1、SM2简述
RSA算法的危机在于其存在亚指数算法,对ECC算法而言一般没有亚指数攻击算法。
SM2椭圆曲线公钥密码算法:我国自主知识产权的商用密码算法,是ECC(Elliptic Curve Cryptosystem)算法的一种,基于椭圆曲线离散对数问题,计算复杂度是指数级,求解难度较大,同等安全程度要求下,椭圆曲线密码较其他公钥算法所需密钥长度小很多。
ECC算法描述:
- 用户A选定一条适合加密的椭圆曲线Ep(a,b)(如:y2=x3+ax+b),并取椭圆曲线上一点,作为基点G。
- 用户A选择一个私有密钥k,并生成公开密钥(公钥PB)K=kG。
- 用户A将Ep(a,b)和点(公钥)K,G传给用户B。
- 用户B接到信息后 ,将待传输的明文(M)编码到Ep(a,b)上一点M,并产生一个随机整数r(r<n)。加密开始
- 用户B计算点C1=M+rK;C2=rG。
- 用户B将C1、C2传给用户A。
- 用户A接到信息后,计算C1-kC2,结果就是点M。因为C1-kC2=M+rK-k(rG)=M+rK-r(kG)=M
再对点M进行解码就可以得到明文。
密码学中,描述一条Fp上的椭圆曲线,常用到六个参量:T=(p,a,b,G,n,h)。
(p 、a 、b 用来确定一条椭圆曲线,G为基点,n为点G的阶,h 是椭圆曲线上所有点的个数m与n相除的整数部分)
这几个参量取值的选择,直接影响了加密的安全性。参量值一般要求满足以下几个条件:
- p 当然越大越安全,但越大,计算速度会变慢,200位左右可以满足一般安全要求;
- p≠n×h;
- pt≠1 (mod n),1≤t<20;
- 4a3+27b2≠0 (mod p);
- n 为素数;
- h≤4。
2、前后端代码示例
1、Maven依赖
<!-- https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on --> <dependency> <groupId>org.bouncycastle</groupId> <artifactId>bcprov-jdk15on</artifactId> <version>1.56</version> </dependency>
2、工具类Util
import java.math.BigInteger; public class Util { /** * 整形转换成网络传输的字节流(字节数组)型数据 * * @param num 一个整型数据 * @return 4个字节的自己数组 */ public static byte[] intToBytes(int num) { byte[] bytes = new byte[4]; bytes[0] = (byte) (0xff & (num >> 0)); bytes[1] = (byte) (0xff & (num >> 8)); bytes[2] = (byte) (0xff & (num >> 16)); bytes[3] = (byte) (0xff & (num >> 24)); return bytes; } /** * 四个字节的字节数据转换成一个整形数据 * * @param bytes 4个字节的字节数组 * @return 一个整型数据 */ public static int byteToInt(byte[] bytes) { int num = 0; int temp; temp = (0x000000ff & (bytes[0])) << 0; num = num | temp; temp = (0x000000ff & (bytes[1])) << 8; num = num | temp; temp = (0x000000ff & (bytes[2])) << 16; num = num | temp; temp = (0x000000ff & (bytes[3])) << 24; num = num | temp; return num; } /** * 长整形转换成网络传输的字节流(字节数组)型数据 * * @param num 一个长整型数据 * @return 4个字节的自己数组 */ public static byte[] longToBytes(long num) { byte[] bytes = new byte[8]; for (int i = 0; i < 8; i++) { bytes[i] = (byte) (0xff & (num >> (i * 8))); } return bytes; } /** * 大数字转换字节流(字节数组)型数据 * * @param n * @return */ public static byte[] byteConvert32Bytes(BigInteger n) { byte tmpd[] = (byte[]) null; if (n == null) { return null; } if (n.toByteArray().length == 33) { tmpd = new byte[32]; System.arraycopy(n.toByteArray(), 1, tmpd, 0, 32); } else if (n.toByteArray().length == 32) { tmpd = n.toByteArray(); } else { tmpd = new byte[32]; for (int i = 0; i < 32 - n.toByteArray().length; i++) { tmpd[i] = 0; } System.arraycopy(n.toByteArray(), 0, tmpd, 32 - n.toByteArray().length, n.toByteArray().length); } return tmpd; } /** * 换字节流(字节数组)型数据转大数字 * * @param b * @return */ public static BigInteger byteConvertInteger(byte[] b) { if (b[0] < 0) { byte[] temp = new byte[b.length + 1]; temp[0] = 0; System.arraycopy(b, 0, temp, 1, b.length); return new BigInteger(temp); } return new BigInteger(b); } /** * 根据字节数组获得值(十六进制数字) * * @param bytes * @return */ public static String getHexString(byte[] bytes) { return getHexString(bytes, true); } /** * 根据字节数组获得值(十六进制数字) * * @param bytes * @param upperCase * @return */ public static String getHexString(byte[] bytes, boolean upperCase) { String ret = ""; for (int i = 0; i < bytes.length; i++) { ret += Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1); } return upperCase ? ret.toUpperCase() : ret; } /** * 打印十六进制字符串 * * @param bytes */ public static void printHexString(byte[] bytes) { for (int i = 0; i < bytes.length; i++) { String hex = Integer.toHexString(bytes[i] & 0xFF); if (hex.length() == 1) { hex = '0' + hex; } System.out.print("0x" + hex.toUpperCase() + ","); } System.out.println(""); } /** * Convert hex string to byte[] * * @param hexString the hex string * @return byte[] */ public static byte[] hexStringToBytes(String hexString) { if (hexString == null || hexString.equals("")) { return null; } hexString = hexString.toUpperCase(); int length = hexString.length() / 2; char[] hexChars = hexString.toCharArray(); byte[] d = new byte[length]; for (int i = 0; i < length; i++) { int pos = i * 2; d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1])); } return d; } /** * Convert char to byte * * @param c char * @return byte */ public static byte charToByte(char c) { return (byte) "0123456789ABCDEF".indexOf(c); } /** * 用于建立十六进制字符的输出的小写字符数组 */ private static final char[] DIGITS_LOWER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}; /** * 用于建立十六进制字符的输出的大写字符数组 */ private static final char[] DIGITS_UPPER = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}; /** * 将字节数组转换为十六进制字符数组 * * @param data byte[] * @return 十六进制char[] */ public static char[] encodeHex(byte[] data) { return encodeHex(data, true); } /** * 将字节数组转换为十六进制字符数组 * * @param data byte[] * @param toLowerCase <code>true</code> 传换成小写格式 , <code>false</code> 传换成大写格式 * @return 十六进制char[] */ public static char[] encodeHex(byte[] data, boolean toLowerCase) { return encodeHex(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER); } /** * 将字节数组转换为十六进制字符数组 * * @param data byte[] * @param toDigits 用于控制输出的char[] * @return 十六进制char[] */ protected static char[] encodeHex(byte[] data, char[] toDigits) { int l = data.length; char[] out = new char[l << 1]; // two characters form the hex value. for (int i = 0, j = 0; i < l; i++) { out[j++] = toDigits[(0xF0 & data[i]) >>> 4]; out[j++] = toDigits[0x0F & data[i]]; } return out; } /** * 将字节数组转换为十六进制字符串 * * @param data byte[] * @return 十六进制String */ public static String encodeHexString(byte[] data) { return encodeHexString(data, true); } /** * 将字节数组转换为十六进制字符串 * * @param data byte[] * @param toLowerCase <code>true</code> 传换成小写格式 , <code>false</code> 传换成大写格式 * @return 十六进制String */ public static String encodeHexString(byte[] data, boolean toLowerCase) { return encodeHexString(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER); } /** * 将字节数组转换为十六进制字符串 * * @param data byte[] * @param toDigits 用于控制输出的char[] * @return 十六进制String */ protected static String encodeHexString(byte[] data, char[] toDigits) { return new String(encodeHex(data, toDigits)); } /** * 将十六进制字符数组转换为字节数组 * * @param data 十六进制char[] * @return byte[] * @throws RuntimeException 如果源十六进制字符数组是一个奇怪的长度,将抛出运行时异常 */ public static byte[] decodeHex(char[] data) { int len = data.length; if ((len & 0x01) != 0) { throw new RuntimeException("Odd number of characters."); } byte[] out = new byte[len >> 1]; // two characters form the hex value. for (int i = 0, j = 0; j < len; i++) { int f = toDigit(data[j], j) << 4; j++; f = f | toDigit(data[j], j); j++; out[i] = (byte) (f & 0xFF); } return out; } /** * 将十六进制字符转换成一个整数 * * @param ch 十六进制char * @param index 十六进制字符在字符数组中的位置 * @return 一个整数 * @throws RuntimeException 当ch不是一个合法的十六进制字符时,抛出运行时异常 */ protected static int toDigit(char ch, int index) { int digit = Character.digit(ch, 16); if (digit == -1) { throw new RuntimeException("Illegal hexadecimal character " + ch + " at index " + index); } return digit; } /** * 数字字符串转ASCII码字符串 * * @param content 字符串 * @return ASCII字符串 */ public static String StringToAsciiString(String content) { String result = ""; int max = content.length(); for (int i = 0; i < max; i++) { char c = content.charAt(i); String b = Integer.toHexString(c); result = result + b; } return result; } /** * 十六进制转字符串 * * @param hexString 十六进制字符串 * @param encodeType 编码类型4:Unicode,2:普通编码 * @return 字符串 */ public static String hexStringToString(String hexString, int encodeType) { String result = ""; int max = hexString.length() / encodeType; for (int i = 0; i < max; i++) { char c = (char) hexStringToAlgorism(hexString .substring(i * encodeType, (i + 1) * encodeType)); result += c; } return result; } /** * 十六进制字符串装十进制 * * @param hex 十六进制字符串 * @return 十进制数值 */ public static int hexStringToAlgorism(String hex) { hex = hex.toUpperCase(); int max = hex.length(); int result = 0; for (int i = max; i > 0; i--) { char c = hex.charAt(i - 1); int algorism = 0; if (c >= '0' && c <= '9') { algorism = c - '0'; } else { algorism = c - 55; } result += Math.pow(16, max - i) * algorism; } return result; } /** * 十六转二进制 * * @param hex 十六进制字符串 * @return 二进制字符串 */ public static String hexStringToBinary(String hex) { hex = hex.toUpperCase(); String result = ""; int max = hex.length(); for (int i = 0; i < max; i++) { char c = hex.charAt(i); switch (c) { case '0': result += "0000"; break; case '1': result += "0001"; break; case '2': result += "0010"; break; case '3': result += "0011"; break; case '4': result += "0100"; break; case '5': result += "0101"; break; case '6': result += "0110"; break; case '7': result += "0111"; break; case '8': result += "1000"; break; case '9': result += "1001"; break; case 'A': result += "1010"; break; case 'B': result += "1011"; break; case 'C': result += "1100"; break; case 'D': result += "1101"; break; case 'E': result += "1110"; break; case 'F': result += "1111"; break; } } return result; } /** * ASCII码字符串转数字字符串 * * @param content ASCII字符串 * @return 字符串 */ public static String AsciiStringToString(String content) { String result = ""; int length = content.length() / 2; for (int i = 0; i < length; i++) { String c = content.substring(i * 2, i * 2 + 2); int a = hexStringToAlgorism(c); char b = (char) a; String d = String.valueOf(b); result += d; } return result; } /** * 将十进制转换为指定长度的十六进制字符串 * * @param algorism int 十进制数字 * @param maxLength int 转换后的十六进制字符串长度 * @return String 转换后的十六进制字符串 */ public static String algorismToHexString(int algorism, int maxLength) { String result = ""; result = Integer.toHexString(algorism); if (result.length() % 2 == 1) { result = "0" + result; } return patchHexString(result.toUpperCase(), maxLength); } /** * 字节数组转为普通字符串(ASCII对应的字符) * * @param bytearray byte[] * @return String */ public static String byteToString(byte[] bytearray) { String result = ""; char temp; int length = bytearray.length; for (int i = 0; i < length; i++) { temp = (char) bytearray[i]; result += temp; } return result; } /** * 二进制字符串转十进制 * * @param binary 二进制字符串 * @return 十进制数值 */ public static int binaryToAlgorism(String binary) { int max = binary.length(); int result = 0; for (int i = max; i > 0; i--) { char c = binary.charAt(i - 1); int algorism = c - '0'; result += Math.pow(2, max - i) * algorism; } return result; } /** * 十进制转换为十六进制字符串 * * @param algorism int 十进制的数字 * @return String 对应的十六进制字符串 */ public static String algorismToHEXString(int algorism) { String result = ""; result = Integer.toHexString(algorism); if (result.length() % 2 == 1) { result = "0" + result; } result = result.toUpperCase(); return result; } /** * HEX字符串前补0,主要用于长度位数不足。 * * @param str String 需要补充长度的十六进制字符串 * @param maxLength int 补充后十六进制字符串的长度 * @return 补充结果 */ static public String patchHexString(String str, int maxLength) { String temp = ""; for (int i = 0; i < maxLength - str.length(); i++) { temp = "0" + temp; } str = (temp + str).substring(0, maxLength); return str; } /** * 将一个字符串转换为int * * @param s String 要转换的字符串 * @param defaultInt int 如果出现异常,默认返回的数字 * @param radix int 要转换的字符串是什么进制的,如16 8 10. * @return int 转换后的数字 */ public static int parseToInt(String s, int defaultInt, int radix) { int i = 0; try { i = Integer.parseInt(s, radix); } catch (NumberFormatException ex) { i = defaultInt; } return i; } /** * 将一个十进制形式的数字字符串转换为int * * @param s String 要转换的字符串 * @param defaultInt int 如果出现异常,默认返回的数字 * @return int 转换后的数字 */ public static int parseToInt(String s, int defaultInt) { int i = 0; try { i = Integer.parseInt(s); } catch (NumberFormatException ex) { i = defaultInt; } return i; } /** * 十六进制串转化为byte数组 * * @return the array of byte */ public static byte[] hexToByte(String hex) throws IllegalArgumentException { if (hex.length() % 2 != 0) { throw new IllegalArgumentException(); } if (hex.length() < 1) { return null; } else { byte[] result = new byte[hex.length() / 2]; int j = 0; for(int i = 0; i < hex.length(); i+=2) { result[j++] = (byte)Integer.parseInt(hex.substring(i,i+2), 16); } return result; } } /** * 字节数组转换为十六进制字符串 * * @param b byte[] 需要转换的字节数组 * @return String 十六进制字符串 */ public static String byteToHex(byte b[]) { if (b == null) { return ""; } StringBuffer sb = new StringBuffer(); for(int i = 0; i < b.length; i++) { String hex = Integer.toHexString(b[i] & 0xFF); if(hex.length() < 2) { hex = "0" + hex; } sb.append(hex.toUpperCase()); } return sb.toString(); } public static byte[] subByte(byte[] input, int startIndex, int length) { byte[] bt = new byte[length]; for (int i = 0; i < length; i++) { bt[i] = input[i + startIndex]; } return bt; } }
3、参数类SM2
import org.bouncycastle.crypto.generators.ECKeyPairGenerator; import org.bouncycastle.crypto.params.ECDomainParameters; import org.bouncycastle.crypto.params.ECKeyGenerationParameters; import org.bouncycastle.math.ec.ECCurve; import org.bouncycastle.math.ec.ECFieldElement; import org.bouncycastle.math.ec.ECFieldElement.Fp; import org.bouncycastle.math.ec.ECPoint; import java.math.BigInteger; import java.security.SecureRandom; public class SM2 { //国密参数 public static String[] ecc_param = { "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF", "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC", "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93", "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123", "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7", "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0" }; public static SM2 Instance() { return new SM2(); } /** 素数p */ public final BigInteger ecc_p; /** 系数a */ public final BigInteger ecc_a; /** 系数b */ public final BigInteger ecc_b; /** 基点G, G=(xg,yg),其介记为n */ public final BigInteger ecc_n; /** 坐标x */ public final BigInteger ecc_gx; /** 坐标y */ public final BigInteger ecc_gy; public final ECCurve ecc_curve; public final ECPoint ecc_point_g; public final ECDomainParameters ecc_bc_spec; public final ECKeyPairGenerator ecc_key_pair_generator; public final ECFieldElement ecc_gx_fieldelement; public final ECFieldElement ecc_gy_fieldelement; public SM2() { this.ecc_p = new BigInteger(ecc_param[0], 16); this.ecc_a = new BigInteger(ecc_param[1], 16); this.ecc_b = new BigInteger(ecc_param[2], 16); this.ecc_n = new BigInteger(ecc_param[3], 16); this.ecc_gx = new BigInteger(ecc_param[4], 16); this.ecc_gy = new BigInteger(ecc_param[5], 16); this.ecc_gx_fieldelement = new Fp(this.ecc_p, this.ecc_gx); this.ecc_gy_fieldelement = new Fp(this.ecc_p, this.ecc_gy); this.ecc_curve = new ECCurve.Fp(this.ecc_p, this.ecc_a, this.ecc_b); this.ecc_point_g = new ECPoint.Fp(this.ecc_curve, this.ecc_gx_fieldelement, this.ecc_gy_fieldelement); this.ecc_bc_spec = new ECDomainParameters(this.ecc_curve, this.ecc_point_g, this.ecc_n); ECKeyGenerationParameters ecc_ecgenparam; ecc_ecgenparam = new ECKeyGenerationParameters(this.ecc_bc_spec, new SecureRandom()); this.ecc_key_pair_generator = new ECKeyPairGenerator(); this.ecc_key_pair_generator.init(ecc_ecgenparam); } }
4、Cipher
import org.bouncycastle.crypto.AsymmetricCipherKeyPair; import org.bouncycastle.crypto.digests.SM3Digest; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.math.ec.ECPoint; import java.math.BigInteger; public class Cipher { private int ct; private ECPoint p2; private SM3Digest sm3keybase; private SM3Digest sm3c3; private byte key[]; private byte keyOff; public Cipher() { this.ct = 1; this.key = new byte[32]; this.keyOff = 0; } private void Reset() { this.sm3keybase = new SM3Digest(); this.sm3c3 = new SM3Digest(); byte p[] = Util.byteConvert32Bytes(p2.getX().toBigInteger()); this.sm3keybase.update(p, 0, p.length); this.sm3c3.update(p, 0, p.length); p = Util.byteConvert32Bytes(p2.getY().toBigInteger()); this.sm3keybase.update(p, 0, p.length); this.ct = 1; NextKey(); } private void NextKey() { SM3Digest sm3keycur = new SM3Digest(this.sm3keybase); sm3keycur.update((byte) (ct >> 24 & 0xff)); sm3keycur.update((byte) (ct >> 16 & 0xff)); sm3keycur.update((byte) (ct >> 8 & 0xff)); sm3keycur.update((byte) (ct & 0xff)); sm3keycur.doFinal(key, 0); this.keyOff = 0; this.ct++; } public ECPoint Init_enc(SM2 sm2, ECPoint userKey) { AsymmetricCipherKeyPair key = sm2.ecc_key_pair_generator.generateKeyPair(); ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters) key.getPrivate(); ECPublicKeyParameters ecpub = (ECPublicKeyParameters) key.getPublic(); BigInteger k = ecpriv.getD(); ECPoint c1 = ecpub.getQ(); this.p2 = userKey.multiply(k); Reset(); return c1; } public void Encrypt(byte data[]) { this.sm3c3.update(data, 0, data.length); for (int i = 0; i < data.length; i++) { if (keyOff == key.length) { NextKey(); } data[i] ^= key[keyOff++]; } } public void Init_dec(BigInteger userD, ECPoint c1) { this.p2 = c1.multiply(userD); Reset(); } public void Decrypt(byte data[]) { for (int i = 0; i < data.length; i++) { if (keyOff == key.length) { NextKey(); } data[i] ^= key[keyOff++]; } this.sm3c3.update(data, 0, data.length); } public void Dofinal(byte c3[]) { byte p[] = Util.byteConvert32Bytes(p2.getY().toBigInteger()); this.sm3c3.update(p, 0, p.length); this.sm3c3.doFinal(c3, 0); Reset(); } }
5、功能类SM2EncDecUtils
import org.bouncycastle.crypto.AsymmetricCipherKeyPair; import org.bouncycastle.crypto.params.ECPrivateKeyParameters; import org.bouncycastle.crypto.params.ECPublicKeyParameters; import org.bouncycastle.math.ec.ECPoint; import java.io.IOException; import java.math.BigInteger; import java.util.HashMap; import java.util.Map; public class SM2EncDecUtils { public static final String public_key = "public_key"; public static final String private_key = "private_key"; // 生成随机秘钥对 public static Map<String, String> generateKeyPair() { SM2 sm2 = SM2.Instance(); AsymmetricCipherKeyPair key = null; while (true) { key = sm2.ecc_key_pair_generator.generateKeyPair(); if (((ECPrivateKeyParameters) key.getPrivate()).getD().toByteArray().length == 32) { break; } } ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters) key.getPrivate(); ECPublicKeyParameters ecpub = (ECPublicKeyParameters) key.getPublic(); BigInteger privateKey = ecpriv.getD(); ECPoint publicKey = ecpub.getQ(); String pubk = Util.byteToHex(publicKey.getEncoded()); String prik = Util.byteToHex(privateKey.toByteArray()); System.out.println("公钥: " + pubk); System.out.println("私钥: " + prik); Map<String, String> result = new HashMap<>(); result.put(public_key, pubk); result.put(private_key, prik); return result; } // 数据加密 public static String encrypt(byte[] publicKey, byte[] data) throws IOException { if (publicKey == null || publicKey.length == 0) { return null; } if (data == null || data.length == 0) { return null; } byte[] source = new byte[data.length]; System.arraycopy(data, 0, source, 0, data.length); Cipher cipher = new Cipher(); SM2 sm2 = SM2.Instance(); ECPoint userKey = sm2.ecc_curve.decodePoint(publicKey); ECPoint c1 = cipher.Init_enc(sm2, userKey); cipher.Encrypt(source); byte[] c3 = new byte[32]; cipher.Dofinal(c3); return new StringBuffer(Util.byteToHex(c1.getEncoded())).append(Util.byteToHex(c3)).append(Util.byteToHex(source)).toString(); } // 数据解密 public static byte[] decrypt(byte[] privateKey, byte[] encryptedData) throws IOException { if (privateKey == null || privateKey.length == 0) { return null; } if (encryptedData == null || encryptedData.length == 0) { return null; } // 加密字节数组转换为十六进制的字符串 长度变为encryptedData.length * 2 String data = Util.byteToHex(encryptedData); byte[] c1Bytes = Util.hexToByte(data.substring(0, 130)); int c2Len = encryptedData.length - 97; byte[] c3 = Util.hexToByte(data.substring(130, 130 + 64)); byte[] c2 = Util.hexToByte(data.substring(194, 194 + 2 * c2Len)); SM2 sm2 = SM2.Instance(); BigInteger userD = new BigInteger(1, privateKey); // 通过C1实体字节来生成ECPoint ECPoint c1 = sm2.ecc_curve.decodePoint(c1Bytes); Cipher cipher = new Cipher(); cipher.Init_dec(userD, c1); cipher.Decrypt(c2); cipher.Dofinal(c3); // 返回解密结果 return c2; } public static void main(String[] args) throws Exception { singleThreadTest(); // mutiThreadTest(); } private static void singleThreadTest() throws Exception { String plainText = "sourceText"; byte[] sourceData = plainText.getBytes(); Map<String, String> keymap = generateKeyPair(); long start = System.currentTimeMillis(); int counts = 100; for (int j = 0; j < counts; j++) { String cipherText = SM2EncDecUtils.encrypt(Util.hexToByte(keymap.get(public_key)), sourceData); System.out.println("加密前长度: " + plainText.length() + ";加密后长度: " + cipherText.length()); String plainTextEncripted = new String(SM2EncDecUtils.decrypt(Util.hexToByte(keymap.get(private_key)), Util.hexToByte(cipherText))); if (plainText.equals(plainTextEncripted)) { System.out.println("------解密后同原文是否一致: " + plainText.equals(plainTextEncripted) + "----------------------"); } } long end = System.currentTimeMillis(); System.out.println("平均耗时:" + (end - start) / counts + "ms。"); } private static void mutiThreadTest() { String plainText = "sourceText"; byte[] sourceData = plainText.getBytes(); Map<String, String> keymap = generateKeyPair(); int counts = 10; for (int i = 0; i < counts; i++) { new Thread(() -> { try { for (int j = 0; j < counts; j++) { String cipherText = SM2EncDecUtils.encrypt(Util.hexToByte(keymap.get(public_key)), sourceData); if (!plainText.equals(new String(SM2EncDecUtils.decrypt(Util.hexToByte(keymap.get(private_key)), Util.hexToByte(cipherText))))) { System.out.println("------解密后同原文不一致:" + Thread.currentThread().getName() + "--------------"); } } } catch (IOException e) { e.printStackTrace(); } System.out.println(" --------------->线程" + Thread.currentThread().getName() + "执行完成.---------------------"); } ).start(); } } }
6、测试
测试结果如下:
公钥: 04D4BDF1A660C728418D685A702C5E16EAA2463471BC23107CBDBBB4AD7AF526F88E89EBC7D3075D826F8323657858A351A709423B18A685CDAD141E671C32E8D4 私钥: 0AC55910CF19346F35324577E7F3F0C544A7823B154B756D63160FD1167992B2 加密前长度: 10,明文为: sourceText 加密后长度: 214,加密后密文为: 0408F3F31B4B19D7C9E655A7711F3901B908EFA8C38F9F06B1B43622D01657B6BED9A7F61DF01DDFF91DDB82C69004C910E70550A982FEDBD87839756F035E8EA653DEAEAB58D35696A16A10BC943CF98776ECEB4DF81823B535A3DDEA71FF46932677EECB2A98077617B5 ------解密后同原文是否一致: true---------------------- 加密前长度: 10,明文为: sourceText 加密后长度: 214,加密后密文为: 04788D945B48902DF9C3D445849A97E86C37E65F6A9E1B3A126DD4942CF0545EE485401EF0F240B7F7CEE69926E42C7697F1064349594E29C7A715F5BC0CE3968B959DB64D0AB53F9CC692ED97E32FBB3CE579AB31B4116F40A8BF380A3B8BB550A525ED92E3233B457336 ------解密后同原文是否一致: true---------------------- 平均耗时:22ms。
可以看出加密长度每次是稳定的,但是加密后密文是不一样的,但是解密后结果都是一样的。
7、VUE代码
const sm2 = require('sm-crypto').sm2
const cipherMode = 1 // 1 - C1C3C2,0 - C1C2C3,默认为1
const publicKey = "04D4BDF1A660C728418D685A702C5E16EAA2463471BC23107CBDBBB4AD7AF526F88E89EBC7D3075D826F8323657858A351A709423B18A685CDAD141E671C32E8D4"
// 加密
export function encrypt(txt) {
let encryptData = sm2.doEncrypt(txt, publicKey, 1) // 加密结果
return '04' + encryptData;
}
注意:最关键的是VUE加密完的密文要加“04”,后端解密才能成功,否则后端解密16进制字符串转字节数组的时候会有问题;
同理后端加密的密文要删除开头的“04”,VUE才能解密成功。通过上面测试结果可以看出密文是以“04”开头的。