java 证书进行加解密和签名验签

java 证书进行加解密和签名验签

使用keytool工具进行生成公私钥对

详情请参考别人的一篇文章:link.
本文生成一个pkcs12格式的bo.keystore

keytool -genkeypair -alias www.bo.org -keyalg RSA -keystore d:\github\bo.keystore -storetype pkcs12

之后进行处理,详细代码如下:

package com.longxinwu.util;

import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import sun.security.x509.X509CertImpl;

import javax.crypto.Cipher;
import java.io.FileInputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.cert.Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

public class KeyToolUtil {

    private static BASE64Encoder base64Encoder = new BASE64Encoder();
    private static BASE64Decoder base64Decoder = new BASE64Decoder();

    public static void main(String[] args) throws Exception {
        String storePath = ClassLoader.getSystemResource("keys/bo.keystore").getPath();
        System.out.println(storePath);

        PrivateKey privKey = getPrivateKey(storePath, "www.bo.org", "123456", "123456");
        PublicKey pubKey = getPublicKey(storePath, "www.bo.org", "123456");

        /*String strData = "加密前的数据";
        System.out.println("加密前数据:" + strData);
        String strEnc = encrypt(strData, pubKey);
        System.out.println("加密后的数据:" + strEnc);
        String strDec = decrypt(strEnc, privKey);
        System.out.println("加密后的数据:" + strDec);*/

        String strSignData = "签名前的数据";
        byte[] byteSignData = strSignData.getBytes(StandardCharsets.UTF_8);
        String signData = sign(byteSignData, privKey);
        System.out.println("签名后的摘要信息:" + signData);
        if (verify(byteSignData, signData, pubKey)) {
            System.out.println("验签通过");
        } else {
            System.out.println("验签错误");
        }
    }

    /**
     * 通过路径获取keystore
     */
    public static KeyStore getKeyStore(String keyStorePath, String password) throws Exception {
        FileInputStream is = new FileInputStream(keyStorePath);
        //这里 目前一般是PKCS12, 之前默认是jks
        KeyStore ks = KeyStore.getInstance("PKCS12");
        ks.load(is, password.toCharArray());
        is.close();
        return ks;
    }

    /**
     * 通过路径获取私钥
     */
    private static PrivateKey getPrivateKey(String keyStorePath, String alias, String storePass, String keyPass) throws Exception {
        KeyStore ks = getKeyStore(keyStorePath, storePass);
        PrivateKey privKey = (PrivateKey) ks.getKey(alias, keyPass.toCharArray());
        //返回私钥字符串
        String privateKey = base64Encoder.encode(privKey.getEncoded());
        System.out.println("私钥字符串:" + privateKey);
        return privKey;
    }

    /**
     * 通过路径获取公钥
     */
    private static PublicKey getPublicKey(String keyStorePath, String alias, String storePass) throws Exception {
        KeyStore ks = getKeyStore(keyStorePath, storePass);
        Certificate cert = ks.getCertificate(alias);
        PublicKey pubKey = cert.getPublicKey();
        BigInteger serialNumber = ((X509CertImpl) cert).getSerialNumber();
        String keyId = serialNumber.toString();
        System.out.println("证书ID:" + keyId);
        //返回公钥字符串
        String strPubKey = base64Encoder.encode(pubKey.getEncoded());
        System.out.println("公钥字符串:" + strPubKey);
        return pubKey;
    }

    /**
     * 从str中获取公私钥
     */
    private static PublicKey getPublicKeyFromStr(String pubKey) throws Exception {
        byte[] pk = base64Decoder.decodeBuffer(pubKey);
        X509EncodedKeySpec spec = new X509EncodedKeySpec(pk);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        PublicKey publicKey = kf.generatePublic(spec);
        return publicKey;
    }

    private static PrivateKey getPrivateKeyFromStr(String strPrivateKey) throws Exception {
        byte[] pk = base64Decoder.decodeBuffer(strPrivateKey);
        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pk);
        KeyFactory kf = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = kf.generatePrivate(spec);
        return privateKey;
    }

    /**
     * 用公钥加密
     */
    private static String encrypt(String data, Key pubKey) {
        String encData = null;
        try {
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(Cipher.ENCRYPT_MODE, pubKey);
            byte[] encrypted = cipher.doFinal(data.getBytes(StandardCharsets.UTF_8));
            encData = base64Encoder.encodeBuffer(encrypted).replace("\r", "").replace("\n", "");
        } catch (Exception e) {
            e.printStackTrace();
        }
        return encData;
    }

    /**
     * 用私钥解密
     */
    private static String decrypt(String data, Key privKey) {
        String decData = null;
        try {
            Cipher cipher = Cipher.getInstance("RSA");
            cipher.init(Cipher.DECRYPT_MODE, privKey);
            byte[] decrypted = cipher.doFinal(base64Decoder.decodeBuffer(data));
            decData = new String(decrypted);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return decData;
    }

    /**
     * 签名
     */
    private static String sign(byte[] data, PrivateKey privKey) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(data);
        byte[] sha256 = messageDigest.digest();
        //Signature signature = Signature.getInstance("SHA256withDSA");
        Signature signature = Signature.getInstance("NONEwithRSA");
        signature.initSign(privKey);
        signature.update(sha256);
        byte[] sign = signature.sign();
        return base64Encoder.encode(sign);
    }

    /**
     * 验签
     */
    private static boolean verify(byte[] data, String sign, PublicKey pubKey) throws Exception {
        MessageDigest digest = MessageDigest.getInstance("SHA-256");
        digest.update(data);
        byte[] sha256 = digest.digest();
        //Signature signature = Signature.getInstance("SHA256withDSA");
        Signature signature = Signature.getInstance("NONEwithRSA");
        signature.initVerify(pubKey);
        signature.update(sha256);
        boolean pass = signature.verify(base64Decoder.decodeBuffer(sign));
        if (!pass) {
            return false;
        } else {
            return true;
        }
    }
}

  • 0
    点赞
  • 10
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值