java实现(RSA非对称加密) SHA1WithRSA加签验签 及openssl生成公私钥
RSA加签验签流程:
|
本地发送请求时(本地已对请求根据私钥进行加签) 接收方平台根据公钥进行验签 判断是否合法
接收来自平台的响应时(平台已根据私钥进行加签) 需要根据本地公钥对响应进行验签 判断是否合法
|
生成公私钥方法:
在Linuxx下输入openssl 进入openssl 获取公私钥
生成私钥:
openssl>
genrsa -out rsa_private_key.pem 1024 默认输出pkcs1
生成公钥:
openssl>
rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
私钥需要做pkcs1转pkcs8
---------------------------------------------------------------------
- PKCS8格式私钥转换为PKCS1(传统私钥格式) -
- openssl pkcs8 -in pkcs8.pem -nocrypt -out pri_key.pem -
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
- PKCS1格式私钥转换为PKCS8(传统私钥格式) -
-
pkcs8 -topk8 -inform PEM -in rsa_key.pem -outform PEM -nocrypt
-
-----------------------------------------------------------------------------------------------------------
生成私钥:
Last login: Fri Aug 4 09:30:12 2017 from 192.168.88.211
[koolapp@aop-70-104 ~]$ openssl
OpenSSL> genrsa -out rsa_oo_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus
...............................++++++
.......................++++++
e is 65537 (0x10001)
----------Java开发者需将私钥转换成PKCS8格式再做签名使用,转换方法如下:--------
OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_oo_private_key.pem -outform PEM -nocrypt
--pkcs1转pkcs8
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALzHKDGu18RHHJUT
2+ufbzoq+8L41HYRzosZQ+EoCucMmosUaxX6DWB/uFPKOMsWbgrFk9qkB5sAXnR/
Xwy+zQ9p6WisBY8I0NqihnBcA0MqksJcBYMXuWrlsZait4I7v5rOC1hDpz6RVVWl
R2Ft2Mb/k5ckzWm1UDoBIbjF28pjAgMBAAECgYBewNwk6+yzQTpQfZJSV0ld+fs6
ZulFhjSUzw6qMg4e4M2lZ49EjakvOYxMymDtVwnO8FMBWHnUzD+c293aqN6Fs/cU
MK7rFDdR0GQcclezHfkL/j0xvj+y8DgYd2JiAqh/qeuwbTs4Z0o6dMlqazJ7l16R
s3MnYzU8ABdK6rv9wQJBAOn4brXDH2jcHR4/PWYH1/uNU0FWHwfT9jg9KLTU8k5H
m6c2K5l1eHhir9KmyZhncrPYCynC1iwZzK7ik3GZhwMCQQDOjWpvJEgE+7SLwe2D
+j1vEY8kU3NR3xyZAqVz1fWkd2kW4kr0TPPchVbJBGJpOOa0wwRtf04Lb/nONZDR
jiEhAkAaPlJ0stE4GtBtTxyc8C5KufxnrLhIUX8hqcKCHgybuS59X/cd/G4p2q/s
Cec84AWepJID+iW5xp8N0r5FFLpvAkEAmEB9V/dybtnqt6n3HfVzG0/iJ3Cr7Il9
VvwwYTYxn0211PxxK6sdhktzMTFeKRmcVVn7BYt1R9D+XhX17cHKgQJBANjpDrt1
T+qYZPgGbiEonb0bmjunnMY9Dn5GOh4YDHuv5ObnZZCkNTRJQUCJPjgsF/bkVhPg
dqL+gUqh3ZFVIg4=
-----END PRIVATE KEY-----
生成公钥:
OpenSSL> rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
writing RSA key
OpenSSL> quit openssl
退出openssl 输入ls检查是否生成对应的公私钥文件
[aofdapp@root-01 ~]$ ls
0219.zip backup key.pem notify notify.2 ops rsa_oo_private_key.pem rsa_public_key.pem
genrsa pub_key.pem rsa_private_key.pem token
[aofdapp@root-01 ~]$ vi rsa_public_key.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8xygxrtfERxyVE9vrn286KvvC
+NR2Ec6LGUPhKArnDJqLFGsV+g1gf7hTyjjLFm4KxZPapAebAF50f18Mvs0Paelo
rAWPCNDaooZwXANDKpLCXAWDF7lq5bGWoreCO7+azgtYQ6c+kVVVpUdhbdjG/5OX
JM1ptVA6ASG4xdvKYwIDAQAB
-----END PUBLIC KEY-----
公钥、私钥
publicstatic String privatestr = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANlx8rhWlKYH54BaTuL8jRuXtssu7zr04O6KvZDTzIycvArF3ohMUcgFIQ4a+JlvN5S1sokmxLTKPr4xrS6xRnaUvIW1qXh5SXvwpBEHPpCoHXqP5zNMftxA2MH4ktPfKBtWpoKLP2DsJ4EpGRr34wP3CrchYbjlYyGdY5lvMcbHAgMBAAECgYAvzDJ0fuOyE2658iABGU7TT+gohaqkpQuEpA7DdSszhYh4PcKK52vasfXwKdGXuLDZCY+zQkhfDU35dOYCq4k3Q84cjiLVe5sFlJNucBgqlEcxrLsUkTuXzNntOWjTpWjAnfUXB7GkvT7ekpnCwqWb8qlUGHzsGioTkTOy0cfIUQJBAPuQmI0EpORqP+v/Vd6SWlxq6Be20hsT5erVpz2Ke1KczbQwRi2ogBpYRMaAmT4kWfsl2hU/hbmESG/yymWS+BMCQQDdR1uCJXSJqu7Urlg4zCa4kBk0rwYYttLJj1jL6d5kKawf9iEgoAElVlRZWWXRnyD4Nesf8n5kTlgtawz+jnT9AkEAi1aP6KwF2S6wsTsAiQNvYXkljN0Ki0z+MJCezYuCu0N2/LMwa+HE8tKpZXmdZ7oizOUuYk6I9zS6GqfUS2aYWQJBAJMjzxK0y1B77IJaSGnEPv89OrWQqNIoR/QlsNsvcWVTXJSIOzERlJF6XW5ohs8kLG1AlU/SFP+oJPRWmfZvThUCQDbM7X6PF+DHa9x2YPEWYYiiThbTGTO1mOxBt2V6GuFqnGHFIa3OeZZpv7SW+aDzTGEmrtByqxRkSd3WpeJzu0I=";
public static String publicstr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjyiajomfYD80A7tN8vdeXllTiGrSdocq1nvgceicanNb8QaoNGdAPE6AMuSqnMWs40tj/XoXQmPxNrdUmclwwLJza5Aq5PNqDiFC5QLmIFtATN/n3ymqIYnw78ME8Dv5yjYJs1xk0EL6+1wlFFrylApBWKUGE2c2m2seBY+in5wIDAQAB";
加签:
public String signWhole(String keycode, String param) {
// 使用私钥加签
byte[] signature = null;
try {
//获取privatekey
byte[] keyByte = Base64.decode(keycode);
KeyFactory keyfactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec encoderule = new PKCS8EncodedKeySpec(keyByte);
PrivateKey privatekey = keyfactory.generatePrivate(encoderule);
//用私钥给入参加签
Signature sign = Signature.getInstance("SHA1WithRSA");
sign.initSign(privatekey);
sign.update(param.getBytes());
signature = sign.sign();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//将加签后的入参转成16进制
String terminal = Hex.encodeHexStr(signature);
return terminal;
}
验签:
public boolean verifyWhole(String param,String signature,String keycode){
try {
//获取公钥
KeyFactory keyFactory=KeyFactory.getInstance("RSA");
byte[] keyByte=Base64.decode(keycode);
X509EncodedKeySpec encodeRule=new X509EncodedKeySpec(keyByte);
PublicKey publicKey= keyFactory.generatePublic(encodeRule);
//用获取到的公钥对 入参中未加签参数param 与 入参中的加签之后的参数signature 进行验签
Signature sign=Signature.getInstance("SHA1WithRSA");
sign.initVerify(publicKey);
sign.update(param.getBytes());
//将16进制码转成字符数组
byte[] hexByte=Hex.hexStringToBytes(signature);
//验证签名
return sign.verify(hexByte);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return false;
}