RSA、DSA和ECDSA三种算法。
通常是先对消息做 摘要处理,然后使用 私钥对摘要值进行 签名处理;验证时,使用 公钥验证消息的摘要值。
public class RSASin {
private static final String KEY_ALGORITHM = "RSA" ;
public static final String SIGNATURE_ALGORITHM = "MD5WithRSA" ;
private static final String PUBLIC_KEY = "RSAPublicKey" ;
private static final String PRIVATE_KEY = "RSAPrivateKey" ;
private static final int KEY_SIZE =512;
private static byte [] pubKey ;
private static byte [] priKey ;
//数字签名,根据私钥获取数字签名
public static byte [] sign( byte [] data, byte [] privateKey) throws Exception{
//私钥规范
PKCS8EncodedKeySpec pkcs8= new PKCS8EncodedKeySpec(privateKey);
//密钥工厂
KeyFactory keyFac=KeyFactory. getInstance( KEY_ALGORITHM );
PrivateKey priKey=keyFac.generatePrivate(pkcs8);
//实例化Signature
Signature signature=Signature. getInstance( SIGNATURE_ALGORITHM );
//初始化
signature.initSign(priKey);
//更新
signature.update(data); //根据数据更新签名
//签名
return signature.sign();
}
//校验--公钥验证
public static boolean verify( byte [] data, byte [] publicKey, byte [] sign) throws Exception{
//公钥规范
X509EncodedKeySpec x509= new X509EncodedKeySpec(publicKey);
KeyFactory keyFac=KeyFactory. getInstance( KEY_ALGORITHM );
//生成公钥
PublicKey pubKey=keyFac.generatePublic(x509);
Signature signature=Signature. getInstance( SIGNATURE_ALGORITHM );
signature.initVerify(pubKey);
signature.update(data);
//验证
return signature.verify(sign);
}
//取得私钥
public static byte [] getPrivateKey(Map<String,Object> keyMap){
Key key=(Key) keyMap.get( PRIVATE_KEY );
return key.getEncoded();
}
//公钥
public static byte [] getPublicKey(Map<String,Object> keyMap){
Key key=(Key)keyMap.get( PUBLIC_KEY );
return key.getEncoded();
}
//初始化密钥对
public static Map<String,Object> initKey() throws Exception{
KeyPairGenerator keyPairGen=KeyPairGenerator.getInstance( KEY_ALGORITHM );
keyPairGen.initialize( KEY_SIZE );
//生成密钥对
KeyPair keyP=keyPairGen.generateKeyPair();
//公钥
RSAPublicKey publicKey=(RSAPublicKey)keyP.getPublic();
//私钥
RSAPrivateKey privateKey=(RSAPrivateKey)keyP.getPrivate();
//封装密钥
Map<String,Object> keyMap= new HashMap<String,Object>(2);
keyMap.put( PRIVATE_KEY , (Object) privateKey);
keyMap.put( PUBLIC_KEY , (Object) publicKey);
return keyMap;
}
public static final void main(String[] args) throws Exception{
Map<String,Object> kMap= initKey();
pubKey =getPublicKey(kMap);
priKey =getPrivateKey(kMap);
System. err .println( "公钥:\n" +Base64.encodeBase64String ( pubKey ));
System. err .println( "私钥:\n" +Base64.encodeBase64String ( priKey ));
String str= "RSA数字签名" ;
byte [] data=str.getBytes();
//产生签名
byte [] sign=sign(data, priKey );
System. err .println( "签名:\n" +Hex.encodeHexString (sign));
//验证签名
boolean status=verify(data, pubKey , sign);
System. err .println( "状态:\n" +status);
//验证
assertTrue(status);
}
}