一 数字签名算法
带有秘钥(公钥,私钥)的消息摘要算法
验证数据完整性,认证数据来源,抗否认
OSI参考模型
私钥签名,公钥验证
RSA,DSA,ECDSA
二 数字签名算法RSA
经典算法
MD,SHA两类
例子:jdkRSA 算法
1 package com.dzj.rsa; 2 3 import java.security.KeyFactory; 4 import java.security.KeyPair; 5 import java.security.KeyPairGenerator; 6 import java.security.PrivateKey; 7 import java.security.PublicKey; 8 import java.security.Signature; 9 import java.security.interfaces.RSAPrivateKey; 10 import java.security.interfaces.RSAPublicKey; 11 import java.security.spec.PKCS8EncodedKeySpec; 12 import java.security.spec.X509EncodedKeySpec; 13 14 import org.apache.commons.codec.binary.Hex; 15 16 public class RSA { 17 private static String src = "imooc security rsa"; 18 19 public static void main(String[] args) { 20 jdkRSA(); 21 } 22 23 public static void jdkRSA() { 24 try { 25 // 1 初始化密钥 26 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); 27 keyPairGenerator.initialize(512); 28 KeyPair keyPair = keyPairGenerator.generateKeyPair(); 29 30 RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic(); 31 RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate(); 32 33 // 2 私钥加密、公钥解密——加密 34 // 用私钥进行签名 35 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(rsaPrivateKey.getEncoded()); 36 37 KeyFactory keyFactory = KeyFactory.getInstance("RSA"); 38 // 执行key的转化 39 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); 40 41 // 声明一个签名对象 使用JDK实现 42 Signature signature = Signature.getInstance("MD5withRSA"); 43 signature.initSign(privateKey); 44 signature.update(src.getBytes()); 45 byte[] sign = signature.sign(); 46 System.out.println("私钥加密、公钥解密——加密:" + Hex.encodeHexString(sign)); 47 48 // 3私钥加密、公钥解密——解密 49 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(rsaPublicKey.getEncoded()); 50 keyFactory = KeyFactory.getInstance("RSA"); 51 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); 52 // 创建签名对象 53 signature = Signature.getInstance("MD5withRSA"); 54 signature.initVerify(publicKey); 55 signature.update(src.getBytes()); 56 boolean verify = signature.verify(sign); 57 System.out.println("私钥加密、公钥解密——解密:" + verify); 58 59 } catch (Exception e) { 60 // TODO Auto-generated catch block 61 e.printStackTrace(); 62 } 63 64 } 65 66 }
数字签名算法----过程
三 数字签名算法DSA
DSS(Digital Signature Standard)数字签名标准
DSA(Digital Signature Algorithm)数字签名算法
DSA仅包含数字签名,没有办法进行加密通讯
RSA即包括加解密,又包括数字签名的算法
例子
1 package com.dzj.dsa; 2 3 import java.security.KeyFactory; 4 import java.security.KeyPair; 5 import java.security.KeyPairGenerator; 6 import java.security.PrivateKey; 7 import java.security.PublicKey; 8 import java.security.Signature; 9 import java.security.interfaces.DSAPrivateKey; 10 import java.security.interfaces.DSAPublicKey; 11 import java.security.spec.PKCS8EncodedKeySpec; 12 import java.security.spec.X509EncodedKeySpec; 13 14 import org.apache.commons.codec.binary.Hex; 15 16 public class DSA { 17 18 private static String src = "imooc security dsa"; 19 20 public static void main(String[] args) { 21 jdkDSA(); 22 } 23 24 public static void jdkDSA() { 25 try { 26 // 1.初始化密钥 27 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA"); 28 keyPairGenerator.initialize(512); 29 KeyPair keyPair = keyPairGenerator.generateKeyPair(); 30 DSAPublicKey dsaPublicKey = (DSAPublicKey) keyPair.getPublic(); 31 DSAPrivateKey dsaPrivateKey = (DSAPrivateKey) keyPair.getPrivate(); 32 33 // 2.执行签名 私钥进行签名 34 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(dsaPrivateKey.getEncoded()); 35 KeyFactory keyFactory = KeyFactory.getInstance("DSA"); 36 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); 37 Signature signature = Signature.getInstance("SHA1withDSA"); 38 signature.initSign(privateKey); 39 signature.update(src.getBytes()); 40 byte[] result = signature.sign(); 41 System.out.println("jdk dsa sign : " + Hex.encodeHexString(result)); 42 43 // 3.验证签名 44 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(dsaPublicKey.getEncoded()); 45 keyFactory = KeyFactory.getInstance("DSA"); 46 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); 47 signature = Signature.getInstance("SHA1withDSA"); 48 signature.initVerify(publicKey); 49 signature.update(src.getBytes()); 50 boolean bool = signature.verify(result); 51 System.out.println("jdk dsa verify : " + bool); 52 } catch (Exception e) { 53 e.printStackTrace(); 54 } 55 } 56 57 }
四 数字签名算法ECDSA
微软
Ellipticc Curve Digital Signature Algorithm,椭圆曲线数字签名算法
速度快,强度高,签名短
例子:
1 package com.dzj.ecdsa; 2 3 import java.security.KeyFactory; 4 import java.security.KeyPair; 5 import java.security.KeyPairGenerator; 6 import java.security.PrivateKey; 7 import java.security.PublicKey; 8 import java.security.Signature; 9 import java.security.interfaces.ECPrivateKey; 10 import java.security.interfaces.ECPublicKey; 11 import java.security.spec.PKCS8EncodedKeySpec; 12 import java.security.spec.X509EncodedKeySpec; 13 14 import org.apache.commons.codec.binary.Hex; 15 16 public class ECDSA { 17 private static String src = "imooc security ecdsa"; 18 19 public static void main(String[] args) { 20 21 jdkECDSA(); 22 23 } 24 25 public static void jdkECDSA() { 26 try { 27 // 1 初始化密钥 28 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC"); 29 keyPairGenerator.initialize(256); 30 KeyPair keyPair = keyPairGenerator.generateKeyPair(); 31 ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic(); 32 ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate(); 33 34 // 2 执行签名 35 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(ecPrivateKey.getEncoded()); 36 KeyFactory keyFactory = KeyFactory.getInstance("EC"); 37 PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); 38 Signature signature = Signature.getInstance("SHA1withECDSA"); 39 signature.initSign(privateKey); 40 signature.update(src.getBytes()); 41 byte[] sign = signature.sign(); 42 System.out.println("jdk ecdsa sign:" + Hex.encodeHexString(sign)); 43 44 // 3验证 45 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(ecPublicKey.getEncoded()); 46 keyFactory = KeyFactory.getInstance("EC"); 47 PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); 48 signature = Signature.getInstance("SHA1withECDSA"); 49 signature.initVerify(publicKey); 50 signature.update(src.getBytes()); 51 boolean verify = signature.verify(sign); 52 System.out.println("jdk ecdsa verify:" + verify); 53 } catch (Exception e) { 54 // TODO Auto-generated catch block 55 e.printStackTrace(); 56 } 57 58 } 59 60 }