java实现(RSA非对称加密) SHA1WithRSA加签验签 及openssl生成公私钥
2017-08-29 15:18
543 查看
RSA加签验签流程:
生成公私钥方法:
在Linuxx下输入openssl 进入openssl 获取公私钥
生成私钥: openssl>genrsa
-out rsa_private_key.pem 1024 默认输出pkcs1
生成公钥: openssl>rsa
-in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
私钥需要做pkcs1转pkcs8
---------------------------------------------------------------------
- PKCS8格式私钥转换为PKCS1(传统私钥格式) -
- openssl pkcs8 -in pkcs8.pem -nocrypt -out pri_key.pem -
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
- PKCS1格式私钥转换为PKCS8(传统私钥格式) -
- pkcs8 -topk8 -inform PEM -in rsa_key.pem -outform
PEM -nocrypt -
-----------------------------------------------------------------------------------------------------------
生成私钥:
生成公钥:
退出openssl 输入ls检查是否生成对应的公私钥文件
公钥、私钥
加签:
验签:
[align=left] [/align]
本地发送请求时(本地已对请求根据私钥进行加签) 接收方平台根据公钥进行验签 判断是否合法 接收来自平台的响应时(平台已根据私钥进行加签) 需要根据本地公钥对响应进行验签 判断是否合法 |
在Linuxx下输入openssl 进入openssl 获取公私钥
生成私钥: openssl>genrsa
-out rsa_private_key.pem 1024 默认输出pkcs1
生成公钥: openssl>rsa
-in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
私钥需要做pkcs1转pkcs8
---------------------------------------------------------------------
- PKCS8格式私钥转换为PKCS1(传统私钥格式) -
- openssl pkcs8 -in pkcs8.pem -nocrypt -out pri_key.pem -
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
- PKCS1格式私钥转换为PKCS8(传统私钥格式) -
- pkcs8 -topk8 -inform PEM -in rsa_key.pem -outform
PEM -nocrypt -
-----------------------------------------------------------------------------------------------------------
生成私钥:
Last login: Fri Aug 4 09:30:12 2017 from 192.168.88.211 [koolapp@aop-70-104 ~]$ openssl OpenSSL> genrsa -out rsa_oo_private_key.pem 1024 Generating RSA private key, 1024 bit long modulus ...............................++++++ .......................++++++ e is 65537 (0x10001) ----------Java开发者需将私钥转换成PKCS8格式再做签名使用,转换方法如下:-------- OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_oo_private_key.pem -outform PEM -nocrypt --pkcs1转pkcs8 -----BEGIN PRIVATE KEY----- MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALzHKDGu18RHHJUT 2+ufbzoq+8L41HYRzosZQ+EoCucMmosUaxX6DWB/uFPKOMsWbgrFk9qkB5sAXnR/ Xwy+zQ9p6WisBY8I0NqihnBcA0MqksJcBYMXuWrlsZait4I7v5rOC1hDpz6RVVWl R2Ft2Mb/k5ckzWm1UDoBIbjF28pjAgMBAAECgYBewNwk6+yzQTpQfZJSV0ld+fs6 ZulFhjSUzw6qMg4e4M2lZ49EjakvOYxMymDtVwnO8FMBWHnUzD+c293aqN6Fs/cU MK7rFDdR0GQcclezHfkL/j0xvj+y8DgYd2JiAqh/qeuwbTs4Z0o6dMlqazJ7l16R s3MnYzU8ABdK6rv9wQJBAOn4brXDH2jcHR4/PWYH1/uNU0FWHwfT9jg9KLTU8k5H m6c2K5l1eHhir9KmyZhncrPYCynC1iwZzK7ik3GZhwMCQQDOjWpvJEgE+7SLwe2D +j1vEY8kU3NR3xyZAqVz1fWkd2kW4kr0TPPchVbJBGJpOOa0wwRtf04Lb/nONZDR jiEhAkAaPlJ0stE4GtBtTxyc8C5KufxnrLhIUX8hqcKCHgybuS59X/cd/G4p2q/s Cec84AWepJID+iW5xp8N0r5FFLpvAkEAmEB9V/dybtnqt6n3HfVzG0/iJ3Cr7Il9 VvwwYTYxn0211PxxK6sdhktzMTFeKRmcVVn7BYt1R9D+XhX17cHKgQJBANjpDrt1 T+qYZPgGbiEonb0bmjunnMY9Dn5GOh4YDHuv5ObnZZCkNTRJQUCJPjgsF/bkVhPg dqL+gUqh3ZFVIg4= -----END PRIVATE KEY-----
生成公钥:
OpenSSL> rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem writing RSA key OpenSSL> quit openssl
退出openssl 输入ls检查是否生成对应的公私钥文件
[aofdapp@root-01 ~]$ ls 0219.zip backup key.pem notify notify.2 ops rsa_oo_private_key.pem rsa_public_key.pem genrsa pub_key.pem rsa_private_key.pem token [aofdapp@root-01 ~]$ vi rsa_public_key.pem -----BEGIN PUBLIC KEY----- MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8xygxrtfERxyVE9vrn286KvvC +NR2Ec6LGUPhKArnDJqLFGsV+g1gf7hTyjjLFm4KxZPapAebAF50f18Mvs0Paelo rAWPCNDaooZwXANDKpLCXAWDF7lq5bGWoreCO7+azgtYQ6c+kVVVpUdhbdjG/5OX JM1ptVA6ASG4xdvKYwIDAQAB -----END PUBLIC KEY-----
公钥、私钥
publicstatic String privatestr = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANlx8rhWlKYH54BaTuL8jRuXtssu7zr04O6KvZDTzIycvArF3ohMUcgFIQ4a+JlvN5S1sokmxLTKPr4xrS6xRnaUvIW1qXh5SXvwpBEHPpCoHXqP5zNMftxA2MH4ktPfKBtWpoKLP2DsJ4EpGRr34wP3CrchYbjlYyGdY5lvMcbHAgMBAAECgYAvzDJ0fuOyE2658iABGU7TT+gohaqkpQuEpA7DdSszhYh4 4000 PcKK52vasfXwKdGXuLDZCY+zQkhfDU35dOYCq4k3Q84cjiLVe5sFlJNucBgqlEcxrLsUkTuXzNntOWjTpWjAnfUXB7GkvT7ekpnCwqWb8qlUGHzsGioTkTOy0cfIUQJBAPuQmI0EpORqP+v/Vd6SWlxq6Be20hsT5erVpz2Ke1KczbQwRi2ogBpYRMaAmT4kWfsl2hU/hbmESG/yymWS+BMCQQDdR1uCJXSJqu7Urlg4zCa4kBk0rwYYttLJj1jL6d5kKawf9iEgoAElVlRZWWXRnyD4Nesf8n5kTlgtawz+jnT9AkEAi1aP6KwF2S6wsTsAiQNvYXkljN0Ki0z+MJCezYuCu0N2/LMwa+HE8tKpZXmdZ7oizOUuYk6I9zS6GqfUS2aYWQJBAJMjzxK0y1B77IJaSGnEPv89OrWQqNIoR/QlsNsvcWVTXJSIOzERlJF6XW5ohs8kLG1AlU/SFP+oJPRWmfZvThUCQDbM7X6PF+DHa9x2YPEWYYiiThbTGTO1mOxBt2V6GuFqnGHFIa3OeZZpv7SW+aDzTGEmrtByqxRkSd3WpeJzu0I="; public static String publicstr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjyiajomfYD80A7tN8vdeXllTiGrSdocq1nvgceicanNb8QaoNGdAPE6AMuSqnMWs40tj/XoXQmPxNrdUmclwwLJza5Aq5PNqDiFC5QLmIFtATN/n3ymqIYnw78ME8Dv5yjYJs1xk0EL6+1wlFFrylApBWKUGE2c2m2seBY+in5wIDAQAB";
加签:
public String signWhole(String keycode, String param) { // 使用私钥加签 byte[] signature = null; try { //获取privatekey byte[] keyByte = Base64.decode(keycode); KeyFactory keyfactory = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec encoderule = new PKCS8EncodedKeySpec(keyByte); PrivateKey privatekey = keyfactory.generatePrivate(encoderule); //用私钥给入参加签 Signature sign = Signature.getInstance("SHA1WithRSA"); sign.initSign(privatekey); sign.update(param.getBytes()); signature = sign.sign(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } catch (Base64DecodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (InvalidKeySpecException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (SignatureException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (InvalidKeyException e) { // TODO Auto-generated catch block e.printStackTrace(); } //将加签后的入参转成16进制 String terminal = Hex.encodeHexStr(signature); return terminal; }
验签:
public boolean verifyWhole(String param,String signature,String keycode){ try { //获取公钥 KeyFactory keyFactory=KeyFactory.getInstance("RSA"); byte[] keyByte=Base64.decode(keycode); X509EncodedKeySpec encodeRule=new X509EncodedKeySpec(keyByte); PublicKey publicKey= keyFactory.generatePublic(encodeRule); //用获取到的公钥对 入参中未加签参数param 与 入参中的加签之后的参数signature 进行验签 Signature sign=Signature.getInstance("SHA1WithRSA"); sign.initVerify(publicKey); sign.update(param.getBytes()); //将16进制码转成字符数组 byte[] hexByte=Hex.hexStringToBytes(signature); //验证签名 return sign.verify(hexByte); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (Base64DecodingException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (InvalidKeySpecException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (SignatureException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (InvalidKeyException e) { // TODO Auto-generated catch block e.printStackTrace(); } return false; }
[align=left] [/align]
相关文章推荐
- java/php/c#版rsa签名以及java验签实现openssl生成
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java OpenSSL生成的RSA公私钥进行数据加解密详细介绍
- Java中不依赖于第三方库使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java OpenSSL生成的RSA公私钥进行数据加解密详细介绍
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密
- Java中使用OpenSSL生成的RSA公私钥进行数据加解密