常用加密解密（4）——数字签名

原文链接：https://www.dubby.cn/detail.html?id=9125

之前介绍了《常用加密解密（1）》里面提到了消息摘要，那么这一篇的数字签名和消息摘要有什么区别呢？事实上数字签名就是带上非对称加密的消息摘要。

消息摘要的目的是防数据被篡改；而数字签名是抗否认。

签名的过程是：

image

image

总结就是，使用私钥加签，使用公钥验签

import java.security.*;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

public class RSASignature {

    private static final String KEY_ALGORITHM = "RSA";

    private static final String SIGN_ALGORITHM = "MD5withRSA";

    public static byte[] sign(byte[] keyBytes, byte[] dataBytes) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);

        Signature signature = Signature.getInstance(SIGN_ALGORITHM);
        signature.initSign(privateKey);
        signature.update(dataBytes);
        return signature.sign();
    }

    public static boolean verify(byte[] keyBytes, byte[] dataBytes, byte[] sign) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(keyBytes);
        KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);

        Signature signature = Signature.getInstance(SIGN_ALGORITHM);
        signature.initVerify(publicKey);
        signature.update(dataBytes);
        return signature.verify(sign);
    }
}

测试代码：

import cn.dubby.digital.signature.RSASignature;
import org.apache.commons.codec.binary.Hex;
import org.junit.Assert;
import org.junit.Test;

import java.nio.charset.Charset;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;

public class RSASignatureTest {

    private static final String key_algorithm = "RSA";

    private static final int key_size = 1024;

    private static final String data = "Hello, Dubby";

    @Test
    public void test() throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(key_algorithm);
        keyPairGenerator.initialize(key_size);

        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic();
        RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate();

        byte[] dataBytes = data.getBytes(Charset.forName("UTF-8"));

        //使用私钥加签
        byte[] sign = RSASignature.sign(privateKey.getEncoded(), dataBytes);

        System.out.println(Hex.encodeHexString(sign));

        //使用公钥验签
        boolean verifyResult = RSASignature.verify(publicKey.getEncoded(), dataBytes, sign);

        Assert.assertTrue(verifyResult);
    }
}

结果：

5363226f4c9a40a0a95fd526b4efa8697036b03b485a663473702e2cdf72e55082584450568b53502ddb11a78ba9ddf3160bda28d13273b15c5597f7e887d5a084bda94f9ffe41699f2d5c821863fa1ec28af6e38c8578a72f66034aa4a1f95e8bcce7b70710ce53af6a3a5c5324e73cc42eff8e6945a256cea89a1b156e346f