首页 > 其他 > 详细

基于密钥库和数字证书的加密解密和签名验证操作

时间:2018-08-19 23:43:35      阅读:230      评论:0      收藏:0      [点我收藏+]

package
com.szzs; import java.io.FileInputStream; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import javax.crypto.Cipher; public class CertificateCoder { // 类型证书X.509 public static final String CERT_TYPE = "X.509"; // 1.根据密钥库获得私钥 private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath,String alias, String password) throws Exception{ // 获得密钥库 KeyStore ks = getKeyStore(keyStorePath,password); // 根据别名和密码获取私钥 PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password.toCharArray()); return privateKey; } // 2.根据证书获取公钥 private static PublicKey getPublicKeyByCertificate(String certificatePath) throws Exception { // 获得证书 Certificate certificate = getCertificate(certificatePath); // 获得证书公钥 return certificate.getPublicKey(); } // 3.加载数字证书:certificatePath为证书路径 private static Certificate getCertificate(String certificatePath) throws Exception { // 实例化证书工厂 CertificateFactory certificateFactory = CertificateFactory.getInstance(CERT_TYPE); // 取得证书文件流 FileInputStream in = new FileInputStream(certificatePath); // 生成证书 Certificate certificate = certificateFactory.generateCertificate(in); //关闭证书文件流 in.close(); return certificate; } // 4.根据别名从密钥库获得数字证书 private static Certificate getCertificate(String keyStorePath, String alias, String password ) throws Exception { // 获得密钥库 KeyStore ks = getKeyStore(keyStorePath, password); // 获得证书 return ks.getCertificate(alias); } // 5.根据密钥库路径获得KeyStore private static KeyStore getKeyStore(String keyStorepath, String password) throws Exception { // 实例化密钥库 KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); // 获得密钥库文件流 FileInputStream is = new FileInputStream(keyStorepath); // 加载密钥库 ks.load(is, password.toCharArray()); // 关闭密钥库文件流 is.close(); return ks; } // 6.私钥加密 public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,password); // 对数据加密 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } // 7.私钥解密 public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath,alias,password); // 对数据加密 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } // 8.公钥加密:返回加密后数据 public static byte[] encryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得公钥 PublicKey publicKey = getPublicKeyByCertificate(certificatePath); // 对数据加密 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); } // 9.公钥解密 public static byte[] decryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得私钥 PublicKey publicKey = getPublicKeyByCertificate(certificatePath); // 对数据加密 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } // 10.获取签名 public static byte[] sign(byte[] sign, String keyStorePath, String alias, String password) throws Exception { // 根据密钥库路径,密钥库别名,密码获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password); // 构建签名,由证书指定签名算法 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); // 获得私钥 PrivateKey privateKey = getPrivateKeyByKeyStore(keyStorePath, alias, password); // 初始化签名,由私钥构建 signature.initSign(privateKey); signature.update(sign); return signature.sign(); //返回签名 } // 11.验证签名,签名为真返回ture public static boolean verify(byte[] data, byte[] sign, String certificatePath) throws Exception { // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath); // 构建签名,由证书指定签名算法 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); // 由证书初始化签名,实际是用了证书中的公钥 signature.initVerify(x509Certificate); signature.update(data); return signature.verify(sign); } }

测试:

package com.szzs;
// 基于密钥库和数字证书的加密解密和签名验证操作
public class CertificateCoderTest {
    private String password = "123456";
    private String alias = "www.zlex.org";
    private String certficatePath = "D:/zlex.cer"; // 数字证书
    private String keyStorePath = "D:/zlex.keystore"; // 密钥库
    
    // 1.公钥加密,私钥解密
    public void test1() throws Exception {
        System.out.println("公钥加密--私钥解密");
        String inputStr = "数字证书";
        byte[] data = inputStr.getBytes();
        // 公钥加密
        byte[] encrypt = CertificateCoder.encryptByPublicKey(data, certficatePath);
        // 私钥解密
        byte[] decrypt = CertificateCoder.decryptByPrivateKey(data, keyStorePath, alias,  password);
        String outputStr = new String(decrypt);
        System.err.println("加密前:\n" + inputStr);
        System.err.println("解密后:\n" + outputStr);
        // 验证数据一致
        // assertArrayEquals(data, decrypt);    
    }
    
    // 2.私钥加密,公钥解密
    public void test2() throws Exception {
        System.out.println("私钥加密--公钥解密");
        String inputStr = "数字签名";
        byte[] data = inputStr.getBytes();
        // 私钥加密
        byte[] encodedData = CertificateCoder.encryptByPrivateKey(data, keyStorePath, alias,  password);
        // 公钥解密
        byte[] decodedData = CertificateCoder.decryptByPublicKey(data, certficatePath);
        String outputStr = new String(decodedData);
        System.err.println("加密前:\n" + inputStr);
        System.err.println("解密后:\n" + outputStr);
        // 验证数据一致
        // assertEquals(inputStr, outputStr);    
    }
    
    // 3.签名验证
    public void testSign() throws Exception {
        String inputStr = "签名";
        byte[] data = inputStr.getBytes();
        System.out.println("私钥签名---公钥验证");
        // 产生签名
        byte[] sign = CertificateCoder.sign(data, keyStorePath, alias, password);
        // System.err.println("签名:\n" + Hex.encodeHexString(sign));
        // 验证签名
        boolean status = CertificateCoder.verify(data, sign, certficatePath);
        System.err.println("状态:\n" + status);
        // 校验
        // assertTure(status);
        
    }
    
    

}

 

基于密钥库和数字证书的加密解密和签名验证操作

原文:https://www.cnblogs.com/yuwei1/p/9503240.html

(0)
(0)
   
举报
评论 一句话评论(0
关于我们 - 联系我们 - 留言反馈 - 联系我们:wmxa8@hotmail.com
© 2014 bubuko.com 版权所有
打开技术之扣,分享程序人生!