RSASignCoder {
//数字签名 - 签名验证算法
private static final String SIGNATRUE_ALGORITHM = "MD5withRSA";
//数字签名 - 密钥算法
private static final String KEY_ALGORITHM = "RSA";
//私钥
private static final String PRIVATEKEY = "RSAPrivateKey";
//公钥
private static final String PUBLICKEY = "RSAPublicKey";
/**
* RSA密钥长度
* 默认是 1024
* 必须是 64的倍数
* 范围:512 - 65536
*/
private static final int KeySize = 512; // 512 位 2进制,128 位 16进制
/**
* 初始化 密钥
* @return
* @throws Exception
*/
public static Map<String, Object> initKey() throws Exception{
//实例化密钥生成器
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_ALGORITHM);
//初始化
keyPairGenerator.initialize(KeySize);
//获取密钥对
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//获取私钥
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();
//获取公钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
Map<String, Object> map = new HashMap<String, Object>();
map.put(PRIVATEKEY, privateKey);
map.put(PUBLICKEY, publicKey);
return map;
}
/**
* 取得公钥
* @return
*/
public static byte[] getPublicKey(Map<String, Object> map){
PublicKey publicKey = (PublicKey) map.get(PUBLICKEY);
return publicKey.getEncoded();
}
/**
* 取得私钥
* @return
*/
public static byte[] getPrivateKey(Map<String, Object> map){
PrivateKey privateKey = (PrivateKey) map.get(PRIVATEKEY);
return privateKey.getEncoded();
}
/***
* 私钥加密
* @param source 需要加密数据
* @param key 私钥
* @return
*/
public static String sign(String source, byte[] key) throws Exception{
byte[] data = source.getBytes("utf-8");
// 取得私钥
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(key);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 生成私钥
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
//新增: 实例化 签名对象
Signature signature = Signature.getInstance(SIGNATRUE_ALGORITHM);
//初始化 私钥
signature.initSign(privateKey);
//更新签名
signature.update(data);
byte[] enSign = signature.sign();
return Base64.encodeBase64String(enSign);
}
/**
* 校验
* @param data 待校验数据
* @param key 公钥
* @param signStr 已签名数据
* @return
* @throws Exception
*/
public static boolean verify(String source, byte[] key, String signStr) throws Exception{
// 还原即将 解密的 数据源
byte[] data = source.getBytes("utf-8");
// 还原已签名数据
byte[] signData = Base64.decodeBase64(signStr);
// 取得公钥
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(key);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 生成公钥
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
//新增: 实例化 签名对象
Signature signature = Signature.getInstance(SIGNATRUE_ALGORITHM);
//初始化 校验公钥
signature.initVerify(publicKey);
//更新签名
signature.update(data);
//验证
return signature.verify(signData);
}
public static void main(String[] args) throws Exception {
Map<String, Object> keyMap = initKey();
byte[] privateKey = getPrivateKey(keyMap);
byte[] publicKey = getPublicKey(keyMap);
System.out.println("获取的私钥:" + Base64.encodeBase64String(privateKey));
System.out.println("获取的公钥:" + Base64.encodeBase64String(publicKey));
String source = "RSA 数据签名 测试";
String sign = sign(source, privateKey);
System.out.println("签名后:" + sign);
boolean flat = verify(source, publicKey, sign);
System.out.println("校验结果:" + flat);
/***console结果:
* 获取的私钥:MIIBVgIBADANBgkqhkiG9w0BAQEFAASCAUAwggE8AgEAAkEAlhpKh45zx5zxxoqXFw36zou6C2muPvuLu1c4cvJIRo90RHP13xjrPHrZsD1uv/VFbcsjZhsEEv4my8Y31jyJOQIDAQABAkAsPYuB8KaHSuan0ek+TkyB3AT1oCxPO+yvRsHIf0h2IxO+OhGUj68+7bLaQmt6x5rHMuTckjoITHs8twXp0xxBAiEA8pHnhmKZNT8nNR3M/dePj1V2XD5G7ncn2tWBupi7k40CIQCeacppCXGcqu6Tji5qsHsODz5n2F+9QWqiJTUHEBxrXQIhAOIJUCQMERRrKw/2GyWYD3DThJ3kcpiYdI0ZU/Abjv+pAiEAgtVe3fd1xO4L0wRX47fUOh1u7jdvgxB3MGnIbQfqYOUCIQCU9sUqYEGay/KrySPdvSb38i7Q3kc/gqFUHVJJRg8PTg==
获取的公钥:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAJYaSoeOc8ec8caKlxcN+s6Lugtprj77i7tXOHLySEaPdERz9d8Y6zx62bA9br/1RW3LI2YbBBL+JsvGN9Y8iTkCAwEAAQ==
签名后:aImDS72Tg8cYVPDiZC24lk99gaMmba0QcDOOPGuaZyZvFdcN4t3l2MmtoeAYxn0TAJgarQJ8A4wZzlPbk08NSg==
校验结果:true
*/
}
}