国密算法的加解密
对称密码算法 SM4(ECB/CBC/CTR/GCM)
非对称密码算法 SM2(加解密/签名验签)
Hash算法 SM3
基于SM3实现的随机数生成器(多线程加速)
pom引入
<dependency>
<groupId>io.github.KongkongRuan</groupId>
<artifactId>gm-java</artifactId>
<version>1.0.3</version>
</dependency>
SM2密钥对生成
KeyPair keyPair = SM2KeyPairGenerate.generateSM2KeyPair();
SM2加解密
SM2Cipher sm2Cipher = new SM2Cipher();
byte[] mi = sm2Cipher.SM2CipherEncrypt(msg.getBytes(), keyPair.getPublic().getEncoded());
byte[] ming = sm2Cipher.SM2CipherDecrypt(mi, keyPair.getPrivate().getEncoded());
System.out.println("SM2解密结果:"+new String(ming));
SM2签名验签
//ca证书密钥
KeyPair caKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();
//终端证书密钥
KeyPair equipKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();
SM2CertGenerator sm2CertGenerator = new SM2CertGenerator();
String DN_CA = "CN=Digicert,OU=Digicert,O=Digicert,L=Linton,ST=Utah,C=US";
String DN_CHILD = "CN=DD,OU=DD,O=DD,L=Linton,ST=Utah,C=CN";
CertTest certTest = new CertTest();
byte[] rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),false,0);
try {
FileUtils.writeFile("D:/certtest/java-ca-3.cer",rootCert);
} catch (Exception e) {
throw new RuntimeException(e);
}
byte[] ownerCert = sm2CertGenerator.generatorCert(DN_CA, 365, DN_CHILD, new KeyUsage(KeyUsage.digitalSignature), false, caKeyPair.getPrivate().getEncoded(), equipKeyPair.getPublic().getEncoded(),false,0);
try {
FileUtils.writeFile("D:/certtest/java-ownerCert-3.cer",ownerCert);
} catch (Exception e) {
throw new RuntimeException(e);
}
//使用HSM签名制作SM2证书
int hsmSigPriIndex=0;
rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),true,hsmSigPriIndex);
制作SM2证书
//ca证书密钥
KeyPair caKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();
//终端证书密钥
KeyPair equipKeyPair = SM2KeyPairGenerate.generateSM2KeyPair();
SM2CertGenerator sm2CertGenerator = new SM2CertGenerator();
String DN_CA = "CN=Digicert,OU=Digicert,O=Digicert,L=Linton,ST=Utah,C=US";
String DN_CHILD = "CN=DD,OU=DD,O=DD,L=Linton,ST=Utah,C=CN";
CertTest certTest = new CertTest();
byte[] rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),false,0);
try {
FileUtils.writeFile("D:/certtest/java-ca-3.cer",rootCert);
} catch (Exception e) {
throw new RuntimeException(e);
}
byte[] ownerCert = sm2CertGenerator.generatorCert(DN_CA, 365, DN_CHILD, new KeyUsage(KeyUsage.digitalSignature), false, caKeyPair.getPrivate().getEncoded(), equipKeyPair.getPublic().getEncoded(),false,0);
try {
FileUtils.writeFile("D:/certtest/java-ownerCert-3.cer",ownerCert);
} catch (Exception e) {
throw new RuntimeException(e);
}
//使用HSM签名制作SM2证书
int hsmSigPriIndex=0;
rootCert = sm2CertGenerator.generatorCert(DN_CA, 365 * 10, DN_CA, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyCertSign), true, caKeyPair.getPrivate().getEncoded(), caKeyPair.getPublic().getEncoded(),true,hsmSigPriIndex);
SM3摘要计算
SM3Digest sm3Digest = new SM3Digest();
sm3Digest.update(msg.getBytes());
byte[] md = sm3Digest.doFinal();
byte[] md2 = sm3Digest.doFinal(msg.getBytes());
sm3Digest.update("gm-java-".getBytes());
sm3Digest.update("1.0".getBytes());
byte[] md3 = sm3Digest.doFinal();
System.out.println(Hex.toHexString(md));
System.out.println(Hex.toHexString(md2));
System.out.println(Hex.toHexString(md3));
随机数生成(通过SM3实现)
byte[] random = Random.RandomBySM3(16);
System.out.println(Hex.toHexString(random));
SM4加解密
SecureRandom secureRandom = new SecureRandom();
byte[] key = new byte[16];
byte[] iv = new byte[16];
secureRandom.nextBytes(key);
secureRandom.nextBytes(iv);
//ECB模式
SM4Cipher sm4CipherECB = new SM4Cipher(ModeEnum.ECB);
byte[] ecbmi = sm4CipherECB.cipherEncrypt(key, msg.getBytes(), null);
byte[] ecbming = sm4CipherECB.cipherDecrypt(key, ecbmi, iv);
System.out.println("ECB明文:"+new String(ecbming));
//CBC模式
SM4Cipher sm4CipherCBC = new SM4Cipher(ModeEnum.CBC);
byte[] cbcmi = sm4CipherCBC.cipherEncrypt(key, msg.getBytes(), iv);
byte[] cbcming = sm4CipherCBC.cipherDecrypt(key, cbcmi, iv);
System.out.println("CBC明文:"+new String(cbcming));
//CTR模式
SM4Cipher sm4CipherCTR = new SM4Cipher(ModeEnum.CTR);
byte[] ctrmi = sm4CipherCTR.cipherEncrypt(key, msg.getBytes(), iv);
byte[] ctrming = sm4CipherCTR.cipherDecrypt(key, ctrmi, iv);
System.out.println("CTR明文:"+new String(ctrming));
//GCM模式
SM4Cipher sm4_gcm = new SM4Cipher();
AEADExecution aeadExecution = sm4_gcm.cipherEncryptGCM(key, msg, new byte[12], "aad".getBytes(), 16);
System.out.println("GCM密文:"+Hex.toHexString(aeadExecution.getCipherText()));
System.out.println("GCMtag:"+Hex.toHexString(aeadExecution.getTag()));
byte[] ming_gcm = sm4_gcm.cipherDecryptGCM(key, aeadExecution.getCipherText(), new byte[12], "aad".getBytes(), aeadExecution.getTag());
System.out.println("GCM明文:"+new String(ming_gcm));
模拟TLS握手进行密钥协商(Netty)
服务端(默认使用4433端口)
NettyTlsServer nettyTlsServer = new NettyTlsServer(4432);
new Thread(()->{
try {
nettyTlsServer.start();
} catch (Exception e) {
e.printStackTrace();
}
}).start();
new Thread(()->{
while (true){
System.out.println("server sleep");
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
throw new RuntimeException(e);
}
if(nettyTlsServer.getRandom()!=null){
System.out.println("netty server random:"+Hex.toHexString(nettyTlsServer.getRandom()));
break;
}
}
nettyTlsServer.shutdown();
}).start();
客户端
NettyTlsClient nettyTlsClient = new NettyTlsClient("localhost", 4432);
new Thread(()->{
try {
nettyTlsClient.start();
} catch (Exception e) {
throw new RuntimeException(e);
}
}).start();
new Thread(()->{
while (true){
try {
Thread.sleep(1000);
} catch (Exception e) {
throw new RuntimeException(e);
}
if(nettyTlsClient.getRandom()!=null){
System.out.println("netty client random:"+Hex.toHexString(nettyTlsClient.getRandom()));
break;
}
}
nettyTlsClient.shutdown();
System.out.println(i.incrementAndGet() +"---------TLS握手测试通过(NETTY)---------");
}).start();
服务端(使用私有服务端证书以及自定义端口)
NettyTlsServer nettyTlsServer = new NettyTlsServer(4432,cert,pri);
客户端
NettyTlsClient nettyTlsClient = new NettyTlsClient("localhost",4432);
模拟TLS握手进行密钥协商(Socket)
服务端(默认使用4433端口)
TlsServer tlsServer = new TlsServer();
tlsServer.setDEBUG(true);
tlsServer.start();
System.out.println("握手完成!");
System.out.println("服务端随机数:"+Hex.toHexString(tlsServer.getRandom()));
客户端
TlsClient tlsClient = new TlsClient("127.0.0.1");
tlsClient.setDEBUG(true);
tlsClient.start();
System.out.println("握手完成!");
System.out.println("客户端随机数:"+Hex.toHexString(tlsClient.getRandom()));
服务端(使用私有服务端证书以及自定义端口)
TlsServer tlsServer = new TlsServer(serverCert,serverCertPriKey,447);
tlsServer.setDEBUG(true);
tlsServer.start();
System.out.println("握手完成!");
System.out.println("服务端随机数:"+Hex.toHexString(tlsServer.getRandom()));
客户端
TlsClient tlsClient = new TlsClient("127.0.0.1",447);
tlsClient.setDEBUG(true);
tlsClient.start();
System.out.println("握手完成!");
System.out.println("客户端随机数:"+Hex.toHexString(tlsClient.getRandom()));