Java密码学(5)——数字签名算法
数字签名算法是一种带有密钥的消息摘要算法,数字签名算法=非对称加密算法+消息摘要算法。
数字签名算法能验证数据的完整性、认证数据来源、起到抗否认作用。
数字签名算法包含签名和验签两项操作,遵循“私钥签名,公钥验签”的原则。签名时需要私钥和待签名数据,验签时需要公钥、签名值和待签名数据。
数字签名算法主要包括RSA、DSA、CDSA。
?
RSA算法模型分析
代码实现
/** * RSA私钥签名 * @param data * @param key * @return */public static String RSAsign(String data, String key){try {//取得私钥 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(Hex.decodeHex(key.toCharArray())); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec); Signature signature = Signature.getInstance("MD5withRSA");signature.initSign(privateKey);signature.update(Hex.decodeHex(data.toCharArray()));return Hex.encodeHexString(signature.sign());} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (InvalidKeyException e) {e.printStackTrace();} catch (DecoderException e) {e.printStackTrace();} catch (InvalidKeySpecException e) {e.printStackTrace();} catch (SignatureException e) {e.printStackTrace();}return null;}/** * RSA公钥验签 * @param data * @param key * @param sign * @return */public static boolean RSAverify(String data, String key, String sign){try {//取得公钥 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(Hex.decodeHex(key.toCharArray())); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(x509KeySpec); Signature signature = Signature.getInstance("MD5withRSA");signature.initVerify(publicKey);signature.update(Hex.decodeHex(data.toCharArray()));return signature.verify(Hex.decodeHex(sign.toCharArray()));} catch (NoSuchAlgorithmException e) {e.printStackTrace();} catch (InvalidKeyException e) {e.printStackTrace();} catch (DecoderException e) {e.printStackTrace();} catch (InvalidKeySpecException e) {e.printStackTrace();} catch (SignatureException e) {e.printStackTrace();}return false;}?测试代码
String[] key = initRSAKey();String publicKey = key[0];System.out.println("RSA公钥:"+publicKey);String privateKey = key[1];System.out.println("RSA私钥:"+privateKey);String data = "404142434445464748494a4b4c4d4e4f";System.out.println("原始数据:"+data);String sign = RSAsign(data, privateKey);System.out.println("私钥签名结果:"+sign);System.out.println("公钥验签结果:"+RSAverify(data, publicKey, sign));?运行结果
RSA公钥:30819f300d06092a864886f70d010101050003818d00308189028181008290eef003da573054a8b0437d4c78d19a723510ad9f5a7bba2023a9643a70760cf4cca77cf49228b92d4e6b837b01d6712bcc22335d9627defbb2211640c5320a5b52bd98a1fd06a3923904fa7a50797a27886e442c50565c929a2be004f2ef1bec1fa3e2b1975b46b5a025b6aaf0754a52b28de66b206a79072a3952471b390203010001RSA私钥:30820276020100300d06092a864886f70d0101010500048202603082025c020100028181008290eef003da573054a8b0437d4c78d19a723510ad9f5a7bba2023a9643a70760cf4cca77cf49228b92d4e6b837b01d6712bcc22335d9627defbb2211640c5320a5b52bd98a1fd06a3923904fa7a50797a27886e442c50565c929a2be004f2ef1bec1fa3e2b1975b46b5a025b6aaf0754a52b28de66b206a79072a3952471b3902030100010281803d1081df993db5c771e0cf475143c1c1ee24f9f289f15c853f60a6ad23a63d50c8f07902e06b162c9ba6b7e58ac1adf3584cae955446b1e285e45bc423bf393a66ca470e870f3244d01994207a563aedebe7a892a22c888d46a7084c356f86278efc3808c51043a1900d740719c90d0ae2773f4f7a9e2a08509b0a917469944d024100dead217c4dc8f087690c63ae3de4b29f24fd8181c0bcc7e921e84cab3b1df4bb1e60489f4a35ecdade8c6d950513d7a0d4c948b77b53eb65d3a61fc44b3aa793024100961b013726e71a472203b4b2c7fccbd02b683f039bec30b085303a9dcdb45b8fe54b2b64114ddd9e2b03df1090d947c9323e2bd9c27f8fa2651f99caa7421983024100d7d4739a6a4293708c4f67e6a1332436c0c1be5f2793532912a67879978947867ec0d06324a8f3f488b51019da9c0aea6694da988d3f1ff0c89e42381ebab16502402ce15824b05a0aee57ca39ddf693ac30cab9b9958faa38089f5a033ca9839298dc9af417506132b116f56a5d9ea188a82c809045e4b495329dffabd0fedf71970240773e796537cd98a0ad37979755c574c194e5109e7d14ae02dd34a001bb813ba399ee9ffc0893508d256c95162a810a67e03a1b02b7cf05a2f94ceee450c5890a原始数据:404142434445464748494a4b4c4d4e4f私钥签名结果:6e4c5f42cde60360aed945506ba13016ed8b107ad1a6b1b45890cde4422ce385806edc543e9abd67a72eb4ac86480b9e7b0db86ca15750b4207400a4aebb1325e66e564f3a73944bd27824f2621fb243366cc9d1ade75922029dc47614d738476f5e9219542181f91027502d1e7280654502da65db554d5248691f5736ad4970公钥验签结果:true
?
所有代码示例:http://dl.iteye.com/topics/download/d0633e7f-c0da-35c8-9a01-7f81e26cefec