Java加密技術（六）——數字簽名算法DSA

接下來咱們介紹DSA數字簽名，非對稱加密的另外一種實現。
DSA
DSA-Digital Signature Algorithm 是Schnorr和ElGamal簽名算法的變種，被美國NIST做爲DSS(DigitalSignature Standard)。簡單的說，這是一種更高級的驗證方式，用做數字簽名。不僅僅只有公鑰、私鑰，還有數字簽名。私鑰加密生成數字簽名，公鑰驗證數據及簽名。若是數據和簽名不匹配則認爲驗證失敗！數字簽名的做用就是校驗數據在傳輸過程當中不被修改。數字簽名，是單向加密的升級！

經過java代碼實現以下： Coder類見 Java加密技術（一）

Java代碼  

1. import java.security.Key;  
2. import java.security.KeyFactory;  
3. import java.security.KeyPair;  
4. import java.security.KeyPairGenerator;  
5. import java.security.PrivateKey;  
6. import java.security.PublicKey;  
7. import java.security.SecureRandom;  
8. import java.security.Signature;  
9. import java.security.interfaces.DSAPrivateKey;  
10. import java.security.interfaces.DSAPublicKey;  
11. import java.security.spec.PKCS8EncodedKeySpec;  
12. import java.security.spec.X509EncodedKeySpec;  
13. import java.util.HashMap;  
14. import java.util.Map;  
15.   
16. /** 
17.  * DSA安全編碼組件 
18.  *  
19.  * @author 樑棟 
20.  * @version 1.0 
21.  * @since 1.0 
22.  */  
23. public abstract class DSACoder extends Coder {  
24.   
25.     public static final String ALGORITHM = "DSA";  
26.   
27.     /** 
28.      * 默認密鑰字節數 
29.      *  
30.      * <pre> 
31.      * DSA  
32.      * Default Keysize 1024   
33.      * Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive). 
34.      * </pre> 
35.      */  
36.     private static final int KEY_SIZE = 1024;  
37.   
38.     /** 
39.      * 默認種子 
40.      */  
41.     private static final String DEFAULT_SEED = "0f22507a10bbddd07d8a3082122966e3";  
42.   
43.     private static final String PUBLIC_KEY = "DSAPublicKey";  
44.     private static final String PRIVATE_KEY = "DSAPrivateKey";  
45.   
46.     /** 
47.      * 用私鑰對信息生成數字簽名 
48.      *  
49.      * @param data 
50.      *            加密數據 
51.      * @param privateKey 
52.      *            私鑰 
53.      *  
54.      * @return 
55.      * @throws Exception 
56.      */  
57.     public static String sign(byte[] data, String privateKey) throws Exception {  
58.         // 解密由base64編碼的私鑰  
59.         byte[] keyBytes = decryptBASE64(privateKey);  
60.   
61.         // 構造PKCS8EncodedKeySpec對象  
62.         PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);  
63.   
64.         // KEY_ALGORITHM 指定的加密算法  
65.         KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);  
66.   
67.         // 取私鑰匙對象  
68.         PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);  
69.   
70.         // 用私鑰對信息生成數字簽名  
71.         Signature signature = Signature.getInstance(keyFactory.getAlgorithm());  
72.         signature.initSign(priKey);  
73.         signature.update(data);  
74.   
75.         return encryptBASE64(signature.sign());  
76.     }  
77.   
78.     /** 
79.      * 校驗數字簽名 
80.      *  
81.      * @param data 
82.      *            加密數據 
83.      * @param publicKey 
84.      *            公鑰 
85.      * @param sign 
86.      *            數字簽名 
87.      *  
88.      * @return 校驗成功返回true 失敗返回false 
89.      * @throws Exception 
90.      *  
91.      */  
92.     public static boolean verify(byte[] data, String publicKey, String sign)  
93.             throws Exception {  
94.   
95.         // 解密由base64編碼的公鑰  
96.         byte[] keyBytes = decryptBASE64(publicKey);  
97.   
98.         // 構造X509EncodedKeySpec對象  
99.         X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);  
100.   
101.         // ALGORITHM 指定的加密算法  
102.         KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);  
103.   
104.         // 取公鑰匙對象  
105.         PublicKey pubKey = keyFactory.generatePublic(keySpec);  
106.   
107.         Signature signature = Signature.getInstance(keyFactory.getAlgorithm());  
108.         signature.initVerify(pubKey);  
109.         signature.update(data);  
110.   
111.         // 驗證簽名是否正常  
112.         return signature.verify(decryptBASE64(sign));  
113.     }  
114.   
115.     /** 
116.      * 生成密鑰 
117.      *  
118.      * @param seed 
119.      *            種子 
120.      * @return 密鑰對象 
121.      * @throws Exception 
122.      */  
123.     public static Map<String, Object> initKey(String seed) throws Exception {  
124.         KeyPairGenerator keygen = KeyPairGenerator.getInstance(ALGORITHM);  
125.         // 初始化隨機產生器  
126.         SecureRandom secureRandom = new SecureRandom();  
127.         secureRandom.setSeed(seed.getBytes());  
128.         keygen.initialize(KEY_SIZE, secureRandom);  
129.   
130.         KeyPair keys = keygen.genKeyPair();  
131.   
132.         DSAPublicKey publicKey = (DSAPublicKey) keys.getPublic();  
133.         DSAPrivateKey privateKey = (DSAPrivateKey) keys.getPrivate();  
134.   
135.         Map<String, Object> map = new HashMap<String, Object>(2);  
136.         map.put(PUBLIC_KEY, publicKey);  
137.         map.put(PRIVATE_KEY, privateKey);  
138.   
139.         return map;  
140.     }  
141.   
142.     /** 
143.      * 默認生成密鑰 
144.      *  
145.      * @return 密鑰對象 
146.      * @throws Exception 
147.      */  
148.     public static Map<String, Object> initKey() throws Exception {  
149.         return initKey(DEFAULT_SEED);  
150.     }  
151.   
152.     /** 
153.      * 取得私鑰 
154.      *  
155.      * @param keyMap 
156.      * @return 
157.      * @throws Exception 
158.      */  
159.     public static String getPrivateKey(Map<String, Object> keyMap)  
160.             throws Exception {  
161.         Key key = (Key) keyMap.get(PRIVATE_KEY);  
162.   
163.         return encryptBASE64(key.getEncoded());  
164.     }  
165.   
166.     /** 
167.      * 取得公鑰 
168.      *  
169.      * @param keyMap 
170.      * @return 
171.      * @throws Exception 
172.      */  
173.     public static String getPublicKey(Map<String, Object> keyMap)  
174.             throws Exception {  
175.         Key key = (Key) keyMap.get(PUBLIC_KEY);  
176.   
177.         return encryptBASE64(key.getEncoded());  
178.     }  
179. }  

import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;

/**
 * DSA安全編碼組件
 * 
 * @author 樑棟
 * @version 1.0
 * @since 1.0
 */
public abstract class DSACoder extends Coder {

	public static final String ALGORITHM = "DSA";

	/**
	 * 默認密鑰字節數
	 * 
	 * <pre>
	 * DSA 
	 * Default Keysize 1024  
	 * Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
	 * </pre>
	 */
	private static final int KEY_SIZE = 1024;

	/**
	 * 默認種子
	 */
	private static final String DEFAULT_SEED = "0f22507a10bbddd07d8a3082122966e3";

	private static final String PUBLIC_KEY = "DSAPublicKey";
	private static final String PRIVATE_KEY = "DSAPrivateKey";

	/**
	 * 用私鑰對信息生成數字簽名
	 * 
	 * @param data
	 *            加密數據
	 * @param privateKey
	 *            私鑰
	 * 
	 * @return
	 * @throws Exception
	 */
	public static String sign(byte[] data, String privateKey) throws Exception {
		// 解密由base64編碼的私鑰
		byte[] keyBytes = decryptBASE64(privateKey);

		// 構造PKCS8EncodedKeySpec對象
		PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);

		// KEY_ALGORITHM 指定的加密算法
		KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);

		// 取私鑰匙對象
		PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);

		// 用私鑰對信息生成數字簽名
		Signature signature = Signature.getInstance(keyFactory.getAlgorithm());
		signature.initSign(priKey);
		signature.update(data);

		return encryptBASE64(signature.sign());
	}

	/**
	 * 校驗數字簽名
	 * 
	 * @param data
	 *            加密數據
	 * @param publicKey
	 *            公鑰
	 * @param sign
	 *            數字簽名
	 * 
	 * @return 校驗成功返回true 失敗返回false
	 * @throws Exception
	 * 
	 */
	public static boolean verify(byte[] data, String publicKey, String sign)
			throws Exception {

		// 解密由base64編碼的公鑰
		byte[] keyBytes = decryptBASE64(publicKey);

		// 構造X509EncodedKeySpec對象
		X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);

		// ALGORITHM 指定的加密算法
		KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);

		// 取公鑰匙對象
		PublicKey pubKey = keyFactory.generatePublic(keySpec);

		Signature signature = Signature.getInstance(keyFactory.getAlgorithm());
		signature.initVerify(pubKey);
		signature.update(data);

		// 驗證簽名是否正常
		return signature.verify(decryptBASE64(sign));
	}

	/**
	 * 生成密鑰
	 * 
	 * @param seed
	 *            種子
	 * @return 密鑰對象
	 * @throws Exception
	 */
	public static Map<String, Object> initKey(String seed) throws Exception {
		KeyPairGenerator keygen = KeyPairGenerator.getInstance(ALGORITHM);
		// 初始化隨機產生器
		SecureRandom secureRandom = new SecureRandom();
		secureRandom.setSeed(seed.getBytes());
		keygen.initialize(KEY_SIZE, secureRandom);

		KeyPair keys = keygen.genKeyPair();

		DSAPublicKey publicKey = (DSAPublicKey) keys.getPublic();
		DSAPrivateKey privateKey = (DSAPrivateKey) keys.getPrivate();

		Map<String, Object> map = new HashMap<String, Object>(2);
		map.put(PUBLIC_KEY, publicKey);
		map.put(PRIVATE_KEY, privateKey);

		return map;
	}

	/**
	 * 默認生成密鑰
	 * 
	 * @return 密鑰對象
	 * @throws Exception
	 */
	public static Map<String, Object> initKey() throws Exception {
		return initKey(DEFAULT_SEED);
	}

	/**
	 * 取得私鑰
	 * 
	 * @param keyMap
	 * @return
	 * @throws Exception
	 */
	public static String getPrivateKey(Map<String, Object> keyMap)
			throws Exception {
		Key key = (Key) keyMap.get(PRIVATE_KEY);

		return encryptBASE64(key.getEncoded());
	}

	/**
	 * 取得公鑰
	 * 
	 * @param keyMap
	 * @return
	 * @throws Exception
	 */
	public static String getPublicKey(Map<String, Object> keyMap)
			throws Exception {
		Key key = (Key) keyMap.get(PUBLIC_KEY);

		return encryptBASE64(key.getEncoded());
	}
}

再給出一個測試類：

Java代碼  

1. import static org.junit.Assert.*;  
2.   
3. import java.util.Map;  
4.   
5. import org.junit.Test;  
6.   
7. /** 
8.  *  
9.  * @author 樑棟 
10.  * @version 1.0 
11.  * @since 1.0 
12.  */  
13. public class DSACoderTest {  
14.   
15.     @Test  
16.     public void test() throws Exception {  
17.         String inputStr = "abc";  
18.         byte[] data = inputStr.getBytes();  
19.   
20.         // 構建密鑰  
21.         Map<String, Object> keyMap = DSACoder.initKey();  
22.   
23.         // 得到密鑰  
24.         String publicKey = DSACoder.getPublicKey(keyMap);  
25.         String privateKey = DSACoder.getPrivateKey(keyMap);  
26.   
27.         System.err.println("公鑰:\r" + publicKey);  
28.         System.err.println("私鑰:\r" + privateKey);  
29.   
30.         // 產生簽名  
31.         String sign = DSACoder.sign(data, privateKey);  
32.         System.err.println("簽名:\r" + sign);  
33.   
34.         // 驗證簽名  
35.         boolean status = DSACoder.verify(data, publicKey, sign);  
36.         System.err.println("狀態:\r" + status);  
37.         assertTrue(status);  
38.   
39.     }  
40.   
41. }  

import static org.junit.Assert.*;

import java.util.Map;

import org.junit.Test;

/**
 * 
 * @author 樑棟
 * @version 1.0
 * @since 1.0
 */
public class DSACoderTest {

	@Test
	public void test() throws Exception {
		String inputStr = "abc";
		byte[] data = inputStr.getBytes();

		// 構建密鑰
		Map<String, Object> keyMap = DSACoder.initKey();

		// 得到密鑰
		String publicKey = DSACoder.getPublicKey(keyMap);
		String privateKey = DSACoder.getPrivateKey(keyMap);

		System.err.println("公鑰:\r" + publicKey);
		System.err.println("私鑰:\r" + privateKey);

		// 產生簽名
		String sign = DSACoder.sign(data, privateKey);
		System.err.println("簽名:\r" + sign);

		// 驗證簽名
		boolean status = DSACoder.verify(data, publicKey, sign);
		System.err.println("狀態:\r" + status);
		assertTrue(status);

	}

}

控制檯輸出：

Console代碼  

1. 公鑰:  
2. MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZp  
3. RV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn  
4. xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuE  
5. C/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ  
6. FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo  
7. g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAIu4RUlcQLp49PI0MrbssOY+3uySVnp0TULSv  
8. 5T4VaHoKzsLHgGTrwOvsGA+V3yCNl2WDu3D84bSLF7liTWgOj+SMOEaPk4VyRTlLXZWGPsf1Mfd9  
9. 21XAbMeVyKDSHHVGbMjBScajf3bXooYQMlyoHiOt/WrCo+mv7efstMM0PGo=  
10.   
11. 私鑰:  
12. MIIBTAIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2  
13. USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4  
14. O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC  
15. ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB  
16. gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhR  
17. kImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFwIVAIegLUtmm2oQKQJTOiLugHTSjl/q  
18.   
19. 簽名:  
20. MC0CFQCMg0J/uZmF8GuRpr3TNq48w60nDwIUJCyYNah+HtbU6NcQfy8Ac6LeLQs=  
21.   
22. 狀態:  
23. true  

公鑰:
MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZp
RV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn
xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuE
C/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ
FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAIu4RUlcQLp49PI0MrbssOY+3uySVnp0TULSv
5T4VaHoKzsLHgGTrwOvsGA+V3yCNl2WDu3D84bSLF7liTWgOj+SMOEaPk4VyRTlLXZWGPsf1Mfd9
21XAbMeVyKDSHHVGbMjBScajf3bXooYQMlyoHiOt/WrCo+mv7efstMM0PGo=

私鑰:
MIIBTAIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2
USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4
O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB
gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhR
kImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFwIVAIegLUtmm2oQKQJTOiLugHTSjl/q

簽名:
MC0CFQCMg0J/uZmF8GuRpr3TNq48w60nDwIUJCyYNah+HtbU6NcQfy8Ac6LeLQs=

狀態:
true

注意狀態爲true，就驗證成功！