签名是客户端用私钥对请求参数进行rsa签名算法后生成的字符串,验签是对服务端使用公钥对客户端的请求参数进行签名算法后和客户端的签名字符串进行比较是否相同,鉴别请求者身份的过程。
代码示例:
import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; import java.util.TreeMap; import org.springframework.util.Base64Utils; /** * 非对称加密算法 - RSA * * @author jie * */ public class RSA { /** RSA算法 */ private static final String RSA_ALGORITHM = "RSA"; /** RSA签名算法 */ private static final String RSA_SIGNATURE_ALGORITHM = "SHA1withRSA"; /** RSA公钥key */ public static final String RSA_PUBLIC_KEY = "RSA_PUBLIC_KEY"; /** RSA私钥key */ public static final String RSA_PRIVATE_KEY = "RSA_PRIVATE_KEY"; /** * 生成RSA公私钥对:密钥格式PKCS8 * * @param keysize * 密钥长度:1024, 2048 * @return RSA公、私钥对Map<String, String> * @throws Exception */ public static Map<String, String> generateKeyPair(Integer keysize) throws Exception { // 生成RSA Key KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(RSA_ALGORITHM); keyPairGenerator.initialize(keysize); KeyPair keyPair = keyPairGenerator.generateKeyPair(); RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // Key --> Base64 String publicKeyBase64 = Base64Utils.encodeToUrlSafeString(publicKey.getEncoded()); String privateKeyBase64 = Base64Utils.encodeToUrlSafeString(privateKey.getEncoded()); Map<String, String> ret = new HashMap<String, String>(); ret.put(RSA_PUBLIC_KEY, publicKeyBase64); ret.put(RSA_PRIVATE_KEY, privateKeyBase64); return ret; } /** * RSA私钥签名:签名方式SHA1withRSA * * @param data * 待签名byte[] * @param privateKeyBase64 * 私钥(Base64编码) * @return 签名byte[] * @throws Exception */ public static byte[] sign(byte[] data, String privateKeyBase64) throws Exception { // Base64 --> Key byte[] bytes = Base64Utils.decodeFromUrlSafeString(privateKeyBase64); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes); KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PrivateKey privateKey = keyFactory.generatePrivate(keySpec); // Sign Signature signature = Signature.getInstance(RSA_SIGNATURE_ALGORITHM); signature.initSign(privateKey); signature.update(data); return signature.sign(); } /** * RSA公钥验签 * * @param data * 待签名字符串 * @param publicKeyBase64 * 公钥(Base64编码) * @return 验签结果 * @throws Exception */ public static boolean verify(byte[] data, String publicKeyBase64, String sign) throws Exception { // Base64 --> Key byte[] bytes = Base64Utils.decodeFromUrlSafeString(publicKeyBase64); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes); KeyFactory keyFactory = KeyFactory.getInstance(RSA_ALGORITHM); PublicKey publicKey = keyFactory.generatePublic(keySpec); // verify Signature signature = Signature.getInstance(RSA_SIGNATURE_ALGORITHM); signature.initVerify(publicKey); signature.update(data); return signature.verify(Base64Utils.decodeFromUrlSafeString(sign)); } public static void main(String[] args) { try { // 0. 生成公、私钥对 Map<String, String> keyPair = RSA.generateKeyPair(1024); System.out.println("私钥:" + keyPair.get(RSA_PRIVATE_KEY)); System.out.println("公钥:" + keyPair.get(RSA_PUBLIC_KEY)); // 将参数进行字典排序 StringBuilder sb = new StringBuilder(); Map<String, String> map = new TreeMap<String, String>(); map.put("orderId", "10086"); map.put("mobile", "18888888888"); // 组成待签名字符串 sb.delete(0, sb.length()); // 清空StringBuilder for (Map.Entry<String, String> entry : map.entrySet()) { if (sb.toString().contains("=")) sb.append("&"); sb.append(entry.getKey() + "=" + entry.getValue()); } String signContent = sb.toString(); System.out.println("待签名内容:" + signContent); // 1. 用私钥生成签名 byte[] signBytes = RSA.sign(signContent.getBytes(), keyPair.get(RSA_PRIVATE_KEY)); String sign = Base64Utils.encodeToUrlSafeString(signBytes); System.out.println("签名:" + sign); // 2. 用公钥进行验签 boolean verify = RSA.verify(signContent.getBytes(), keyPair.get(RSA_PUBLIC_KEY), sign); System.out.println("验签结果:" + verify); } catch (Exception e) { e.printStackTrace(); } } }
加解密是对报文加密解密,避免被恶意截取,使用公钥进行加密,私钥进行解密
示例代码:
import javax.crypto.Cipher; import java.security.*; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; import java.util.HashMap; import java.util.Map; public class RSAEncrypt { private static final String ALGO = "RSA"; private static final String CHARSET = "UTF-8"; /* * 用于存储随机产生的公钥与私钥 */ private static Map<Integer, String> KEY_CACHE = new HashMap<>(); /** * 随机生成密钥对 * * @throws NoSuchAlgorithmException */ private static void generateKeyPair() throws NoSuchAlgorithmException { // KeyPairGenerator 类用于生成公钥和私钥对,基于RSA算法生成对象 KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGO); // 初始化密钥对生成器,密钥大小为 96-1024 位 keyPairGen.initialize(1024, new SecureRandom()); // 生成一个密钥对,保存在 keyPair 中 KeyPair keyPair = keyPairGen.generateKeyPair(); // 得到私钥 RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到公钥 RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); String publicKeyString = new String(Base64.getEncoder().encode(publicKey.getEncoded())); // 得到私钥字符串 String privateKeyString = new String(Base64.getEncoder().encode((privateKey.getEncoded()))); // 将公钥和私钥保存到 Map KEY_CACHE.put(0, publicKeyString); KEY_CACHE.put(1, privateKeyString); } /** * RSA公钥加密 * * @param data 加密字符串 * @param publicKey 公钥 * @return 密文 * @throws Exception 加密过程中的异常信息 */ private static String encrypt(String data, String publicKey) throws Exception { // base64 编码的公钥 byte[] decoded = Base64.getDecoder().decode(publicKey); RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance(ALGO).generatePublic(new X509EncodedKeySpec(decoded)); // RSA加密 Cipher cipher = Cipher.getInstance(ALGO); // 公钥加密 cipher.init(Cipher.ENCRYPT_MODE, pubKey); return Base64.getEncoder().encodeToString(cipher.doFinal(data.getBytes(CHARSET))); } /** * RSA私钥解密 * * @param data 加密字符串 * @param privateKey 私钥 * @return 铭文 * @throws Exception 解密过程中的异常信息 */ private static String decrypt(String data, String privateKey) throws Exception { byte[] inputByte = Base64.getDecoder().decode(data.getBytes(CHARSET)); // base64 编码的私钥 byte[] decoded = Base64.getDecoder().decode(privateKey); RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance(ALGO).generatePrivate(new PKCS8EncodedKeySpec(decoded)); // RSA 解密 Cipher cipher = Cipher.getInstance(ALGO); // 私钥解密 cipher.init(Cipher.DECRYPT_MODE, priKey); return new String(cipher.doFinal(inputByte)); } public static void main(String[] args) { String originData = "hellp Test Asymmetric encrypt!"; try { generateKeyPair(); String encryData = encrypt(originData, KEY_CACHE.get(0)); System.out.println("encryData = " + encryData); String decryData = decrypt(encryData, KEY_CACHE.get(1)); System.out.println("decryData = " + decryData); } catch (Exception e) { e.printStackTrace(); } } }