标签:row tsig 分组 oid top ini 字符 actor str
RSA为非对称加密算法。
数字签名的过程:1、对明文数据进行HASH加密,不可逆;2、对加密后的数据再用RSA的私钥进行二次加密。
数字签名的验证过程:1、对明文数据进行HASH加密,不可逆;2、用RSA的公钥对数字签名后的数据进行解密;3、把1的结果和2的结果进行比较是否相等。
RSA加密的过程和解密的过程都需要三步:加/解密、分组、填充。这三部分每一步都可以选择各自的算法。例如:RSA/ECB/PKCS1Padding。
在这里RSA的公钥是用X509编码的。
在这里RSA的私钥使用PKCS8编码的。
import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; import java.util.HashMap; import java.util.Map; import javax.crypto.Cipher; public class Secret { public static final String KEY_ALGORITHM = "RSA"; public static final String SIGNATURE_ALGORITHM = "SHA256withRSA"; private static final String PUBLIC_KEY = "PublicKey"; private static final String PRIVATE_KEY = "PrivateKey"; public static void main(String[] args) { // TODO Auto-generated method stub } //生成密匙对 public static Map<String,Key> initKeyPair() throws Exception{ KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_ALGORITHM); kpg.initialize(1024); KeyPair keyPair = kpg.generateKeyPair(); PublicKey publicKey = keyPair.getPublic(); PrivateKey privateKey = keyPair.getPrivate(); Map<String,Key> keyMap = new HashMap<>(); keyMap.put(PUBLIC_KEY, publicKey); keyMap.put(PRIVATE_KEY, privateKey); return keyMap; } //字节数组到公钥 public static PrivateKey strToPrivateKey(String str) throws Exception{ PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(decryptBASE64(str)); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec); return privateKey; } //字节数组到私钥 public static PublicKey strToPublicKey(String str) throws Exception{ X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(decryptBASE64(str)); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); PublicKey publicKey = keyFactory.generatePublic(x509KeySpec); return publicKey; } //字节数组到文件字符串 public static String encryptBASE64(byte[] bytes) { return Base64.getEncoder().encodeToString(bytes); } //文件字符串到字节数组 public static byte[] decryptBASE64(String str) { return Base64.getDecoder().decode(str); } //用公钥加密 public static byte[] encryptByPublicKey(byte[] data, String key) throws Exception{ PublicKey publicKey = strToPublicKey(key); Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); //Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); //加解密算法/分組算法/填充算法 cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); } //用私钥加密 public static byte[] encryptByPrivateKey(byte[] data, String key) throws Exception{ PrivateKey privateKey = strToPrivateKey(key); Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); //Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); //加解密算法/分組算法/填充算法 cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } //用公钥解密 public static byte[] decryptByPublicKey(byte[] data, String key) throws Exception { PublicKey publicKey = strToPublicKey(key); Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); //Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); //加解密算法/分組算法/填充算法 cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } //用私钥解密 public static byte[] decryptByPrivateKey(byte[] data, String key) throws Exception { PrivateKey privateKey = strToPrivateKey(key); Cipher cipher = Cipher.getInstance(KEY_ALGORITHM); //Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); //加解密算法/分組算法/填充算法 cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } //对字符串进行数字签名 public static byte[] sign(byte[] data, String privateKey) throws Exception { PrivateKey priKey = strToPrivateKey(privateKey); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); return signature.sign(); } //对数字签名进行验证 public static boolean verify(byte[] data, String publicKey, byte[] sign) throws Exception { PublicKey pubKey = strToPublicKey(publicKey); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data); return signature.verify(sign); } }
标签:row tsig 分组 oid top ini 字符 actor str
原文地址:https://www.cnblogs.com/erdanyang/p/10765880.html