Java代码实现⽂件添加数字签名、验证数字签名Linux下实现加签、验签
1.使⽤OpenSSL ⽣成公钥和密钥;
#⽤ OpenSSL, Linux 上⾃带,常⽤命令如下:
#⽣成 RSA 私钥(传统格式的)
openssl genrsa -out rsa_private_key.pem 1024
#将传统格式的私钥转换成 PKCS#8 格式的(JAVA需要使⽤的私钥需要经过PKCS#8编码,PHP程序不需要,可以直接略过)
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
#⽣成 RSA 公钥
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
2.使⽤私钥对⽂件进⾏加签、并验证
#有明⽂⽂件和RSA密钥rsa_private_key.pem
#使⽤md5指令指定sha1算法,对进⾏签名,⽣成签名⽂件
openssl md5 -sha512 -sign rsa_private_key.pem -out data_sign data_
#使⽤md5指令指定sha1算法,对进⾏签名,⽣成签名⽂件
openssl dgst -sha512 -sign rsa_private_key.pem -out data_sign data_
#两个签名⽂件⼀样,说明两个指令完成相同的功能
diff data_sign data_sign
#使⽤RSA公钥验证签名(verify参数),验证成功
openssl md5 -verify rsa_public_key.pem -sha512 -signature data_sign data_
openssl dgst -verify rsa_public_key.pem -sha512 -signature data_sign data_
3.查看OpenSSL和帮助
#通过下⾯命令可以查看openssl的参数说明
$ openssl dgst -
options are
-c              to output the digest with separating colons
-r              to output the digest in coreutils format
-d              to output debug info
-hex            output as hex dump
-binary        output in binary form
-sign  file    sign digest using private key in file
-verify file    verify a signature using public key in file
-prverify file  verify a signature using private key in file
-keyform arg    key file format (PEM or ENGINE)
-
out filename  output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v    signature parameter
-hmac key      create hashed MAC with key
-mac algorithm  create MAC (not neccessarily HMAC)
-macopt nm:v    MAC algorithm parameters or key
-engine e      use engine e, possibly a hardware device.
-md4            to use the md4 message digest algorithm
-md5            to use the md5 message digest algorithm
-ripemd160      to use the ripemd160 message digest algorithm
-sha            to use the sha message digest algorithm
-
sha1          to use the sha1 message digest algorithm
-sha224        to use the sha224 message digest algorithm
-sha256        to use the sha256 message digest algorithm
-sha384        to use the sha384 message digest algorithm
-sha512        to use the sha512 message digest algorithm
-whirlpool      to use the whirlpool message digest algorithm
4.拿加签的原⽂件和加签后的⽂件使⽤Java代码进⾏对⽐;
pto.BadPaddingException;
pto.Cipher;
pto.IllegalBlockSizeException;
pto.NoSuchPaddingException;
import java.io.*;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
/**
* 对⽂件加签、验签⼯具类
* ⽣成私钥:openssl genrsa -out rsa_private_key.pem 1024
* 私钥还不能直接被使⽤,需要进⾏PKCS#8编码:openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
* 根据私钥⽣成公钥:openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
* 使⽤私钥sha512签名:openssl dgst -sha512 -sign rsa_private_key.pem -out sign
* 使⽤公钥sha512验签:openssl dgst -verify rsa_public_key.pem -sha512 -signature sign
* @author XIHONGLIE
* @date 2018-03-27
*/
public class RsaEncrypt {
/**
* rsa签名
* @param data  待签名的字符串
* @param priKey  rsa私钥字符串
* @return签名结果
* @throws Exception    签名失败则抛出异常
*/
public byte[] rsaSign(byte[] data, RSAPrivateKey priKey)
throws SignatureException {
try {
Signature signature = Instance("SHA512withRSA");
signature.initSign(priKey);
signature.update(data);
byte[] signed = signature.sign();
return signed;
} catch (Exception e) {
throw new SignatureException("RSAcontent = " + data
+ "; charset = ", e);
}
}
/**
* rsa验签
* @param data  被签名的内容
* @param sign  签名后的结果
* @param pubKey  rsa公钥
* @return验签结果
* @throws SignatureException 验签失败,则抛异常
*/
public boolean verify(byte[] data, byte[] sign, RSAPublicKey pubKey)
throws SignatureException {
try {
Signature signature = Instance("SHA512withRSA");
signature.initVerify(pubKey);
signature.update(data);
return signature.verify(sign);
} catch (Exception e) {
e.printStackTrace();
throw new SignatureException("RSA验证签名[content = " + data
+ "; charset = " + "; signature = " + sign + "]发⽣异常!", e);
}
}
/**
* 私钥
*/
private RSAPrivateKey privateKey;
/**
* 公钥
*/
private RSAPublicKey publicKey;
/**
* 字节数据转字符串专⽤集合
*/
private static final char[] HEX_CHAR = { '0', '1', '2', '3', '4', '5', '6',
'7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
/**
* 获取私钥
* @return当前的私钥对象
*/
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
/**
* 获取公钥
* @return当前的公钥对象
*/
public RSAPublicKey getPublicKey() {
return publicKey;
}
/
**
* 随机⽣成密钥对
*/
public void genKeyPair() {
KeyPairGenerator keyPairGen = null;
try {
keyPairGen = Instance("RSA");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
keyPairGen.initialize(1024, new SecureRandom());
KeyPair keyPair = ateKeyPair();
this.privateKey = (RSAPrivateKey) Private();
this.publicKey = (RSAPublicKey) Public();
}
/**
* 从.pem⽂件中取得私钥
* @param filePath ⽂件路径
* @return私钥
*/
public String getPrivateKeyFromFile(String filePath){
String strPrivateKey = "";
try {
BufferedReader privateKey = new BufferedReader(new FileReader(filePath));
String line = "";
while((line = adLine()) != null){
strPrivateKey += line;
}
privateKey.close();
strPrivateKey = place("-----BEGIN PRIVATE KEY-----","").replace("-----END PRIVATE KEY-----","");        }catch (Exception e){
e.printStackTrace();
}
return strPrivateKey;
}
/**
* 从.pem⽂件中取得公钥
* @param filePath ⽂件路径
* @return公钥
*/
public String getPublicKeyFromFile(String filePath){
String strPublicKey = "";
try {
BufferedReader publicKey = new BufferedReader(new FileReader(filePath));
String line = "";
while((line = adLine()) != null){
strPublicKey += line;
}
publicKey.close();
strPublicKey = place("-----BEGIN PUBLIC KEY-----","").replace("-----END PUBLIC KEY-----","");
}catch (Exception e){
e.printStackTrace();
}
return strPublicKey;
}
/**
* 从字符串中加载公钥
* @param publicKeyStr 公钥数据字符串
* @throws Exception 加载公钥时产⽣的异常
*/
public void loadPublicKey(String publicKeyStr) throws Exception {
try {
byte[] buffer = Base64Utils.decode(publicKeyStr);
KeyFactory keyFactory = Instance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
this.publicKey = (RSAPublicKey) atePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
throw new Exception("⽆此算法");
} catch (InvalidKeySpecException e) {
throw new Exception("公钥⾮法");
}catch (NullPointerException e) {
throw new Exception("公钥数据为空");
}
}
/**
* 加载私钥
* @param privateKeyStr 私钥⽂件名
* @return是否成功
* @throws Exception
*/
public void loadPrivateKey(String privateKeyStr) throws Exception {
try {
byte[] buffer = Base64Utils.decode(privateKeyStr);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);            KeyFactory keyFactory = Instance("RSA");
this.privateKey = (RSAPrivateKey) atePrivate(keySpec);        } catch (NoSuchAlgorithmException e) {
throw new Exception("⽆此算法");
} catch (InvalidKeySpecException e) {
throw new Exception("私钥⾮法");
} catch (NullPointerException e) {
throw new Exception("私钥数据为空");
}
}
/**
* 加密过程
* @param publicKey 公钥
* @param plainTextData 明⽂数据
* @return
* @throws Exception 加密过程中的异常信息
*/
public byte[] encrypt(RSAPublicKey publicKey, byte[] plainTextData) throws Exception {
if (publicKey == null) {
throw new Exception("加密公钥为空, 请设置");
}
Cipher cipher = null;
try {
cipher = Instance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] output = cipher.doFinal(plainTextData);
return output;
} catch (NoSuchAlgorithmException e) {
throw new Exception("⽆此加密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (InvalidKeyException e) {
throw new Exception("加密公钥⾮法,请检查");
} catch (IllegalBlockSizeException e) {
throw new Exception("明⽂长度⾮法");
} catch (BadPaddingException e) {
throw new Exception("明⽂数据已损坏");
}
}
/**
* 解密过程
* @param privateKey 私钥
* @param cipherData 密⽂数据
* @return明⽂
* @throws Exception  解密过程中的异常信息
*/
public byte[] decrypt(RSAPrivateKey privateKey, byte[] cipherData)
throws Exception {
if (privateKey == null) {
throw new Exception("解密私钥为空, 请设置");
}
Cipher cipher = null;
try {
cipher = Instance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] output = cipher.doFinal(cipherData);
return output;
} catch (NoSuchAlgorithmException e) {
throw new Exception("⽆此解密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (InvalidKeyException e) {
throw new Exception("解密私钥⾮法,请检查");
} catch (IllegalBlockSizeException e) {
throw new Exception("密⽂长度⾮法");
} catch (BadPaddingException e) {
throw new Exception("密⽂数据已损坏");
}
}
/**
* 字节数据转⼗六进制字符串
* @param data  输⼊数据
* @return⼗六进制内容
*/
public static String byteArrayToString(byte[] data) {
StringBuilder stringBuilder = new StringBuilder();
for (int i = 0; i < data.length; i++) {
// 取出字节的⾼四位作为索引得到相应的⼗六进制标识符注意⽆符号右移            stringBuilder.append(HEX_CHAR[(data[i] & 0xf0) >>> 4]);
// 取出字节的低四位作为索引得到相应的⼗六进制标识符
stringBuilder.append(HEX_CHAR[(data[i] & 0x0f)]);
if (i < data.length - 1) {
stringBuilder.append(' ');
}
}
String();
}
/**
* btye转换hex函数
* @param byteArray
* @return
*/
public static String byteToHex(byte[] byteArray) {
StringBuffer strBuff = new StringBuffer();
for (int i = 0; i < byteArray.length; i++) {
if (HexString(0xFF & byteArray[i]).length() == 1) {
strBuff.append("0").append(
} else {
strBuff.HexString(0xFF & byteArray[i]));
}
}
String();
}
/
**
* 以字节为单位读取⽂件,常⽤于读⼆进制⽂件,如图⽚、声⾳、影像等⽂件。    */
public static byte[] readFileByBytes(String fileName) {
File file = new File(fileName);
InputStream in = null;
byte[] txt = new byte[(int) file.length()];
try {
// ⼀次读⼀个字节
in = new FileInputStream(file);
int tempbyte;
int i = 0;
while ((tempbyte = in.read()) != -1) {
txt[i] = (byte) tempbyte;
i++;
}
in.close();
return txt;
} catch (IOException e) {
e.printStackTrace();
return txt;
}
}
/
**
* Main 测试⽅法
* @param args
*/
public static void main(String[] args) {
RsaEncrypt rsaEncrypt = new RsaEncrypt();
try {
String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPTrsUJ26WDSEQwKuAJhQ6XTNHKl1/+bWeyKRQKb0jeCyuiChMxN/qYSgg2BvS2bP51Rb5P9/UE1Rxm5drr3RYNMDvQoXBuA+rHiUX3wkdXmWSaktVbfe5C9            rsaEncrypt.loadPublicKey(publicKey);
System.out.println("加载公钥成功");
} catch (Exception e) {
}
// 加载私钥
try {
String privateKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM9OuxQnbpYNIRDAq4AmFDpdM0cqXX/5tZ7IpFApvSN4LK6IKEzE3+phKCDYG9LZs/nVFvk/39QTVHGbl2uvdFg0wO9ChcG4D6seJRffCR1eZZJqS            rsaEncrypt.loadPrivateKey(privateKey);
System.out.println("加载私钥成功");
} catch (Exception e) {
}
// 测试字符串
String encryptStr = "12321dsfasf1321312fsfdsafsdafasfsadf";
try {
System.out.println(new Date());
// 加密
byte[] cipher = PublicKey(),
// 解密
byte[] plainText = rsaEncrypt.PrivateKey(),
cipher);
System.out.println(new Date());
System.out.println(new String(plainText));
byte[] content = readFileByBytes("/data/zhnx/IN/data_");
// 签名验证
byte[] signbyte = rsaEncrypt.rsaSign(content, PrivateKey());
System.out.println("签名-----:" + byteToHex(signbyte));
ByteUtil.saveFile(signbyte,"/data/zhnx/IN/","data_sign");
Boolean isok = rsaEncrypt.verify(content, signbyte, PublicKey());
System.out.println("验证:" + isok);
// 读取验证⽂件
byte[] read = readFileByBytes("/data/zhnx/IN/data_sign");
System.out.println("读取签名⽂件:" + byteToHex(read));
Boolean isfok = rsaEncrypt.verify(content, read, PublicKey());
System.out.println("⽂件验证2:" + isfok);
} catch (Exception e) {
}
}
}
import java.io.UnsupportedEncodingException;
/**
* Base64 加密解密⼯具类
* @author XIHONGLEI
* @date 2018-03-27
*/
public class Base64Utils {
private static char[] base64EncodeChars = new char[]
{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5',
'6', '7', '8', '9', '+', '/'};
private static byte[] base64DecodeChars = new byte[]
{-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-
1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53,
54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29,
30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1,
-1, -1, -1};
public static String encode(byte[] data) {
StringBuffer sb = new StringBuffer();
int len = data.length;
int i = 0;
int b1, b2, b3;
while (i < len) {
b1 = data[i++] & 0xff;
if (i == len) {
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[(b1 & 0x3) << 4]);
sb.append("==");
break;
}
b2 = data[i++] & 0xff;
if (i == len) {
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[(b2 & 0x0f) << 2]);
sb.append("=");
break;
}
b3 = data[i++] & 0xff;
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[((b2 & 0x0f) << 2) | ((b3 & 0xc0) >>> 6)]);
sb.append(base64EncodeChars[b3 & 0x3f]);
}
String();
}
public static byte[] decode(String str) {
try {
return decodePrivate(str);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return new byte[]
{};
}
private static byte[] decodePrivate(String str) throws UnsupportedEncodingException {        StringBuffer sb = new StringBuffer();
byte[] data = null;
data = Bytes("US-ASCII");
int len = data.length;
int i = 0;
int b1, b2, b3, b4;
while (i < len) {
do {
b1 = base64DecodeChars[data[i++]];
} while (i < len && b1 == -1);
if (b1 == -1) {
break;
}
do {
b2 = base64DecodeChars[data[i++]];
} while (i < len && b2 == -1);
if (b2 == -1) {
break;
}
sb.append((char) ((b1 << 2) | ((b2 & 0x30) >>> 4)));
do {
b3 = data[i++];
if (b3 == 61) {
String().getBytes("iso8859-1");
}
b3 = base64DecodeChars[b3];
} while (i < len && b3 == -1);
if (b3 == -1) {
break;
}
sb.append((char) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));
do {
b4 = data[i++];
if (b4 == 61) {
String().getBytes("iso8859-1");
}
b4 = base64DecodeChars[b4];
} while (i < len && b4 == -1);
if (b4 == -1) {
break;
}
sb.append((char) (((b3 & 0x03) << 6) | b4));
}
String().getBytes("iso8859-1");
}
}
注:私钥必须是通过pkcs8 进⾏编码以后的;
import java.io.*;
/**
* byte数组⼯具类实现byte[]与⽂件之间的相互转换
* @author XIHONGLEI
* @Date 2018-03-26
*/
public class ByteUtil {
/**
* 获得指定⽂件的byte数组
*/
public static byte[] getBytes(String filePath){
byte[] buffer = null;
try {
File file = new File(filePath);
FileInputStream fis = new FileInputStream(file);
ByteArrayOutputStream bos = new ByteArrayOutputStream(1000);
byte[] b = new byte[1000];
int n;
while ((n = ad(b)) != -1) {
bos.write(b, 0, n);
}
fis.close();
bos.close();
buffer = ByteArray();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return buffer;
}
/
**
* 根据byte数组,⽣成⽂件
*/
public static void saveFile(byte[] bfile, String filePath,String fileName) {
BufferedOutputStream bos = null;
FileOutputStream fos = null;
File file = null;
try {
File dir = new File(filePath);
//判断⽂件⽬录是否存在
if(!ists()&&dir.isDirectory()){
dir.mkdirs();
}签名字符串是什么
file = new File(filePath+"\\"+fileName);
fos = new FileOutputStream(file);
bos = new BufferedOutputStream(fos);
bos.write(bfile);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (bos != null) {
try {

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。