数字签名(又称公钥数字签名)是一种类似写在纸上的普通的物理签名,但是使用了公钥加密领域的技术实现,用于鉴别数字信息的方法。关于数字签名的介绍,可以参见百度百科:http://baike.baidu.com/view/7626.htm。今天,我们就开始学习java中数字签名的使用。
项目结构如下:
DSA算法
一、 HuhxDSA.java
package com.huhx.security; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.DSAPrivateKey; import java.security.interfaces.DSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import org.apache.commons.codec.binary.Hex; /** * writer: huhx */ public class HuhxDSA { private final static String src = "http://www.cnblogs.com/huhx"; public static void main(String[] args) { // 初始化签名 try { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA"); keyPairGenerator.initialize(512); KeyPair keyPair = keyPairGenerator.generateKeyPair(); DSAPublicKey dsaPublicKey = (DSAPublicKey) keyPair.getPublic(); DSAPrivateKey dsaPrivateKey = (DSAPrivateKey) keyPair.getPrivate(); // 执行签名 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(dsaPrivateKey.getEncoded()); KeyFactory keyFactory = KeyFactory.getInstance("DSA"); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); Signature signature = Signature.getInstance("SHA1withDSA"); signature.initSign(privateKey); signature.update(src.getBytes()); byte[] result = signature.sign(); System.out.println("jdk dsa sign: " + Hex.encodeHexString(result)); // 验证签名 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(dsaPublicKey.getEncoded()); keyFactory = KeyFactory.getInstance("DSA"); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); signature = Signature.getInstance("SHA1withDSA"); signature.initVerify(publicKey); signature.update(src.getBytes()); boolean bool = signature.verify(result); System.out.println("jdk dsa: " + bool); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } } }
二、 运行结果如下:
jdk dsa sign: 302d0215009461ae45922c11159d3b6dc4c70eb0748763d23202146f5f9a5eedb36a760cf8b9b1d1d1fdc10636aafe jdk dsa: true
RSA算法
一、 HuhxRSA.java
package com.huhx.security; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import org.apache.commons.codec.binary.Hex; /** * writer: huhx */ public class HuhxRSA { private final static String src = "http://www.cnblogs.com/huhx"; public static void main(String[] args) { try { // 初始化签名 KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); generator.initialize(512); KeyPair keyPair = generator.generateKeyPair(); RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic(); RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate(); // 执行签名 PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(rsaPrivateKey.getEncoded()); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey privateKey = keyFactory.generatePrivate(encodedKeySpec); Signature signature = Signature.getInstance("MD5withRSA"); signature.initSign(privateKey); signature.update(src.getBytes()); byte[] result = signature.sign(); System.out.println("jdk rsa sign: " + Hex.encodeHexString(result)); // 验证签名 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(rsaPublicKey.getEncoded()); keyFactory = KeyFactory.getInstance("RSA"); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); signature = Signature.getInstance("MD5withRSA"); signature.initVerify(publicKey); signature.update(src.getBytes()); boolean bool = signature.verify(result); System.out.println("jdk rsa: " + bool); } catch (Exception e) { e.printStackTrace(); } } }
二、 运行结果如下:
jdk rsa sign: 564dc7f96c85a7a42e579ae191997c892f234272d220e3f062cf52071e827164fadd52720b69704979fc11810bdbf92b01dd3f5f26a621ffe699ef601d08fb6c jdk rsa: true
ECDSA算法
一、 HuhxECDSA.java
package com.huhx.security; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import org.apache.commons.codec.binary.Hex; /** * writer: huhx */ public class HuhxECDSA { private final static String src = "mhttp://www.cnblogs.com/huhx"; public static void main(String[] args) { try { // 初始化签名 KeyPairGenerator generator = KeyPairGenerator.getInstance("EC"); generator.initialize(256); KeyPair keyPair = generator.generateKeyPair(); ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic(); ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate(); // 执行签名 PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(ecPrivateKey.getEncoded()); KeyFactory keyFactory = KeyFactory.getInstance("EC"); PrivateKey privateKey = keyFactory.generatePrivate(encodedKeySpec); Signature signature = Signature.getInstance("SHA1withECDSA"); signature.initSign(privateKey); signature.update(src.getBytes()); byte[] result = signature.sign(); System.out.println("jdk ecdsa sign: " + Hex.encodeHexString(result)); // 验证签名 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(ecPublicKey.getEncoded()); keyFactory = KeyFactory.getInstance("EC"); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); signature = Signature.getInstance("SHA1withECDSA"); signature.initVerify(publicKey); signature.update(src.getBytes()); boolean bool = signature.verify(result); System.out.println("jdk ecdsa: " + bool); } catch (Exception e) { e.printStackTrace(); } } }
二、 运行结果如下:
jdk ecdsa sign: 30460221009b80596c51ccdf19c5e8e825aca6d85e549a30ee72a1e9b094f7b3a8c8b9310902210098e8dcc6ea932142d8cd9dd80c08fff7359f796571f8a973d3ca6e2dc0931904 jdk ecdsa: true