demo:使用数字证书进行数字签名和加密,解密

下边是一个使用数字证书来进行数字签名(以及验证签名信息),以及非对称加密的一个demo,代码中使用PKCS12类型的keystore(包含私钥)使用JKS或者其他类型的keystore也是可以的,就是在加载keystore的时候有一些不同

关于公钥,私钥和数字签名的一个比较容易的理解可以参考这篇文章:http://blog.csdn.net/21aspnet/article/details/7249401

下边直接上代码:

package com.jiaoyiping.passwordmanager.pki;
 /*
  * Created with Intellij IDEA
  * USER: 焦一平
  * Mail: jiaoyiping@gmail.com
  * Date: 2016/10/2
  * Time: 12:05
  * To change this template use File | Settings | Editor | File and Code Templates
 */

import org.apache.commons.codec.binary.Hex;

import javax.crypto.Cipher;
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;

/**
 * 签名和验证签名
 */
public class TestSign {
    //证书密码
    private static final String PASSWORD = "123456";
    //证书别名
    private static final String ALIAS = "test";

    public static void main(String[] args) throws Exception {

        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("D:\test.p12"), PASSWORD.toCharArray());
        Certificate x509Certificate = keyStore.getCertificate(ALIAS);

        encrypt(x509Certificate.getPublicKey(), (PrivateKey) keyStore.getKey(ALIAS, PASSWORD.toCharArray()));
        System.out.println("==============================================================================");
        sign(keyStore);
    }

    /**
     * 签名和验证签名
     *
     * @throws Exception
     */
    public static void sign(KeyStore keyStore) throws Exception {

        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(ALIAS);
        //需要签名的信息的内容
        String message = "中国移动通信研究院";
        //获取CA证书私钥
        PrivateKey priKey = (PrivateKey) keyStore.getKey(ALIAS, PASSWORD.toCharArray());
        System.out.println("私钥:" + Hex.encodeHexString(priKey.getEncoded()));

        //用私钥签名
        Signature signature = Signature.getInstance("NONEwithRSA");
        signature.initSign(priKey);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream = new DataOutputStream(byteArrayOutputStream);
        dataOutputStream.writeUTF(message);
        signature.update(byteArrayOutputStream.toByteArray());
        String result = Hex.encodeHexString(signature.sign());
        System.out.println("签名之后的内容:" + result);


        //用公钥来验证签名
        Signature signature1 = Signature.getInstance("NONEwithRSA");
        signature1.initVerify(x509Certificate.getPublicKey());
        System.out.println("公钥:" + Hex.encodeHexString(x509Certificate.getPublicKey().getEncoded()));
        ByteArrayOutputStream byteArrayOutputStream1 = new ByteArrayOutputStream();
        DataOutputStream dataOutputStream1 = new DataOutputStream(byteArrayOutputStream1);
        dataOutputStream1.writeUTF(message);
        signature1.update(byteArrayOutputStream1.toByteArray());

        System.out.println("验证结果:   " + signature1.verify(Hex.decodeHex(result.toCharArray())));
    }

    /**
     * 加密和解密
     *
     * @param publicKey
     * @param privateKey
     * @throws Exception
     */
    public static void encrypt(PublicKey publicKey, PrivateKey privateKey) throws Exception {

        String input = "慧与(中国)有限公司";
        Cipher cipher = Cipher.getInstance("RSA");
        RSAPublicKey pubKey = (RSAPublicKey) publicKey;
        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) privateKey;
        cipher.init(Cipher.ENCRYPT_MODE, pubKey);
        byte[] cipherText = cipher.doFinal(input.getBytes());
        //加密后的内容
        System.out.println("加密之后的内容:" + Hex.encodeHexString(cipherText));


        //解密
        cipher.init(Cipher.DECRYPT_MODE, rsaPrivateKey);
        byte[] plainText = cipher.doFinal(cipherText);
        System.out.println("解密之后的内容 : " + new String(plainText));

    }


}    

运行的结果: