java实现（RSA非对称加密） SHA1WithRSA加签验签 及openssl生成公私钥

RSA加签验签流程：

本地发送请求时（本地已对请求根据私钥进行加签）      接收方平台根据公钥进行验签          判断是否合法 接收来自平台的响应时（平台已根据私钥进行加签）      需要根据本地公钥对响应进行验签    判断是否合法

生成公私钥方法：

在Linuxx下输入openssl 进入openssl 获取公私钥

生成私钥： openssl>genrsa
-out rsa_private_key.pem 1024 默认输出pkcs1

生成公钥： openssl>rsa
-in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
私钥需要做pkcs1转pkcs8
---------------------------------------------------------------------
-  PKCS8格式私钥转换为PKCS1（传统私钥格式）                    -

-  openssl pkcs8 -in pkcs8.pem -nocrypt -out pri_key.pem   -
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
-  PKCS1格式私钥转换为PKCS8（传统私钥格式）                                                  -

-  pkcs8 -topk8 -inform PEM -in rsa_key.pem -outform
PEM -nocrypt   -
-----------------------------------------------------------------------------------------------------------

生成私钥：

Last login: Fri Aug  4 09:30:12 2017 from 192.168.88.211
[koolapp@aop-70-104 ~]$ openssl
OpenSSL> genrsa -out rsa_oo_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus
...............................++++++
.......................++++++
e is 65537 (0x10001)

----------Java开发者需将私钥转换成PKCS8格式再做签名使用，转换方法如下:--------

OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_oo_private_key.pem -outform PEM -nocrypt
--pkcs1转pkcs8
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALzHKDGu18RHHJUT
2+ufbzoq+8L41HYRzosZQ+EoCucMmosUaxX6DWB/uFPKOMsWbgrFk9qkB5sAXnR/
Xwy+zQ9p6WisBY8I0NqihnBcA0MqksJcBYMXuWrlsZait4I7v5rOC1hDpz6RVVWl
R2Ft2Mb/k5ckzWm1UDoBIbjF28pjAgMBAAECgYBewNwk6+yzQTpQfZJSV0ld+fs6
ZulFhjSUzw6qMg4e4M2lZ49EjakvOYxMymDtVwnO8FMBWHnUzD+c293aqN6Fs/cU
MK7rFDdR0GQcclezHfkL/j0xvj+y8DgYd2JiAqh/qeuwbTs4Z0o6dMlqazJ7l16R
s3MnYzU8ABdK6rv9wQJBAOn4brXDH2jcHR4/PWYH1/uNU0FWHwfT9jg9KLTU8k5H
m6c2K5l1eHhir9KmyZhncrPYCynC1iwZzK7ik3GZhwMCQQDOjWpvJEgE+7SLwe2D
+j1vEY8kU3NR3xyZAqVz1fWkd2kW4kr0TPPchVbJBGJpOOa0wwRtf04Lb/nONZDR
jiEhAkAaPlJ0stE4GtBtTxyc8C5KufxnrLhIUX8hqcKCHgybuS59X/cd/G4p2q/s
Cec84AWepJID+iW5xp8N0r5FFLpvAkEAmEB9V/dybtnqt6n3HfVzG0/iJ3Cr7Il9
VvwwYTYxn0211PxxK6sdhktzMTFeKRmcVVn7BYt1R9D+XhX17cHKgQJBANjpDrt1
T+qYZPgGbiEonb0bmjunnMY9Dn5GOh4YDHuv5ObnZZCkNTRJQUCJPjgsF/bkVhPg
dqL+gUqh3ZFVIg4=
-----END PRIVATE KEY-----

生成公钥：

OpenSSL> rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
writing RSA key
OpenSSL> quit openssl

退出openssl 输入ls检查是否生成对应的公私钥文件

[aofdapp@root-01 ~]$ ls
0219.zip         backup  key.pem                      notify    notify.2  ops         rsa_oo_private_key.pem rsa_public_key.pem
genrsa           pub_key.pem  rsa_private_key.pem     token
[aofdapp@root-01 ~]$ vi rsa_public_key.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8xygxrtfERxyVE9vrn286KvvC
+NR2Ec6LGUPhKArnDJqLFGsV+g1gf7hTyjjLFm4KxZPapAebAF50f18Mvs0Paelo
rAWPCNDaooZwXANDKpLCXAWDF7lq5bGWoreCO7+azgtYQ6c+kVVVpUdhbdjG/5OX
JM1ptVA6ASG4xdvKYwIDAQAB
-----END PUBLIC KEY-----

公钥、私钥
    

publicstatic String privatestr = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANlx8rhWlKYH54BaTuL8jRuXtssu7zr04O6KvZDTzIycvArF3ohMUcgFIQ4a+JlvN5S1sokmxLTKPr4xrS6xRnaUvIW1qXh5SXvwpBEHPpCoHXqP5zNMftxA2MH4ktPfKBtWpoKLP2DsJ4EpGRr34wP3CrchYbjlYyGdY5lvMcbHAgMBAAECgYAvzDJ0fuOyE2658iABGU7TT+gohaqkpQuEpA7DdSszhYh4
4000
PcKK52vasfXwKdGXuLDZCY+zQkhfDU35dOYCq4k3Q84cjiLVe5sFlJNucBgqlEcxrLsUkTuXzNntOWjTpWjAnfUXB7GkvT7ekpnCwqWb8qlUGHzsGioTkTOy0cfIUQJBAPuQmI0EpORqP+v/Vd6SWlxq6Be20hsT5erVpz2Ke1KczbQwRi2ogBpYRMaAmT4kWfsl2hU/hbmESG/yymWS+BMCQQDdR1uCJXSJqu7Urlg4zCa4kBk0rwYYttLJj1jL6d5kKawf9iEgoAElVlRZWWXRnyD4Nesf8n5kTlgtawz+jnT9AkEAi1aP6KwF2S6wsTsAiQNvYXkljN0Ki0z+MJCezYuCu0N2/LMwa+HE8tKpZXmdZ7oizOUuYk6I9zS6GqfUS2aYWQJBAJMjzxK0y1B77IJaSGnEPv89OrWQqNIoR/QlsNsvcWVTXJSIOzERlJF6XW5ohs8kLG1AlU/SFP+oJPRWmfZvThUCQDbM7X6PF+DHa9x2YPEWYYiiThbTGTO1mOxBt2V6GuFqnGHFIa3OeZZpv7SW+aDzTGEmrtByqxRkSd3WpeJzu0I=";
public static String publicstr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjyiajomfYD80A7tN8vdeXllTiGrSdocq1nvgceicanNb8QaoNGdAPE6AMuSqnMWs40tj/XoXQmPxNrdUmclwwLJza5Aq5PNqDiFC5QLmIFtATN/n3ymqIYnw78ME8Dv5yjYJs1xk0EL6+1wlFFrylApBWKUGE2c2m2seBY+in5wIDAQAB";

加签：   

public String signWhole(String keycode, String param) {
// 使用私钥加签
byte[] signature = null;
try {
//获取privatekey
byte[] keyByte = Base64.decode(keycode);
KeyFactory keyfactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec encoderule = new PKCS8EncodedKeySpec(keyByte);
PrivateKey privatekey = keyfactory.generatePrivate(encoderule);

//用私钥给入参加签
Signature sign = Signature.getInstance("SHA1WithRSA");
sign.initSign(privatekey);
sign.update(param.getBytes());

signature = sign.sign();

} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//将加签后的入参转成16进制
String terminal = Hex.encodeHexStr(signature);
return terminal;
}

验签：

public boolean verifyWhole(String param,String signature,String keycode){
try {
//获取公钥
KeyFactory keyFactory=KeyFactory.getInstance("RSA");
byte[] keyByte=Base64.decode(keycode);
X509EncodedKeySpec encodeRule=new X509EncodedKeySpec(keyByte);
PublicKey publicKey= keyFactory.generatePublic(encodeRule);

//用获取到的公钥对   入参中未加签参数param 与  入参中的加签之后的参数signature 进行验签
Signature sign=Signature.getInstance("SHA1WithRSA");
sign.initVerify(publicKey);
sign.update(param.getBytes());

//将16进制码转成字符数组
byte[] hexByte=Hex.hexStringToBytes(signature);
//验证签名
return sign.verify(hexByte);

} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return false;
}

[align=left]     [/align]