Java代碼實現文件添加數字簽名、驗證數字簽名
Linux下實現加簽、驗籤java
1.使用OpenSSL 生成公鑰和密鑰;算法
#用 OpenSSL, Linux 上自帶,經常使用命令以下: #生成 RSA 私鑰(傳統格式的) openssl genrsa -out rsa_private_key.pem 1024 #將傳統格式的私鑰轉換成 PKCS#8 格式的(JAVA須要使用的私鑰須要通過PKCS#8編碼,PHP程序不須要,能夠直接略過) openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt #生成 RSA 公鑰 openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
2.使用私鑰對文件進行加簽、並驗證數組
#有明文文件file.txt和RSA密鑰rsa_private_key.pem #使用md5指令指定sha1算法,對file.txt進行簽名,生成簽名文件sign1.txt openssl md5 -sha512 -sign rsa_private_key.pem -out data_xinbao.tar.gz.sign data_xinbao.tar.gz #使用md5指令指定sha1算法,對file.txt進行簽名,生成簽名文件sign1.txt openssl dgst -sha512 -sign rsa_private_key.pem -out data_xinbao.tar.gz.sign data_xinbao.tar.gz #兩個簽名文件同樣,說明兩個指令完成相同的功能 diff data_xinbao.tar.gz.sign data_xinbao1.tar.gz.sign #使用RSA公鑰驗證簽名(verify參數),驗證成功 openssl md5 -verify rsa_public_key.pem -sha512 -signature data_xinbao1.tar.gz.sign data_xinbao.tar.gz openssl dgst -verify rsa_public_key.pem -sha512 -signature data_xinbao.tar.gz.sign data_xinbao.tar.gz
3.查看OpenSSL和幫助app
#經過下面命令能夠查看openssl的參數說明 $ openssl dgst - options are -c to output the digest with separating colons -r to output the digest in coreutils format -d to output debug info -hex output as hex dump -binary output in binary form -sign file sign digest using private key in file -verify file verify a signature using public key in file -prverify file verify a signature using private key in file -keyform arg key file format (PEM or ENGINE) -out filename output to filename rather than stdout -signature file signature to verify -sigopt nm:v signature parameter -hmac key create hashed MAC with key -mac algorithm create MAC (not neccessarily HMAC) -macopt nm:v MAC algorithm parameters or key -engine e use engine e, possibly a hardware device. -md4 to use the md4 message digest algorithm -md5 to use the md5 message digest algorithm -ripemd160 to use the ripemd160 message digest algorithm -sha to use the sha message digest algorithm -sha1 to use the sha1 message digest algorithm -sha224 to use the sha224 message digest algorithm -sha256 to use the sha256 message digest algorithm -sha384 to use the sha384 message digest algorithm -sha512 to use the sha512 message digest algorithm -whirlpool to use the whirlpool message digest algorithm
4.拿加簽的原文件和加簽後的文件使用Java代碼進行對比;dom
import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import java.io.*; import java.security.*; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.InvalidKeySpecException; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Date; /** * 對文件加簽、驗籤工具類 * 生成私鑰:openssl genrsa -out rsa_private_key.pem 1024 * 私鑰還不能直接被使用,須要進行PKCS#8編碼:openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt * 根據私鑰生成公鑰:openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem * 使用私鑰sha512簽名:openssl dgst -sha512 -sign rsa_private_key.pem -out xx.tar.gz.sign xx.tar.gz * 使用公鑰sha512驗籤:openssl dgst -verify rsa_public_key.pem -sha512 -signature xx.tar.gz.sign xx.tar.gz * @author XIHONGLIE * @date 2018-03-27 */ public class RsaEncrypt { /** * rsa簽名 * @param data 待簽名的字符串 * @param priKey rsa私鑰字符串 * @return 簽名結果 * @throws Exception 簽名失敗則拋出異常 */ public byte[] rsaSign(byte[] data, RSAPrivateKey priKey) throws SignatureException { try { Signature signature = Signature.getInstance("SHA512withRSA"); signature.initSign(priKey); signature.update(data); byte[] signed = signature.sign(); return signed; } catch (Exception e) { throw new SignatureException("RSAcontent = " + data + "; charset = ", e); } } /** * rsa驗籤 * @param data 被簽名的內容 * @param sign 簽名後的結果 * @param pubKey rsa公鑰 * @return 驗簽結果 * @throws SignatureException 驗籤失敗,則拋異常 */ public boolean verify(byte[] data, byte[] sign, RSAPublicKey pubKey) throws SignatureException { try { Signature signature = Signature.getInstance("SHA512withRSA"); signature.initVerify(pubKey); signature.update(data); return signature.verify(sign); } catch (Exception e) { e.printStackTrace(); throw new SignatureException("RSA驗證簽名[content = " + data + "; charset = " + "; signature = " + sign + "]發生異常!", e); } } /** * 私鑰 */ private RSAPrivateKey privateKey; /** * 公鑰 */ private RSAPublicKey publicKey; /** * 字節數據轉字符串專用集合 */ private static final char[] HEX_CHAR = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' }; /** * 獲取私鑰 * @return 當前的私鑰對象 */ public RSAPrivateKey getPrivateKey() { return privateKey; } /** * 獲取公鑰 * @return 當前的公鑰對象 */ public RSAPublicKey getPublicKey() { return publicKey; } /** * 隨機生成密鑰對 */ public void genKeyPair() { KeyPairGenerator keyPairGen = null; try { keyPairGen = KeyPairGenerator.getInstance("RSA"); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } keyPairGen.initialize(1024, new SecureRandom()); KeyPair keyPair = keyPairGen.generateKeyPair(); this.privateKey = (RSAPrivateKey) keyPair.getPrivate(); this.publicKey = (RSAPublicKey) keyPair.getPublic(); } /** * 從.pem文件中取得私鑰 * @param filePath 文件路徑 * @return 私鑰 */ public String getPrivateKeyFromFile(String filePath){ String strPrivateKey = ""; try { BufferedReader privateKey = new BufferedReader(new FileReader(filePath)); String line = ""; while((line = privateKey.readLine()) != null){ strPrivateKey += line; } privateKey.close(); strPrivateKey = strPrivateKey.replace("-----BEGIN PRIVATE KEY-----","").replace("-----END PRIVATE KEY-----",""); }catch (Exception e){ e.printStackTrace(); } return strPrivateKey; } /** * 從.pem文件中取得公鑰 * @param filePath 文件路徑 * @return 公鑰 */ public String getPublicKeyFromFile(String filePath){ String strPublicKey = ""; try { BufferedReader publicKey = new BufferedReader(new FileReader(filePath)); String line = ""; while((line = publicKey.readLine()) != null){ strPublicKey += line; } publicKey.close(); strPublicKey = strPublicKey.replace("-----BEGIN PUBLIC KEY-----","").replace("-----END PUBLIC KEY-----",""); }catch (Exception e){ e.printStackTrace(); } return strPublicKey; } /** * 從字符串中加載公鑰 * @param publicKeyStr 公鑰數據字符串 * @throws Exception 加載公鑰時產生的異常 */ public void loadPublicKey(String publicKeyStr) throws Exception { try { byte[] buffer = Base64Utils.decode(publicKeyStr); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer); this.publicKey = (RSAPublicKey) keyFactory.generatePublic(keySpec); } catch (NoSuchAlgorithmException e) { throw new Exception("無此算法"); } catch (InvalidKeySpecException e) { throw new Exception("公鑰非法"); }catch (NullPointerException e) { throw new Exception("公鑰數據爲空"); } } /** * 加載私鑰 * @param privateKeyStr 私鑰文件名 * @return 是否成功 * @throws Exception */ public void loadPrivateKey(String privateKeyStr) throws Exception { try { byte[] buffer = Base64Utils.decode(privateKeyStr); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec); } catch (NoSuchAlgorithmException e) { throw new Exception("無此算法"); } catch (InvalidKeySpecException e) { throw new Exception("私鑰非法"); } catch (NullPointerException e) { throw new Exception("私鑰數據爲空"); } } /** * 加密過程 * @param publicKey 公鑰 * @param plainTextData 明文數據 * @return * @throws Exception 加密過程當中的異常信息 */ public byte[] encrypt(RSAPublicKey publicKey, byte[] plainTextData) throws Exception { if (publicKey == null) { throw new Exception("加密公鑰爲空, 請設置"); } Cipher cipher = null; try { cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] output = cipher.doFinal(plainTextData); return output; } catch (NoSuchAlgorithmException e) { throw new Exception("無此加密算法"); } catch (NoSuchPaddingException e) { e.printStackTrace(); return null; } catch (InvalidKeyException e) { throw new Exception("加密公鑰非法,請檢查"); } catch (IllegalBlockSizeException e) { throw new Exception("明文長度非法"); } catch (BadPaddingException e) { throw new Exception("明文數據已損壞"); } } /** * 解密過程 * @param privateKey 私鑰 * @param cipherData 密文數據 * @return 明文 * @throws Exception 解密過程當中的異常信息 */ public byte[] decrypt(RSAPrivateKey privateKey, byte[] cipherData) throws Exception { if (privateKey == null) { throw new Exception("解密私鑰爲空, 請設置"); } Cipher cipher = null; try { cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] output = cipher.doFinal(cipherData); return output; } catch (NoSuchAlgorithmException e) { throw new Exception("無此解密算法"); } catch (NoSuchPaddingException e) { e.printStackTrace(); return null; } catch (InvalidKeyException e) { throw new Exception("解密私鑰非法,請檢查"); } catch (IllegalBlockSizeException e) { throw new Exception("密文長度非法"); } catch (BadPaddingException e) { throw new Exception("密文數據已損壞"); } } /** * 字節數據轉十六進制字符串 * @param data 輸入數據 * @return 十六進制內容 */ public static String byteArrayToString(byte[] data) { StringBuilder stringBuilder = new StringBuilder(); for (int i = 0; i < data.length; i++) { // 取出字節的高四位 做爲索引獲得相應的十六進制標識符 注意無符號右移 stringBuilder.append(HEX_CHAR[(data[i] & 0xf0) >>> 4]); // 取出字節的低四位 做爲索引獲得相應的十六進制標識符 stringBuilder.append(HEX_CHAR[(data[i] & 0x0f)]); if (i < data.length - 1) { stringBuilder.append(' '); } } return stringBuilder.toString(); } /** * btye轉換hex函數 * @param byteArray * @return */ public static String byteToHex(byte[] byteArray) { StringBuffer strBuff = new StringBuffer(); for (int i = 0; i < byteArray.length; i++) { if (Integer.toHexString(0xFF & byteArray[i]).length() == 1) { strBuff.append("0").append( Integer.toHexString(0xFF & byteArray[i])); } else { strBuff.append(Integer.toHexString(0xFF & byteArray[i])); } } return strBuff.toString(); } /** * 以字節爲單位讀取文件,經常使用於讀二進制文件,如圖片、聲音、影像等文件。 */ public static byte[] readFileByBytes(String fileName) { File file = new File(fileName); InputStream in = null; byte[] txt = new byte[(int) file.length()]; try { // 一次讀一個字節 in = new FileInputStream(file); int tempbyte; int i = 0; while ((tempbyte = in.read()) != -1) { txt[i] = (byte) tempbyte; i++; } in.close(); return txt; } catch (IOException e) { e.printStackTrace(); return txt; } } /** * Main 測試方法 * @param args */ public static void main(String[] args) { RsaEncrypt rsaEncrypt = new RsaEncrypt(); try { String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPTrsUJ26WDSEQwKuAJhQ6XTNHKl1/+bWeyKRQKb0jeCyuiChMxN/qYSgg2BvS2bP51Rb5P9/UE1Rxm5drr3RYNMDvQoXBuA+rHiUX3wkdXmWSaktVbfe5C95N5FCF2jyLMIuWmrMk6Wo3r5MXrCb54A6zU7SzO/r7F0VkpBh9KwIDAQAB"; rsaEncrypt.loadPublicKey(publicKey); System.out.println("加載公鑰成功"); } catch (Exception e) { System.err.println(e.getMessage()); System.err.println("加載公鑰失敗"); } // 加載私鑰 try { String privateKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM9OuxQnbpYNIRDAq4AmFDpdM0cqXX/5tZ7IpFApvSN4LK6IKEzE3+phKCDYG9LZs/nVFvk/39QTVHGbl2uvdFg0wO9ChcG4D6seJRffCR1eZZJqS1Vt97kL3k3kUIXaPIswi5aasyTpajevkxesJvngDrNTtLM7+vsXRWSkGH0rAgMBAAECgYAlnFEQnP7RNlyTX4E95Kqy1AnjlWoVN8adoiU9bfUkpD7nA0jcdLNzIGFZZBvYKysd3m0ml1ISdddSLTpRjSl8K6O9dJDud3G9Oh3qCGgFflcKuKEXDnlaooX1sBrWF5vS0Gvg98x2C52Pnblm2eGVuTvCMaINDZLaamUlaFldMQJBAO3clhAIBJSWlm7Tt/a1d7+IbsGcS16Rk/N23DHg6LADXxIezxgSrpztSa5Nq81W5RC2WsotYYeRt+8KHsPRRn8CQQDfHa7A7hBTOT/V4FXTApuJUlReUh6cHWPsrxf/rUYKylK9WYBAJv1AZW9KaRtcadyu7ldNMb3MAsbE2vLoW2tVAkEAxhvLAF8tMXSapoO/3MMXkXbYiHjcbU9iooyEqSZhpven3ze51Jr6w8j+bSZTyRpufpTi2TEi4f8D6xvKs91BkQJBAKLS05xiX7GMfwSDQb7LEVzmo0FuJn6BiFHK+fWRqyLmwfkDHvAyQ/FB1TT1fY00iGN09msUWNFQWWSB8HEXfj0CQQCAJYV35rNJ781DXhBH5m1tq74zDNzAqynjm0hqhzlVMSHTYFIeU6SBnhk3swnfvJ8kgy3bQJtohYZ8Tuaz19VN"; rsaEncrypt.loadPrivateKey(privateKey); System.out.println("加載私鑰成功"); } catch (Exception e) { System.err.println(e.getMessage()); System.err.println("加載私鑰失敗"); } // 測試字符串 String encryptStr = "12321dsfasf1321312fsfdsafsdafasfsadf"; try { System.out.println(new Date()); // 加密 byte[] cipher = rsaEncrypt.encrypt(rsaEncrypt.getPublicKey(), encryptStr.getBytes()); // 解密 byte[] plainText = rsaEncrypt.decrypt(rsaEncrypt.getPrivateKey(), cipher); System.out.println(new Date()); System.out.println(new String(plainText)); byte[] content = readFileByBytes("/data/zhnx/IN/data_xinbao.tar.gz"); // 簽名驗證 byte[] signbyte = rsaEncrypt.rsaSign(content, rsaEncrypt.getPrivateKey()); System.out.println("簽名-----:" + byteToHex(signbyte)); ByteUtil.saveFile(signbyte,"/data/zhnx/IN/","data_xinbao1.tar.gz.sign"); Boolean isok = rsaEncrypt.verify(content, signbyte, rsaEncrypt.getPublicKey()); System.out.println("驗證:" + isok); // 讀取驗證文件 byte[] read = readFileByBytes("/data/zhnx/IN/data_xinbao.tar.gz.sign"); System.out.println("讀取簽名文件:" + byteToHex(read)); Boolean isfok = rsaEncrypt.verify(content, read, rsaEncrypt.getPublicKey()); System.out.println("文件驗證2:" + isfok); } catch (Exception e) { System.err.println(e.getMessage()); } } }
import java.io.UnsupportedEncodingException; /** * Base64 加密解密工具類 * @author XIHONGLEI * @date 2018-03-27 */ public class Base64Utils { private static char[] base64EncodeChars = new char[] {'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'}; private static byte[] base64DecodeChars = new byte[] {-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1}; public static String encode(byte[] data) { StringBuffer sb = new StringBuffer(); int len = data.length; int i = 0; int b1, b2, b3; while (i < len) { b1 = data[i++] & 0xff; if (i == len) { sb.append(base64EncodeChars[b1 >>> 2]); sb.append(base64EncodeChars[(b1 & 0x3) << 4]); sb.append("=="); break; } b2 = data[i++] & 0xff; if (i == len) { sb.append(base64EncodeChars[b1 >>> 2]); sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]); sb.append(base64EncodeChars[(b2 & 0x0f) << 2]); sb.append("="); break; } b3 = data[i++] & 0xff; sb.append(base64EncodeChars[b1 >>> 2]); sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]); sb.append(base64EncodeChars[((b2 & 0x0f) << 2) | ((b3 & 0xc0) >>> 6)]); sb.append(base64EncodeChars[b3 & 0x3f]); } return sb.toString(); } public static byte[] decode(String str) { try { return decodePrivate(str); } catch (UnsupportedEncodingException e) { e.printStackTrace(); } return new byte[] {}; } private static byte[] decodePrivate(String str) throws UnsupportedEncodingException { StringBuffer sb = new StringBuffer(); byte[] data = null; data = str.getBytes("US-ASCII"); int len = data.length; int i = 0; int b1, b2, b3, b4; while (i < len) { do { b1 = base64DecodeChars[data[i++]]; } while (i < len && b1 == -1); if (b1 == -1) { break; } do { b2 = base64DecodeChars[data[i++]]; } while (i < len && b2 == -1); if (b2 == -1) { break; } sb.append((char) ((b1 << 2) | ((b2 & 0x30) >>> 4))); do { b3 = data[i++]; if (b3 == 61) { return sb.toString().getBytes("iso8859-1"); } b3 = base64DecodeChars[b3]; } while (i < len && b3 == -1); if (b3 == -1) { break; } sb.append((char) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2))); do { b4 = data[i++]; if (b4 == 61) { return sb.toString().getBytes("iso8859-1"); } b4 = base64DecodeChars[b4]; } while (i < len && b4 == -1); if (b4 == -1) { break; } sb.append((char) (((b3 & 0x03) << 6) | b4)); } return sb.toString().getBytes("iso8859-1"); } }
注:私鑰必須是經過pkcs8 進行編碼之後的;函數
import java.io.*; /** * byte數組工具類實現byte[]與文件之間的相互轉換 * @author XIHONGLEI * @Date 2018-03-26 */ public class ByteUtil { /** * 得到指定文件的byte數組 */ public static byte[] getBytes(String filePath){ byte[] buffer = null; try { File file = new File(filePath); FileInputStream fis = new FileInputStream(file); ByteArrayOutputStream bos = new ByteArrayOutputStream(1000); byte[] b = new byte[1000]; int n; while ((n = fis.read(b)) != -1) { bos.write(b, 0, n); } fis.close(); bos.close(); buffer = bos.toByteArray(); } catch (FileNotFoundException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } return buffer; } /** * 根據byte數組,生成文件 */ public static void saveFile(byte[] bfile, String filePath,String fileName) { BufferedOutputStream bos = null; FileOutputStream fos = null; File file = null; try { File dir = new File(filePath); //判斷文件目錄是否存在 if(!dir.exists()&&dir.isDirectory()){ dir.mkdirs(); } file = new File(filePath+"\\"+fileName); fos = new FileOutputStream(file); bos = new BufferedOutputStream(fos); bos.write(bfile); } catch (Exception e) { e.printStackTrace(); } finally { if (bos != null) { try { bos.close(); } catch (IOException e1) { e1.printStackTrace(); } } if (fos != null) { try { fos.close(); } catch (IOException e1) { e1.printStackTrace(); } } } } }
5.驗證結果:工具
相關文章
- 1. Java 添加、驗證PDF 數字簽名
- 2. 數字簽名(代碼簽名)流程和數字簽名的驗證
- 3. Java實現數字簽名
- 4. 數字簽名 私鑰加密實現數字簽名 P111
- 5. 數字簽名(代碼簽名)流程
- 6. Java數字證書對文件/加密/解密/簽名/校驗簽名
- 7. Java PDF 添加數字簽名
- 8. 代碼簽名、文檔簽名、數字簽名、數字證書、SSL證書、代碼簽名證書相關概念以及關係。
- 9. XML 簽名--數字簽名
- 10. 數字簽名--ECDSA實現
- 更多相關文章...
- • Eclipse 添加書籤 - Eclipse 教程
- • ASP.NET Web Pages - 添加 Razor 代碼 - ASP.NET 教程
- • ☆基於Java Instrument的Agent實現
- • Flink 數據傳輸及反壓詳解
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 安裝cuda+cuDNN
- 2. GitHub的使用說明
- 3. phpDocumentor使用教程【安裝PHPDocumentor】
- 4. yarn run build報錯Component is not found in path 「npm/taro-ui/dist/weapp/components/rate/index「
- 5. 精講Haproxy搭建Web集羣
- 6. 安全測試基礎之MySQL
- 7. C/C++編程筆記:C語言中的複雜聲明分析,用實例帶你完全讀懂
- 8. Python3教程(1)----搭建Python環境
- 9. 李宏毅機器學習課程筆記2:Classification、Logistic Regression、Brief Introduction of Deep Learning
- 10. 阿里雲ECS配置速記
歡迎關注本站公眾號,獲取更多信息
