1、在pom.xml文件中,引入依赖类库
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
<version>1.11</version>
</dependency>
<!-- bcprov-jdk15to18-->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15to18</artifactId>
<version>1.69</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.7.25</version>
</dependency>
2、工具代码
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.engines.SM2Engine.Mode;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* SM2 是国家密码管理局于 2010 年发布的一种国产公钥密码算法,它采用了椭圆曲线密码体制,其安全性已被国际公认。
* SM2 算法的主要特点是安全性高、效率高、易于实现,因此被广泛应用于电子商务、电子政务、金融等领域。
*
* SM2 算法由以下几个部分组成:
*
* * 椭圆曲线:SM2 算法采用了 256 位超安全的椭圆曲线,其曲线方程为:
* y^2 = x^3 + a*x + b (mod p)
* 其中,a 和 b 是曲线参数,p 是曲线阶。
* * 基点:SM2 算法采用了曲线上的两个基点 G 和 P,其中 G 是生成点,P 是公钥点。
*
* * 消息加密:SM2 算法使用公钥加密,私钥解密。加密过程如下:
* 1. 选择一个随机数 k,并计算 k*G。
* 2. 将明文 M 与 k*G 进行异或运算,得到密文 C。
*
* * 消息解密:SM2 算法使用私钥解密,过程如下:
* 1. 计算 k^-1。
* 2. 将密文 C 与 k^-1*G 进行异或运算,得到明文 M。
*/
public class Sm2Utils {
private static Logger log = LoggerFactory.getLogger(Sm2Utils.class);
public Sm2Utils() {}
//生成密钥对
public static KeyPair generateSm2KeyPair() {
try {
ECGenParameterSpec sm2Spec = new ECGenParameterSpec("prime256v1");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
SecureRandom random = new SecureRandom();
kpg.initialize(sm2Spec, random);
KeyPair keyPair = kpg.generateKeyPair();
return keyPair;
} catch (Exception var4) {
log.error("generate sm2 key pail failed:", var4.getMessage(), var4);
throw new RuntimeException("生成密钥对失败");
}
}
//加密
public static byte[] encrypt(byte[] data, byte[] key) throws Exception {
KeySpec keySpec = new X509EncodedKeySpec(key);
PublicKey publicKey = KeyFactory.getInstance("EC", new BouncyCastleProvider()).generatePublic(keySpec);
ECPublicKeyParameters parameters = (ECPublicKeyParameters)ECUtil.generatePublicKeyParameter(publicKey);
CipherParameters pubKeyParameters = new ParametersWithRandom(parameters);
SM2Engine engine = new SM2Engine(Mode.C1C2C3);
engine.init(true, pubKeyParameters);
return engine.processBlock(data, 0, data.length);
}
//解密
public static byte[] decrypt(byte[] data, byte[] key) throws Exception {
KeySpec keySpec = new PKCS8EncodedKeySpec(key);
KeyFactory keyfactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
PrivateKey privateKey = keyfactory.generatePrivate(keySpec);
CipherParameters privateKeyParameters = ECUtil.generatePrivateKeyParameter(privateKey);
SM2Engine engine = new SM2Engine(Mode.C1C2C3);
engine.init(false, privateKeyParameters);
byte[] byteDate = engine.processBlock(data, 0, data.length);
return byteDate;
}
//签名
public static byte[] sign(byte[] data, byte[] key) throws Exception {
SM2Signer signer = new SM2Signer();
KeySpec keySpec = new PKCS8EncodedKeySpec(key);
KeyFactory keyfactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());
PrivateKey privateKey = keyfactory.generatePrivate(keySpec);
ECPrivateKeyParameters keyParameters = (ECPrivateKeyParameters)ECUtil.generatePrivateKeyParameter(privateKey);
CipherParameters param = new ParametersWithRandom(keyParameters);
signer.init(true, param);
signer.update(data, 0, data.length);
return signer.generateSignature();
}
//验签
public static boolean verify(byte[] data, byte[] sign, byte[] key) throws Exception {
SM2Signer signer = new SM2Signer();
KeySpec keySpec = new X509EncodedKeySpec(key);
PublicKey publicKey = KeyFactory.getInstance("EC", new BouncyCastleProvider()).generatePublic(keySpec);
CipherParameters param = ECUtil.generatePublicKeyParameter(publicKey);
signer.init(false, param);
signer.update(data, 0, data.length);
return signer.verifySignature(sign);
}
public static void main(String[] args) throws Exception {
//生成密钥对
KeyPair keyPair = generateSm2KeyPair();
String publicKey = Base64.encodeBase64String(keyPair.getPublic().getEncoded());
String privateKey = Base64.encodeBase64String(keyPair.getPrivate().getEncoded());
System.out.println("sm2公钥字符串:" + publicKey);
System.out.println("sm2私钥字符串:" + privateKey);
//加密前内容
String plaintext = "SM2 Test";
//签名
String signature = Base64.encodeBase64String(sign(plaintext.getBytes("utf-8"), keyPair.getPrivate().getEncoded()));
System.out.println("签名: " + signature);
//公钥加密
String ciphertext = Base64.encodeBase64String( encrypt(plaintext.getBytes("utf-8"), Base64.decodeBase64(publicKey)) );
System.out.println("密文: " + ciphertext);
//验证
boolean result = verify(plaintext.getBytes("utf-8"), Base64.decodeBase64(signature), keyPair.getPublic().getEncoded());
System.out.println("验签结果: " + result);
//私钥解密
plaintext = new String( decrypt(Base64.decodeBase64(ciphertext), Base64.decodeBase64(privateKey)), "utf-8");
System.out.println("明文: " + plaintext);
}
}