使用openssl命令生成证书和对应的私钥，私钥签名，公钥验签

使用openssl生成证书和对应的私钥请参考使用openssl生成根证书CA并签发下级证书_晒干的老咸鱼的博客-CSDN博客_openssl生成根证书

本篇主要讲解生成证书和私钥之后，如何使用公私钥进行加解密，私钥签名，公钥验签

public static void testPubKey(){
        try {
            //公钥证书
            String workCert = "MIIDtzCCAp8CFEHdcA7b5rGZmtBflLQ6O/97RZW2MA0GCSqGSIb3DQEBCwUAMIGN\n" +
                    "MQswCQYDVQQGEwJ6ZzEOMAwGA1UECAwFaHViZWkxEzARBgNVBAcMCnlhbmdfaHVi\n" +
                    "ZXUxEzARBgNVBAoMCnlhbmdfaHViZWkxEzARBgNVBAsMCnlhbmdfaHViZWkxEzAR\n" +
                    "BgNVBAMMCnlhbmdfaHViZWkxGjAYBgkqhkiG9w0BCQEWC3lhbmdAcXEuY29tMB4X\n" +
                    "DTIyMDczMDAzMDQxNVoXDTMyMDcyNzAzMDQxNVowgaExCzAJBgNVBAYTAnpnMQ4w\n" +
                    "DAYDVQQIDAVodWJlaTEYMBYGA1UEBwwPeWFuZ193b3JrX2h1YmVpMRgwFgYDVQQK\n" +
                    "DA95YW5nX3dvcmtfaHViZWkxGDAWBgNVBAsMD3lhbmdfd29ya19odWJlaTEYMBYG\n" +
                    "A1UEAwwPeWFuZ193b3JrX2h1YmVpMRowGAYJKoZIhvcNAQkBFgt5YW5nQHFxLmNv\n" +
                    "bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM14s8Y+Ky9EWRhkEsxq\n" +
                    "qPNaGS+FyUdLJMR7v9SUY0fH0UpYMV7hYRZC1SEeK8Ig5GwIhPRIQ2dotr8oDd6R\n" +
                    "kNytraMd668998o9TavHVjNQPzKuPNDtBklD0TNB2a5p/4aw5sC8kUh1WBtAAyz9\n" +
                    "yZ8gZu5EAxSZd2lm/t1AAv06JNTDVqQqH2C0UUeRyQ6f3rKLOqQWMjoVysWqn+ge\n" +
                    "IfGlJO70R+3nF6q60epFY9CO/3kJ00xUi6CpOw0u9886bEPmhsr0dAcjPRCOkSWj\n" +
                    "xMCLlb7aTKEQAK1wPiSiDAgUzwlOEFlhF4GX/dv2o8qcDqbxlGYQBSyBvm9UxrPO\n" +
                    "1m8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAD6zKXeudVHVtY/tuPjipOSuLTmhU\n" +
                    "+pbymWelXYVFuvLgm24p+L3w4/NK/51hIMMhzX4DrXbVExAqF5oHA3OdCwn/VoRR\n" +
                    "V/tdbZhWDUUS/bE9oj1UyQcP9cLHm5YQ6fCKgvqy6yfgp5JaV5u72gVwJrHcZcuh\n" +
                    "wJshkb+V1OEdgAz05P47yxlTP029dVvI9159SPewMss6D9JvutQFXsAeNIGIKmJy\n" +
                    "0auCbKKNmngP4UnkIW6lUx9FhJ4tRk3nppIf48qkweIPbtWnNbyW+MeDTmIR3Bst\n" +
                    "T8/gZoX6ZLdrrLCJd7+BY7/vxHkx91Dn/AtsjskzzH+yOTN3UHqDMam9vw==";
            //证书私钥
            String workCertPrivateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNeLPGPisvRFkY\n" +
                    "ZBLMaqjzWhkvhclHSyTEe7/UlGNHx9FKWDFe4WEWQtUhHivCIORsCIT0SENnaLa/\n" +
                    "KA3ekZDcra2jHeuvPffKPU2rx1YzUD8yrjzQ7QZJQ9EzQdmuaf+GsObAvJFIdVgb\n" +
                    "QAMs/cmfIGbuRAMUmXdpZv7dQAL9OiTUw1akKh9gtFFHkckOn96yizqkFjI6FcrF\n" +
                    "qp/oHiHxpSTu9Eft5xequtHqRWPQjv95CdNMVIugqTsNLvfPOmxD5obK9HQHIz0Q\n" +
                    "jpElo8TAi5W+2kyhEACtcD4kogwIFM8JThBZYReBl/3b9qPKnA6m8ZRmEAUsgb5v\n" +
                    "VMazztZvAgMBAAECggEASyHDus2oxNPdMEoHha/Kr5FWfEYTX3peq2oErxrDYs/x\n" +
                    "+5lcFDGdaqJthHqfzZBxdf93fkueOgXULPnceHIJ4mevgmHCeIXUQaNA73soTgMd\n" +
                    "2M5Vdp/1GH0v1epSSrB/uyScfAV3qmMeIHi7sIvsWb9jY+SCq9miDGyY7RYnAajF\n" +
                    "J+7pgr+8bwLrV8KV8vXCNZD6zwH6NCUYcpsDCul2uE7n99gEKxJu27DqkaCCjiWE\n" +
                    "6dkeYfAXhhq3dj2SRrQZ+3ufL3E4QVxrpxAMAx8r7MwxuVka+ADeYZriFdREDYrQ\n" +
                    "2eb46H+IYk/iokSC1enfmkMdAegbc43dQrDaoMJQAQKBgQDyse8RoZTYC/d/3dao\n" +
                    "Y6HuBvEVVLbncc4DOHVwZ3ZOtTWASmbIUkTX54KzdCCYEy5n8yMtjDtNX7Y6N0hz\n" +
                    "Rzpj9PgTTTulIeqiFgjGRo1FWvDyte2LFSZZ4I59uRDDChOwqufVUotiVUJL/FgL\n" +
                    "yljRy5Kb7i7pEW17aSDtL20qAQKBgQDYvFwuQnPJVNR3OPReWsoYX9liHbXv6gCg\n" +
                    "XuS0t25Vt4asDG5u3gJ1SBJSI3g0UPf0TF0YPHYfzlJGsKvB48Kp66aXm8zPNa0J\n" +
                    "L8+kH567xpoC/d68qdNy5hRZId/jvmPt54Y0tUy/BjdNmqlDwLbkyZDjTj9m7lNz\n" +
                    "sEqGjzmgbwKBgA/sdM8nVujGADs3hvoNb3Z6ph7MLCQLZ4T2k14Iq86GPThpqUzD\n" +
                    "eRjha8XyfKD9wTG41joK1WlCOmafcfV+WupsDErX6m3vR8HSyEiaIHLIgL6sCSXz\n" +
                    "AU0sWq0NE3h4lMomrIdmnxaYmXz61ZwQbrt1K+1nN1S7e/946lwlnHgBAoGAY2Cq\n" +
                    "28M4mB4/dZM16XWzqM16PZTl8WXYd7BLKdnZy4/lPkpM8KT3d5NeYy9EVKizqN7C\n" +
                    "6PQALcFK1IL5nmOyxHr63hVgKbqw5r93dAfTnsIHqEuDr/omrE53Eg+IO0L3SwSX\n" +
                    "8t8Wm5hcD0dVSW257tnFh5Q/WhD5TtiMs3pEsB0CgYEA4cFqWFWXrxYmKo8oAIdt\n" +
                    "KknEQtO92IyRejZNrBwQjAK86ixxdUqybvNSLZdava3wpciwcg48yKlgOFBSOsfz\n" +
                    "vEFLJDozJj/Yeqoy/hhjqw6pHxf0n2YjlrBq+YWbJF2+U2FG6+01NA8i4v0ASWjz\n" +
                    "Vx5ffzP6TqAxECuyy+hDxDs=";
            String mainKeyHex="74657374616263646566313030303031";

            //公钥加密
            String hexStr = Base64Util.base64Decode(workCert);
            byte[] decode = Forms.hexStringToByte(hexStr);
            // //将内容转成流的方式
            ByteArrayInputStream bis = new ByteArrayInputStream(decode);
            CertificateFactory cf = CertificateFactory.getInstance("X.509");
            Certificate certificate = cf.generateCertificate(bis);
            //取出公钥--这里的公钥是pkcs8的那种结构型--待核实
            PublicKey publicKey = certificate.getPublicKey();
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            //根据转换的名称获取密码对象Cipher（转换的名称：算法/工作模式/填充模式）
            Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
            //用公钥初始化此Cipher对象（加密模式）
            cipher.init(Cipher.ENCRYPT_MODE, publicKey);
            //对数据加密
            byte[] encrypt = cipher.doFinal(mainKeyHex.getBytes());
            //公钥加密然后转Base64
            String encMainKeyBase64 = Base64Util.base64Encode(encrypt);
            System.out.println("证书公钥加密转base64：" + encMainKeyBase64);

            //私钥解密
            String encMainKey = Base64Util.base64Decode(encMainKeyBase64);
            byte[] privateKeyData = Forms.hexStringToByte(Base64Util.base64Decode(workCertPrivateKey));
            //创建PKCS8编码密钥规范
            PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKeyData);
            //根据PKCS8编码密钥规范产生私钥对象
            PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
            //用私钥初始化此Cipher对象（解密模式）
            cipher.init(Cipher.DECRYPT_MODE, privateKey);
            //对数据解密
            byte[] decrypt = cipher.doFinal(Forms.hexStringToByte(encMainKey));
            System.out.println("证书公钥对应的私钥解密：" + new String(decrypt));



            Signature signature = Signature.getInstance("SHA256WithRSA");
            signature.initSign(privateKey);
            signature.update(HexUtil.decodeHex(mainKeyHex));
            byte[] signData = signature.sign();
            System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 签名： [%s]", Forms.byteToHexString(signData)));
            String signBase64 = Base64Util.base64Encode(signData);
            System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 签名 Base64： [%s]", signBase64));


            signature.initVerify(publicKey);
            String signBase64Decode = Base64Util.base64Decode(signBase64);
            System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 验签 signBase64Decode： [%s]", signBase64Decode));
            //update原待签名数据
            signature.update(HexUtil.decodeHex(mainKeyHex));
            //verify原签名后数据
            boolean result = signature.verify(Forms.hexStringToByte(signBase64Decode));
            System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 验签： [%s]", result));

        } catch (Exception e) {
            e.printStackTrace();
        }
    }