DSA
DSA:Digital Signature Algorithm,使用EIGamal數字簽名算法,和RSA數字簽名相比,DSA更快。 DSA只能配合SHA使用:java
- SHA1withDSA
- SHA256withDSA
- SHA512withDSA
代碼演示:git
package com.testList; import java.security.*; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; public class SecDSASignature { PrivateKey sk; PublicKey pk; public SecDSASignature() throws GeneralSecurityException{ //generate key pair KeyPairGenerator kpGen = KeyPairGenerator.getInstance("DSA"); kpGen.initialize(1024); KeyPair kp = kpGen.generateKeyPair(); this.sk = kp.getPrivate(); this.pk = kp.getPublic(); } public SecDSASignature(byte[] pk,byte[] sk) throws GeneralSecurityException{ //create from bytes KeyFactory kf = KeyFactory.getInstance("DSA"); X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(pk); this.pk = kf.generatePublic(pkSpec); PKCS8EncodedKeySpec skSpec = new PKCS8EncodedKeySpec(sk); this.sk = kf.generatePrivate(skSpec); } public byte[] getPrivateKey(){ return this.sk.getEncoded(); } public byte[] getPublicKey(){ return this.pk.getEncoded(); } public byte[] sign(byte[] message) throws GeneralSecurityException{ //sign by sk; Signature signature = Signature.getInstance("SHA1withDSA"); signature.initSign(this.sk); signature.update(message); return signature.sign(); } public boolean verify(byte[] message,byte[] sign) throws GeneralSecurityException{ //verify by pk Signature signature = Signature.getInstance("SHA1withDSA"); signature.initVerify(this.pk); signature.update(message); return signature.verify(sign); } public static void main(String[] args) throws Exception{ byte[] message = "Hello,使用SHA1withDSA算法進行數字簽名".getBytes("utf-8"); SecDSASignature rasa = new SecDSASignature(); byte[] sign = rasa.sign(message); System.out.println("sign:"+ Base64.getEncoder().encodeToString(sign)); boolean verified = rasa.verify(message,sign); System.out.println("verify:"+verified); message[0] = 100; boolean verified2 = rasa.verify(message,sign); System.out.println("verified2:"+verified2); } }
<img src="https://img2018.cnblogs.com/blog/1418970/201905/1418970-20190522214956227-242656727.png" width="500" />算法
總結:
- DSA是另外一種簽名算法
- 其餘數字簽名算法 * ECDSA:Elliptic Curve Digital Signature Algorithm(Bouncy Castle)