openssl 制作证书和签名java方法
2012-11-16 14:26
337 查看
Win32OpenSSL_Light-0_9_8k.exe
1. 生成不含密码保护的私钥:
openssl genrsa -out private-rsa.key 1024
2. 生成证书
openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer
3. 生成Keystore
3.1. 生成PKCS12 格式Keystore
openssl pkcs12 -export -name test-alias -in public-rsa.cer -inkey private-rsa.key -out 99bill-rsa.pfx
pfx格式证书转换为pem格式命令
openssl pkcs12 -in 99bill-rsa.pfx -passin pass:生成证书设置的密码 -nodes -out 99bill-rsa.pem
private-rsa.pfx
public-rsa.cer
附:签名方法
package com.verify.cert;
public class CertUtil {
/**
* 对字符串进行签名
*
* @param TobeSigned
* 需要进行签名的字符串
* @param KeyFile
* PFX证书文件路径
* @param PassWord
* 私钥保护密码
* @return 签名成功返回true(从LastResult属性获取结果),失败返回false(从LastErrMsg属性获取失败原因)
*/
public static String SignMsg(final String TobeSigned, final String KeyFile, final String PassWord) throws Exception {
CryptNoRestrict cryptNoRestrict = new CryptNoRestrict();
cryptNoRestrict.SignMsg(TobeSigned, KeyFile, PassWord);
return cryptNoRestrict.lastSignMsg;
}
/**
* 验证签名
*
* @param TobeVerified
* 待验证签名的密文
* @param PlainText
* 待验证签名的明文
* @param CertFile
* 签名者公钥证书
* @return 验证成功返回true,失败返回false(从LastErrMsg属性获取失败原因)
*/
public static boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception {
CryptNoRestrict cryptNoRestrict = new CryptNoRestrict();
return cryptNoRestrict.VerifyMsg(TobeVerified, PlainText, CertFile);
}
public static void main(String[] args) {
try {
String a = "100|123123122222222222222";
String b = SignMsg(a, "com/verify/cert/private-rsa.pfx", "123456");
System.err.println(b);
System.err.println(VerifyMsg(b, a, "com/verify/cert/public-rsa.cer"));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
package com.verify.cert;
public interface CryptInf {
public boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception;
public boolean SignMsg(String TobeSigned, String KeyFile, String PassWord) throws Exception;
public String getLastSignMsg();
}
/**
*
*/
package com.verify.cert;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* @author Administrator
*
*/
public class CryptNoRestrict implements CryptInf {
public static Provider provider = new BouncyCastleProvider();
/**
* 构造函数
*/
public CryptNoRestrict() {
}
public CryptNoRestrict(String encoding) {
this.encoding = encoding;
}
private String encoding = "GBK";
/**
* 取出上次调用加密、解密、签名函数成功后的输出结果
*/
protected String lastResult;
/**
* 返回上一次签名结果
*/
protected String lastSignMsg;
/**
* 对字符串进行签名
*
* @param TobeSigned
* 需要进行签名的字符串
* @param KeyFile
* PFX证书文件路径
* @param PassWord
* 私钥保护密码
* @return 签名成功返回true(从LastResult属性获取结果),失败返回false(从LastErrMsg属性获取失败原因)
*/
public boolean SignMsg(final String TobeSigned, final String KeyFile, final String PassWord) throws Exception {
ClassLoader cl = CryptNoRestrict.class.getClassLoader();
InputStream fiKeyFile = cl.getResourceAsStream(KeyFile);
// 传入绝对路径
// FileInputStream fiKeyFile = null;
// fiKeyFile = new FileInputStream(KeyFile);
boolean result = false;
this.lastSignMsg = "";
KeyStore ks = KeyStore.getInstance("PKCS12");
try {
ks.load(fiKeyFile, PassWord.toCharArray());
} catch (Exception ex) {
if (fiKeyFile != null)
fiKeyFile.close();
throw ex;
}
Enumeration myEnum = ks.aliases();
String keyAlias = null;
RSAPrivateCrtKey prikey = null;
// keyAlias = (String) myEnum.nextElement();
/* IBM JDK必须使用While循环取最后一个别名,才能得到个人私钥别名 */
while (myEnum.hasMoreElements()) {
keyAlias = (String) myEnum.nextElement();
// System.out.println("keyAlias==" + keyAlias);
if (ks.isKeyEntry(keyAlias)) {
prikey = (RSAPrivateCrtKey) ks.getKey(keyAlias, PassWord.toCharArray());
break;
}
}
if (prikey == null) {
result = false;
throw new Exception("没有找到匹配私钥");
} else {
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(prikey);
sign.update(TobeSigned.getBytes(encoding));
byte signed[] = sign.sign();
byte sign_asc[] = new byte[signed.length * 2];
Hex2Ascii(signed.length, signed, sign_asc);
this.lastResult = new String(sign_asc);
this.lastSignMsg = this.lastResult;
result = true;
}
return result;
}
/**
* 验证签名
*
* @param TobeVerified
* 待验证签名的密文
* @param PlainText
* 待验证签名的明文
* @param CertFile
* 签名者公钥证书
* @return 验证成功返回true,失败返回false(从LastErrMsg属性获取失败原因)
*/
public boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception {
boolean result = false;
ClassLoader cl = CryptNoRestrict.class.getClassLoader();
InputStream certfile = cl.getResourceAsStream(CertFile);
// 传入绝对路径
// FileInputStream certfile = null;
// certfile = new FileInputStream(CertFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509cert = null;
try {
x509cert = (X509Certificate) cf.generateCertificate(certfile);
} catch (Exception ex) {
if (certfile != null)
certfile.close();
throw ex;
}
RSAPublicKey pubkey = (RSAPublicKey) x509cert.getPublicKey();
Signature verify = Signature.getInstance("SHA1withRSA");
verify.initVerify(pubkey);
byte signeddata[] = new byte[TobeVerified.length() / 2];
Ascii2Hex(TobeVerified.length(), TobeVerified.getBytes(encoding), signeddata);
verify.update(PlainText.getBytes(encoding));
if (verify.verify(signeddata)) {
result = true;
} else {
result = false;
// throw new Exception("验签失败");
}
return result;
}
/**
* 返回上次调用加密、解密、签名函数成功后的输出结果
*
* @return 返回上次调用加密、解密、签名函数成功后的输出结果
*/
public String getLastResult() {
return this.lastResult;
}
/**
* 返回上一次签名结果
*
* @return 签名结果
*/
public String getLastSignMsg() {
return this.lastSignMsg;
}
/**
* 将十六进制数据转换成ASCII字符串
*
* @param len
* 十六进制数据长度
* @param data_in
* 待转换的十六进制数据
* @param data_out
* 已转换的ASCII字符串
*/
private static void Hex2Ascii(int len, byte data_in[], byte data_out[]) {
byte temp1[] = new byte[1];
byte temp2[] = new byte[1];
for (int i = 0, j = 0; i < len; i++) {
temp1[0] = data_in[i];
temp1[0] = (byte) (temp1[0] >>> 4);
temp1[0] = (byte) (temp1[0] & 0x0f);
temp2[0] = data_in[i];
temp2[0] = (byte) (temp2[0] & 0x0f);
if (temp1[0] >= 0x00 && temp1[0] <= 0x09) {
(data_out[j]) = (byte) (temp1[0] + '0');
} else if (temp1[0] >= 0x0a && temp1[0] <= 0x0f) {
(data_out[j]) = (byte) (temp1[0] + 0x57);
}
if (temp2[0] >= 0x00 && temp2[0] <= 0x09) {
(data_out[j + 1]) = (byte) (temp2[0] + '0');
} else if (temp2[0] >= 0x0a && temp2[0] <= 0x0f) {
(data_out[j + 1]) = (byte) (temp2[0] + 0x57);
}
j += 2;
}
}
/**
* 将ASCII字符串转换成十六进制数据
*
* @param len
* ASCII字符串长度
* @param data_in
* 待转换的ASCII字符串
* @param data_out
* 已转换的十六进制数据
*/
private static void Ascii2Hex(int len, byte data_in[], byte data_out[]) {
byte temp1[] = new byte[1];
byte temp2[] = new byte[1];
for (int i = 0, j = 0; i < len; j++) {
temp1[0] = data_in[i];
temp2[0] = data_in[i + 1];
if (temp1[0] >= '0' && temp1[0] <= '9') {
temp1[0] -= '0';
temp1[0] = (byte) (temp1[0] << 4);
temp1[0] = (byte) (temp1[0] & 0xf0);
} else if (temp1[0] >= 'a' && temp1[0] <= 'f') {
temp1[0] -= 0x57;
temp1[0] = (byte) (temp1[0] << 4);
temp1[0] = (byte) (temp1[0] & 0xf0);
}
if (temp2[0] >= '0' && temp2[0] <= '9') {
temp2[0] -= '0';
temp2[0] = (byte) (temp2[0] & 0x0f);
} else if (temp2[0] >= 'a' && temp2[0] <= 'f') {
temp2[0] -= 0x57;
temp2[0] = (byte) (temp2[0] & 0x0f);
}
data_out[j] = (byte) (temp1[0] | temp2[0]);
i += 2;
}
}
protected String replaceAll(String strURL, String strAugs) {
// JDK1.3中String类没有replaceAll的方法
/** ********************************************************** */
int start = 0;
int end = 0;
String temp = new String();
while (start < strURL.length()) {
end = strURL.indexOf(" ", start);
if (end != -1) {
temp = temp.concat(strURL.substring(start, end).concat("%20"));
if ((start = end + 1) >= strURL.length()) {
strURL = temp;
break;
}
} else if (end == -1) {
if (start == 0)
break;
if (start < strURL.length()) {
temp = temp.concat(strURL.substring(start, strURL.length()));
strURL = temp;
break;
}
}
}
temp = "";
start = end = 0;
while (start < strAugs.length()) {
end = strAugs.indexOf(" ", start);
if (end != -1) {
temp = temp.concat(strAugs.substring(start, end).concat("%20"));
if ((start = end + 1) >= strAugs.length()) {
strAugs = temp;
break;
}
} else if (end == -1) {
if (start == 0)
break;
if (start < strAugs.length()) {
temp = temp.concat(strAugs.substring(start, strAugs.length()));
strAugs = temp;
break;
}
}
}
/** **************************************************************** */
return strAugs;
}
}
1. 生成不含密码保护的私钥:
openssl genrsa -out private-rsa.key 1024
2. 生成证书
openssl req -new -x509 -key private-rsa.key -days 750 -out public-rsa.cer
3. 生成Keystore
3.1. 生成PKCS12 格式Keystore
openssl pkcs12 -export -name test-alias -in public-rsa.cer -inkey private-rsa.key -out 99bill-rsa.pfx
pfx格式证书转换为pem格式命令
openssl pkcs12 -in 99bill-rsa.pfx -passin pass:生成证书设置的密码 -nodes -out 99bill-rsa.pem
private-rsa.pfx
public-rsa.cer
附:签名方法
package com.verify.cert;
public class CertUtil {
/**
* 对字符串进行签名
*
* @param TobeSigned
* 需要进行签名的字符串
* @param KeyFile
* PFX证书文件路径
* @param PassWord
* 私钥保护密码
* @return 签名成功返回true(从LastResult属性获取结果),失败返回false(从LastErrMsg属性获取失败原因)
*/
public static String SignMsg(final String TobeSigned, final String KeyFile, final String PassWord) throws Exception {
CryptNoRestrict cryptNoRestrict = new CryptNoRestrict();
cryptNoRestrict.SignMsg(TobeSigned, KeyFile, PassWord);
return cryptNoRestrict.lastSignMsg;
}
/**
* 验证签名
*
* @param TobeVerified
* 待验证签名的密文
* @param PlainText
* 待验证签名的明文
* @param CertFile
* 签名者公钥证书
* @return 验证成功返回true,失败返回false(从LastErrMsg属性获取失败原因)
*/
public static boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception {
CryptNoRestrict cryptNoRestrict = new CryptNoRestrict();
return cryptNoRestrict.VerifyMsg(TobeVerified, PlainText, CertFile);
}
public static void main(String[] args) {
try {
String a = "100|123123122222222222222";
String b = SignMsg(a, "com/verify/cert/private-rsa.pfx", "123456");
System.err.println(b);
System.err.println(VerifyMsg(b, a, "com/verify/cert/public-rsa.cer"));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
package com.verify.cert;
public interface CryptInf {
public boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception;
public boolean SignMsg(String TobeSigned, String KeyFile, String PassWord) throws Exception;
public String getLastSignMsg();
}
/**
*
*/
package com.verify.cert;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.Provider;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
* @author Administrator
*
*/
public class CryptNoRestrict implements CryptInf {
public static Provider provider = new BouncyCastleProvider();
/**
* 构造函数
*/
public CryptNoRestrict() {
}
public CryptNoRestrict(String encoding) {
this.encoding = encoding;
}
private String encoding = "GBK";
/**
* 取出上次调用加密、解密、签名函数成功后的输出结果
*/
protected String lastResult;
/**
* 返回上一次签名结果
*/
protected String lastSignMsg;
/**
* 对字符串进行签名
*
* @param TobeSigned
* 需要进行签名的字符串
* @param KeyFile
* PFX证书文件路径
* @param PassWord
* 私钥保护密码
* @return 签名成功返回true(从LastResult属性获取结果),失败返回false(从LastErrMsg属性获取失败原因)
*/
public boolean SignMsg(final String TobeSigned, final String KeyFile, final String PassWord) throws Exception {
ClassLoader cl = CryptNoRestrict.class.getClassLoader();
InputStream fiKeyFile = cl.getResourceAsStream(KeyFile);
// 传入绝对路径
// FileInputStream fiKeyFile = null;
// fiKeyFile = new FileInputStream(KeyFile);
boolean result = false;
this.lastSignMsg = "";
KeyStore ks = KeyStore.getInstance("PKCS12");
try {
ks.load(fiKeyFile, PassWord.toCharArray());
} catch (Exception ex) {
if (fiKeyFile != null)
fiKeyFile.close();
throw ex;
}
Enumeration myEnum = ks.aliases();
String keyAlias = null;
RSAPrivateCrtKey prikey = null;
// keyAlias = (String) myEnum.nextElement();
/* IBM JDK必须使用While循环取最后一个别名,才能得到个人私钥别名 */
while (myEnum.hasMoreElements()) {
keyAlias = (String) myEnum.nextElement();
// System.out.println("keyAlias==" + keyAlias);
if (ks.isKeyEntry(keyAlias)) {
prikey = (RSAPrivateCrtKey) ks.getKey(keyAlias, PassWord.toCharArray());
break;
}
}
if (prikey == null) {
result = false;
throw new Exception("没有找到匹配私钥");
} else {
Signature sign = Signature.getInstance("SHA1withRSA");
sign.initSign(prikey);
sign.update(TobeSigned.getBytes(encoding));
byte signed[] = sign.sign();
byte sign_asc[] = new byte[signed.length * 2];
Hex2Ascii(signed.length, signed, sign_asc);
this.lastResult = new String(sign_asc);
this.lastSignMsg = this.lastResult;
result = true;
}
return result;
}
/**
* 验证签名
*
* @param TobeVerified
* 待验证签名的密文
* @param PlainText
* 待验证签名的明文
* @param CertFile
* 签名者公钥证书
* @return 验证成功返回true,失败返回false(从LastErrMsg属性获取失败原因)
*/
public boolean VerifyMsg(String TobeVerified, String PlainText, String CertFile) throws Exception {
boolean result = false;
ClassLoader cl = CryptNoRestrict.class.getClassLoader();
InputStream certfile = cl.getResourceAsStream(CertFile);
// 传入绝对路径
// FileInputStream certfile = null;
// certfile = new FileInputStream(CertFile);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509cert = null;
try {
x509cert = (X509Certificate) cf.generateCertificate(certfile);
} catch (Exception ex) {
if (certfile != null)
certfile.close();
throw ex;
}
RSAPublicKey pubkey = (RSAPublicKey) x509cert.getPublicKey();
Signature verify = Signature.getInstance("SHA1withRSA");
verify.initVerify(pubkey);
byte signeddata[] = new byte[TobeVerified.length() / 2];
Ascii2Hex(TobeVerified.length(), TobeVerified.getBytes(encoding), signeddata);
verify.update(PlainText.getBytes(encoding));
if (verify.verify(signeddata)) {
result = true;
} else {
result = false;
// throw new Exception("验签失败");
}
return result;
}
/**
* 返回上次调用加密、解密、签名函数成功后的输出结果
*
* @return 返回上次调用加密、解密、签名函数成功后的输出结果
*/
public String getLastResult() {
return this.lastResult;
}
/**
* 返回上一次签名结果
*
* @return 签名结果
*/
public String getLastSignMsg() {
return this.lastSignMsg;
}
/**
* 将十六进制数据转换成ASCII字符串
*
* @param len
* 十六进制数据长度
* @param data_in
* 待转换的十六进制数据
* @param data_out
* 已转换的ASCII字符串
*/
private static void Hex2Ascii(int len, byte data_in[], byte data_out[]) {
byte temp1[] = new byte[1];
byte temp2[] = new byte[1];
for (int i = 0, j = 0; i < len; i++) {
temp1[0] = data_in[i];
temp1[0] = (byte) (temp1[0] >>> 4);
temp1[0] = (byte) (temp1[0] & 0x0f);
temp2[0] = data_in[i];
temp2[0] = (byte) (temp2[0] & 0x0f);
if (temp1[0] >= 0x00 && temp1[0] <= 0x09) {
(data_out[j]) = (byte) (temp1[0] + '0');
} else if (temp1[0] >= 0x0a && temp1[0] <= 0x0f) {
(data_out[j]) = (byte) (temp1[0] + 0x57);
}
if (temp2[0] >= 0x00 && temp2[0] <= 0x09) {
(data_out[j + 1]) = (byte) (temp2[0] + '0');
} else if (temp2[0] >= 0x0a && temp2[0] <= 0x0f) {
(data_out[j + 1]) = (byte) (temp2[0] + 0x57);
}
j += 2;
}
}
/**
* 将ASCII字符串转换成十六进制数据
*
* @param len
* ASCII字符串长度
* @param data_in
* 待转换的ASCII字符串
* @param data_out
* 已转换的十六进制数据
*/
private static void Ascii2Hex(int len, byte data_in[], byte data_out[]) {
byte temp1[] = new byte[1];
byte temp2[] = new byte[1];
for (int i = 0, j = 0; i < len; j++) {
temp1[0] = data_in[i];
temp2[0] = data_in[i + 1];
if (temp1[0] >= '0' && temp1[0] <= '9') {
temp1[0] -= '0';
temp1[0] = (byte) (temp1[0] << 4);
temp1[0] = (byte) (temp1[0] & 0xf0);
} else if (temp1[0] >= 'a' && temp1[0] <= 'f') {
temp1[0] -= 0x57;
temp1[0] = (byte) (temp1[0] << 4);
temp1[0] = (byte) (temp1[0] & 0xf0);
}
if (temp2[0] >= '0' && temp2[0] <= '9') {
temp2[0] -= '0';
temp2[0] = (byte) (temp2[0] & 0x0f);
} else if (temp2[0] >= 'a' && temp2[0] <= 'f') {
temp2[0] -= 0x57;
temp2[0] = (byte) (temp2[0] & 0x0f);
}
data_out[j] = (byte) (temp1[0] | temp2[0]);
i += 2;
}
}
protected String replaceAll(String strURL, String strAugs) {
// JDK1.3中String类没有replaceAll的方法
/** ********************************************************** */
int start = 0;
int end = 0;
String temp = new String();
while (start < strURL.length()) {
end = strURL.indexOf(" ", start);
if (end != -1) {
temp = temp.concat(strURL.substring(start, end).concat("%20"));
if ((start = end + 1) >= strURL.length()) {
strURL = temp;
break;
}
} else if (end == -1) {
if (start == 0)
break;
if (start < strURL.length()) {
temp = temp.concat(strURL.substring(start, strURL.length()));
strURL = temp;
break;
}
}
}
temp = "";
start = end = 0;
while (start < strAugs.length()) {
end = strAugs.indexOf(" ", start);
if (end != -1) {
temp = temp.concat(strAugs.substring(start, end).concat("%20"));
if ((start = end + 1) >= strAugs.length()) {
strAugs = temp;
break;
}
} else if (end == -1) {
if (start == 0)
break;
if (start < strAugs.length()) {
temp = temp.concat(strAugs.substring(start, strAugs.length()));
strAugs = temp;
break;
}
}
}
/** **************************************************************** */
return strAugs;
}
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- openssl如何制作自签名的CA证书,及利用CA签发证书
- openssl keytool 制作签名证书
- 使用证书对数据进行签名、验签、加密、解密以及openssl的常用方法
- 使用OpenSSL建立根CA及自签名证书制作过程 [转载]
- Java中创建访问HTTPS的自签名证书的方法
- Windows下安装OpenSSL+用openssl命令制作生成证书和自签名
- Windows下用openssl命令制作生成证书和自签名
- 利用Openssl制作自签名证书
- openssl自签名根证书服务端和客户端证书制作
- 使用OpenSSL建立根CA及自签名证书制作过程
- openssl创建自签名证书
- Java对PHP服务器hmac_sha1签名认证方法的匹配实现
- Java制作证书的工具keytool用法总结
- Java制作证书的工具keytool用法总结
- 使用 Openssl 验证自签名证书
- openssl制作证书全过程
- 数字证书及其简单数字签名的实现(java实现)
- 使用restful请求https身份不通过, unable to find valid certification path to requested target,使用java生成签名证书
- outlook HTML签名制作方法
- RSA crt 签名与验签 systemverilog DPI 制作以及openssl genrsa生成RSA私钥与签名验证指令dgst使用