涉及类:RSAPrivateKey RSAPublicKey X509EncodedKeySpec X509EncodedKeySpec PKCS8EncodedKeySpec Signature
rsa 私钥签名,公钥验证常用使用场景:
1.客户端-服务端通讯发送消息,服务端私钥签名并发送消息/数据,客户端私钥验证消息/ 数据是否被篡改
2.机密文件私钥签名并保存,查看时用公钥验证文件是否被篡改
3.机密数据库数据内容签名并保存,使用时判断是否内容被篡改
4.文档内容签名并保存,打开时公钥校验是否被篡改
rsa 私钥签名公钥校验 demo
private final String ALGORITHM_NAME = "RSA"; private static final String MD5_RSA = "MD5withRSA";
<dependency> <groupId>commons-codec</groupId> <artifactId>commons-codec</artifactId> <version>1.11</version> </dependency>
私钥加密公钥解密测试方法
/** * @description: demos of jdk8 java.security KeyPairGenerator KeyPair * RSAPrivateKey RSAPublicKey X509EncodedKeySpec X509EncodedKeySpec PKCS8EncodedKeySpec Signature * ras private_key sign and public_key verify 用ras 私钥签名 公钥验证数据和签名是否匹配,也就是是否数据被篡改 */ @Test public void testRsaSignAndPublicVerify() throws Exception { String message = "这是要签名的字符串"; // 初始化密钥生成器 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ALGORITHM_NAME); // 设置大小 keyPairGenerator.initialize(1024); // 生成密钥对 KeyPair keyPair = keyPairGenerator.genKeyPair(); // 获取私钥 PrivateKey privateKey = keyPair.getPrivate(); // 获取公钥 PublicKey publicKey = keyPair.getPublic(); // 私钥字符串 String privateKeyStr = Base64.encodeBase64URLSafeString(privateKey.getEncoded()); // 公钥字符串 String publicKeyStr = Base64.encodeBase64URLSafeString(publicKey.getEncoded()); //用公钥签名字符串 String signStr = new String(privateKeySign(privateKeyStr,message)); //用私钥签名字符串 boolean verify = publicKeyVerify(publicKeyStr,signStr,message); //签名校验结果为true Assert.assertTrue(verify); //模拟串改message verify = publicKeyVerify(publicKeyStr,signStr,message+"change"); //签名校验结果为false Assert.assertFalse(verify); }
私钥签名方法
/** * @description private key sign * 私钥签名:实际情况一般是私钥和公钥是提前生成好的,我们需要读取配置文件或者输入值获取公钥私钥字符串去加密解密,因为传入参数需要是字符串, * privateKey publicKey 对象进行后续操作 * Signature 初始化,并执行sign() 返回base64 bytes **/ private byte[] privateKeySign(String privateKeyStr, String message) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, UnsupportedEncodingException, SignatureException { KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME); PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.decodeBase64(privateKeyStr)); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); Signature signature = Signature.getInstance(MD5_RSA); signature.initSign(privateKey); signature.update(message.getBytes()); return Base64.encodeBase64(signature.sign()); }
公钥验证方法
/** * @description public key verify * 公钥验证:实际情况一般是私钥和公钥是提前生成好的,我们需要读取配置文件或者输入值获取公钥私钥字符串去加密解密,因为传入参数需要是字符串, * privateKey publicKey 对象进行后续操作 * Signature 初始化并执行verify 后验证message 是否与签名后的signStr 匹配 **/ private boolean publicKeyVerify(String publicKeyStr, String signStr, String message) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException { KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM_NAME); X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(Base64.decodeBase64(publicKeyStr)); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); Signature signature = Signature.getInstance(MD5_RSA); signature.initVerify(publicKey); signature.update(message.getBytes()); return signature.verify(Base64.decodeBase64(signStr.getBytes())); }
