java加密解密算法记录
以下内容均摘自我买的书籍《java加密与解密的艺术》作者 梁栋
附证书生成命令:
keytool生成证书
keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 360 -alias www.dominic.com -keystore dominic.keystore
导出数字证书
keytool -exportcert -alias www.dominic.com -keystore dominic.keystore -file dominic.cer -rfc
打印数字证书
keytool -printcert -file dominic.cer
这里是自制证书,如果需要权威机构签发,需要导出证书申请文件由第三方签发
openssl证书创建
根证书构建命令?
echo 构建随机数 private/.rand
openssl rand -out private/.rand 1000
echo 构建根证书私钥 private/ca.key.pem
openssl genrsa -aes256 -out private/ca.key.pem 2048
echo 生成根证书签发申请 private/ca.csr
openssl req -new -key private/ca.key.pem -out private/ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
echo 签发根证书 private/ca.cer
openssl x509 -req -days 10000 -sha1 -extensions v3_ca -signkey private/ca.key.pem -in private/ca.csr -out certs/ca.cer
echo 根证书转换 private/ca.p12
openssl pkcs12 -export -cacerts inkey private/ca.key.pem -in private/ca.csr -out certs/ca.cer
服务器证书构建步骤命令?
(1)echo 构建服务器私钥 private/server.key.pem
(2)openssl genrsa -aes256 -out private/server.key.pem 2048
echo 生成服务器证书签发申请 private/server.csr
(3)openssl req -new -key private/server.key.pem -out private/server.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
echo 签发服务器证书 private/server.cer
openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA certs/ca.cer -CAkey private/ca.key.pem -CAserial ca.srl -CAcreateserial -in private/server.csr -out certs/server.cer
echo 服务器证书转换 private/server.p12
openssl pkcs12 -export -clcerts -inkey private/server.key.pem -in certs/server.cer -out certs/server.p12
客户证书构建命令?
echo 构建客户私钥 private/client.key.pem
openssl genrsa -aes256 -out private/client.key.pem 2048
echo 生成服务器证书签发申请 private/client.csr
openssl req -new -key private/client.key.pem -out private/client.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
echo 签发客户证书 private/server.cer
openssl ca -days 3650 -in private/client.csr -out certs/client.cer -cert certs/ca.cer -keyfile private/ca.key.pem
echo 客户证书转换 certs/client.p12
openssl pkcs12 -export -inkey private/client.key.pem -in certs/client.cer -out certs/client.p12
package com.algorithm;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import org.apache.commons.codec.binary.Hex;
/**
* RSA非对称加密算法安全编码组件
* @author Administrator
*
*/
public abstract class RSACoder {
//非对称加密密钥算法
public static final String KEY_ALGORITHM="RSA";
//数字签名 签名/验证算法
public static final String SIGNATURE_ALGORRITHM="SHA1withRSA";
//公钥
private static final String PUBLIC_KEY="RSAPublicKey";
//私钥
private static final String PRIVATE_KEY="RSAPrivateKey";
//RSA密钥长度,默认为1024,密钥长度必须是64的倍数,范围在521~65526位之间
private static final int KEY_SIZE=512;
/**
* 私钥解密
* @param data 待解密数据
* @param key 私钥
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data,byte[]key) throws Exception
{
//取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec=new PKCS8EncodedKeySpec(key);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
//生成私钥
PrivateKey privateKey=keyFactory.generatePrivate(pkcs8KeySpec);
//对数据解密
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 私钥解密
* @param data 待解密数据
* @param key 私钥
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data,String privateKey) throws Exception
{
return decryptByPrivateKey(data,getKey(privateKey));
}
/**
* 公钥解密
* @param data 待解密数据
* @param key 公钥
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data,byte[] key) throws Exception
{
//取得公钥
X509EncodedKeySpec x509KeySpec=new X509EncodedKeySpec(key);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
//生成公钥
PublicKey publicKey=keyFactory.generatePublic(x509KeySpec);
//对数据解密
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 公钥解密
* @param data 待解密数据
* @param key 公钥
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data,String publicKey) throws Exception
{
return decryptByPublicKey(data,getKey(publicKey));
}
/**
* 公钥加密
* @param data 待加密数据
* @param key 公钥
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data,byte[] key) throws Exception
{
//取得公钥
X509EncodedKeySpec x509KeySpec=new X509EncodedKeySpec(key);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicKey=keyFactory.generatePublic(x509KeySpec);
//对数据加密
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 公钥加密
* @param data 待加密数据
* @param key 公钥
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data,String publicKey) throws Exception
{
return encryptByPublicKey(data,getKey(publicKey));
}
/**
* 私钥加密
* @param data 待加密数据
* @param key 私钥
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data,byte[] key) throws Exception
{
//取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec=new PKCS8EncodedKeySpec(key);
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
//生成私钥
PrivateKey privateKey=keyFactory.generatePrivate(pkcs8KeySpec);
//对数据加密
Cipher cipher=Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 私钥加密
* @param data 待加密数据
* @param key 私钥
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data,String key) throws Exception
{
return encryptByPrivateKey(data,getKey(key));
}
/**
* 取得私钥
* @param keyMap 密钥Map
* @return byte[] 私钥
* @throws Exception
*/
public static byte[] getPrivateKey(Map<String,Object> keyMap) throws Exception
{
Key key=(Key)keyMap.get(PRIVATE_KEY);
return key.getEncoded();
}
/**
* 取得公钥
* @param keyMap 密钥Map
* @return byte[] 公钥
* @throws Exception
*/
public static byte[] getPublicKey(Map<String,Object> keyMap) throws Exception
{
Key key=(Key)keyMap.get(PUBLIC_KEY);
return key.getEncoded();
}
/**
* 初始化密钥
* @return 密钥Map
* @throws Exception
*/
public static Map<String,Object> initKey() throws Exception
{
//实例化实钥对生成器
KeyPairGenerator keyPairGen=KeyPairGenerator.getInstance(KEY_ALGORITHM);
//初始化密钥对生成器
keyPairGen.initialize(KEY_SIZE);
//生成密钥对
KeyPair keyPair=keyPairGen.generateKeyPair();
//公钥
RSAPublicKey publicKey=(RSAPublicKey) keyPair.getPublic();
//私钥
RSAPrivateKey privateKey=(RSAPrivateKey) keyPair.getPrivate();
//封装密钥
Map<String,Object> keyMap=new HashMap<String,Object>(2);
keyMap.put(PUBLIC_KEY, publicKey);
keyMap.put(PRIVATE_KEY, privateKey);
return keyMap;
}
/**
* 签名
* @param data 待签名数据
* @param privateKey 私钥
* @return byte[] 数字签名
* @throws Exception
*/
public static byte[] sign(byte[] data,byte[] privateKey) throws Exception
{
//转接私钥材料
PKCS8EncodedKeySpec pkcs8KeySpec=new PKCS8EncodedKeySpec(privateKey);
//实例化密钥工厂
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
//取私钥对象
PrivateKey priKey=keyFactory.generatePrivate(pkcs8KeySpec);
//实例化Signature
Signature signature=Signature.getInstance(SIGNATURE_ALGORRITHM);
//初始化Signature
signature.initSign(priKey);
//更新
signature.update(data);
//签名
return signature.sign();
}
/**
* 公钥校验
* @param data 待校验数据
* @param publicKey 公钥
* @param sign 数字签名
* @return
* @throws Exception
*/
public static boolean verify(byte[] data,byte[] publicKey,byte[] sign) throws Exception
{
//转接公钥材料
X509EncodedKeySpec x509KeySpec=new X509EncodedKeySpec(publicKey);
//实例化密钥工厂
KeyFactory keyFactory=KeyFactory.getInstance(KEY_ALGORITHM);
//生成公钥
PublicKey pubKey=keyFactory.generatePublic(x509KeySpec);
//实例化Signature
Signature signature=Signature.getInstance(SIGNATURE_ALGORRITHM);
//初始化Signature
signature.initVerify(pubKey);
//更新
signature.update(data);
//验证
return signature.verify(sign);
}
/**
* 私钥签名
* @param data 待签名数据
* @param privateKey 私钥
* @return String 十六进制签名字符串
* @throws Exception
*/
public static String sign(byte[] data,String privateKey) throws Exception
{
byte[] sign=sign(data,getKey(privateKey));
return Hex.encodeHexString(sign);
}
/**
* 公钥校验
* @param data 待验证数据
* @param publicKey 公钥
* @param sign 签名
* @return boolean 成功返回true,失败返回false
* @throws Exception
*/
public static boolean verify(byte[] data,String publicKey,String sign) throws Exception
{
return verify(data,getKey(publicKey),Hex.decodeHex(sign.toCharArray()));
}
/**
* 取得私钥十六进制表示形式
* @param keyMap 密钥Map
* @return String 私钥十六进制字符串
* @throws Exception
*/
public static String getPrivateKeyString(Map<String,Object> keyMap) throws Exception
{
return Hex.encodeHexString(getPrivateKey(keyMap));
}
/**
* 取得公钥十六进制表示形式
* @param keyMap 密钥Map
* @return String 公钥十六进制字符串
* @throws Exception
*/
public static String getPublicKeyString(Map<String,Object> keyMap) throws Exception
{
return Hex.encodeHexString(getPublicKey(keyMap));
}
/**
* 获取密钥
* @param key 密钥
* @return byte[] 密钥
* @throws Exception
*/
public static byte[] getKey(String key) throws Exception
{
return Hex.decodeHex(key.toCharArray());
}
}
package com.algorithm;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
/**
* RSA算法测试用例
* @author Administrator
*
*/
public class RSACoderTest {
//公钥
private static byte[] publicKey;
//私钥
private static byte[] privateKey;
/**
* 初始化密钥
* @throws Exception
*/
public static void initKey() throws Exception
{
//初始化密钥
Map<String,Object> keyMap=RSACoder.initKey();
publicKey=RSACoder.getPublicKey(keyMap);
privateKey=RSACoder.getPrivateKey(keyMap);
System.out.println("公钥:"+Base64.encodeBase64String(publicKey));
System.out.println("私钥:"+Base64.encodeBase64String(privateKey));
}
public static void test() throws Exception
{
String inputStr="RSA加密算法,私钥加密,公钥解密";
byte[] data=inputStr.getBytes();
//私钥加密
byte[] enCodeData=RSACoder.encryptByPrivateKey(data,privateKey);
System.out.println("加密字符串:"+Base64.encodeBase64String(enCodeData));
//公钥解密
byte[] deCodeData=RSACoder.decryptByPublicKey(enCodeData, publicKey);
System.out.println(new String(deCodeData).equals(inputStr));
}
/**
* @param args
* @throws Exception
*/
public static void main(String[] args) throws Exception {
// TODO Auto-generated method stub
initKey();
RSACoderTest.test();
}
}
package com.algorithm;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.crypto.Cipher;
/**
* 证书组件
* @author Administrator
*/
public abstract class CertificateCoder {
//类型证书
private static final String CERT_TYPE="X.509";
/**
* 由KeyStore获得私钥
* @param keyStorePath 密钥库路径
* @param alias 别名
* @param password 密码
* @return PrivateKey 密钥
* @throws Exception
*/
private static PrivateKey getPrivateKeyByKeyStore(String keyStorePath,String alias,String password) throws Exception
{
//获得密钥库
KeyStore ks=getKeyStore(keyStorePath,password);
//获得私钥
return (PrivateKey)ks.getKey(alias, password.toCharArray());
}
/**
* 由Certificate获得公钥
* @param certificatePath 证书路径
* @return PublicKey 公钥
*/
private static PublicKey getPublicKeyByCertificate(String certificatePath) throws Exception
{
//获得证书
Certificate certificate=getCertificate(certificatePath);
//获得公钥
return certificate.getPublicKey();
}
/**
* 获得certificate
* @param certificatePath 证书路径
* @return Certificate 证书
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath) throws Exception
{
//实例化证书工厂
CertificateFactory certificateFactory=CertificateFactory.getInstance(CERT_TYPE);
//取得证书文件流
FileInputStream in=new FileInputStream(certificatePath);
//生成证书
Certificate certificate=certificateFactory.generateCertificate(in);
//关闭证书文件流
in.close();
return certificate;
}
/**
* 取得Certificate
* @param keyStorePath 密钥库路径
* @param alias 别名
* @param password 密码
* @return Certificate 证书
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath,String alias,String password) throws Exception
{
//获得密钥库
KeyStore ks=getKeyStore(keyStorePath,password);
//获得证书
return ks.getCertificate(alias);
}
/**
* 获得密钥库
* @param keyStorePath 密钥库路径
* @param password 密码
* @return KeyStore 密钥库
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath,String password) throws Exception
{
//实例化密钥库
KeyStore ks=KeyStore.getInstance(KeyStore.getDefaultType());
//获得密钥库文件流
FileInputStream in=new FileInputStream(keyStorePath);
//加载密钥库
ks.load(in, password.toCharArray());
//关闭密钥库文件流
in.close();
return ks;
}
/**
* 私钥加密
* @param data 待加密数据
* @param keyStorePath 密钥库路径
* @param alias 别名
* @param password 密码
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data,String keyStorePath,String alias,String password) throws Exception
{
//取得私钥
PrivateKey privateKey=getPrivateKeyByKeyStore(keyStorePath,alias,password);
//对数据加密
Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 私钥解密
* @param data 待解密数据
* @param keyStorePath 密钥库路径
* @param alias 别名
* @param password 密码
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data,String keyStorePath,String alias,String password) throws Exception
{
//取得私钥
PrivateKey privateKey=getPrivateKeyByKeyStore(keyStorePath,alias,password);
//对数据解密
Cipher cipher=Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 公钥加密
* @param data 待加密数据
* @param certificatePath 证书路径
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data,String certificatePath) throws Exception
{
//取得公钥
PublicKey publicKey=getPublicKeyByCertificate(certificatePath);
//对数据加密
Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 公钥解密
* @param data 待解密数据
* @param certificatePath 证书路径
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data,String certificatePath) throws Exception
{
//取得公钥
PublicKey publicKey=getPublicKeyByCertificate(certificatePath);
//对数据解密
Cipher cipher=Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 签名
* @param data 待签名数据
* @param keyStorePath 密钥库路径
* @param alias 别名
* @param password 密码
* @return byte[] 签名
* @throws Exception
*/
public static byte[] sign(byte[] data,String keyStorePath,String alias,String password) throws Exception
{
//获得证书
X509Certificate x509Certificate=(X509Certificate)getCertificate(keyStorePath,alias,password);
//构建签名,由证书指定签名算法
Signature signature=Signature.getInstance(x509Certificate.getSigAlgName());
//获取私钥
PrivateKey privateKey=getPrivateKeyByKeyStore(keyStorePath, alias, password);
//初始化签名,由私钥构建
signature.initSign(privateKey);
signature.update(data);
return signature.sign();
}
/**
* 签名验证
* @param data 数据
* @param sign 签名
* @param certificatePath 证书路径
* @return boolean 验证通过为true
* @throws Exception
*/
public static boolean verify(byte[] data,byte[] sign,String certificatePath) throws Exception
{
//获得证书
X509Certificate x509Certificate=(X509Certificate)getCertificate(certificatePath);
//构建签名,由证书指定签名算法
Signature signature=Signature.getInstance(x509Certificate.getSigAlgName());
//由证书初始化签名,实际上是使用了证书中的公钥
signature.initVerify(x509Certificate);
signature.update(data);
return signature.verify(sign);
}
}
package com.algorithm;
import java.io.InputStream;
import org.apache.commons.codec.binary.Hex;
/**
* 数字证书测试用例
* @author Administrator
*
*/
public class CertificateCoderTest {
//生成证书时的密码
private static String password="123456";
//别名
private static String alias="www.dominic.com";
//证书路径
private static String certificatePath="D:\\Program Files\\OpenSSL-Win32\\ca\\certs\\dominic.cer";
//密钥库路径
private static String keyStorePath="D:\\Program Files\\OpenSSL-Win32\\ca\\certs\\domini.keystore";
/**
* 公钥加密私钥解密
*/
public static void test1() throws Exception
{
String inputStr="数字证书";
byte[] data=inputStr.getBytes();
//公钥加密
byte[] encrypt=CertificateCoder.encryptByPublicKey(data, certificatePath);
//私钥解密
byte[] decrypt=CertificateCoder.decryptByPrivateKey(encrypt, keyStorePath, alias, password);
System.out.println(new String(decrypt).equals(inputStr));
}
/**
* 私加密公钥解密
*/
public static void test2() throws Exception
{
String inputStr="数字证书";
byte[] data=inputStr.getBytes();
//私钥加密
byte[] encrypt=CertificateCoder.encryptByPrivateKey(data, keyStorePath, alias, password);
//公钥解密
byte[] decrypt=CertificateCoder.decryptByPublicKey(encrypt, certificatePath);
System.out.println(new String(decrypt).equals(inputStr));
}
/**
* 签名验证
*/
public static void test3() throws Exception
{
String inputStr="数字签名";
byte[] data=inputStr.getBytes();
//私钥签名
byte[] sign=CertificateCoder.sign(data, keyStorePath, alias, password);
System.out.println("签名:"+Hex.encodeHexString(sign));
//公钥验证
System.out.println(CertificateCoder.verify(data, sign, certificatePath));
}
public static void main(String[] args) throws Exception
{
CertificateCoderTest.test1();
CertificateCoderTest.test2();
CertificateCoderTest.test3();
}
}
package com.algorithm;
import java.security.Key;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
/**
* AES对称加密算法,组件类
* @author Administrator
*
*/
public abstract class AESCoder {
//密钥算法
public static final String ALGORITHM="AES";
//密钥长度(java默认只能处理128位以内的长度,如果需要处理大于128位可以使用JCE解除密钥长度限制)
public static final int KEY_SIZE=128;
/**
* 转换密钥
* @param key 二进制密钥
* @return Key 密钥
* @throws Exception
*/
private static Key toKey(byte[] key) throws Exception
{
//实例化AES密钥材料
SecretKey secretKey=new SecretKeySpec(key,ALGORITHM);
return secretKey;
}
/**
* 解密
* @param data 待解密数据
* @param key 密钥
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decrypt(byte[] data,byte[] key) throws Exception
{
//还原密钥
Key k=toKey(key);
//实例化
Cipher cipher=Cipher.getInstance(ALGORITHM);
//初始化,设置为解密模式
cipher.init(Cipher.DECRYPT_MODE, k);
//执行操作
return cipher.doFinal(data);
}
/**
* 解密
* @param data 待解密数据
* @param key 密钥
* @return byte[] 解密数据
* @throws Exception
*/
public static byte[] decrypt(byte[] data,String key) throws Exception
{
return decrypt(data,getKey(key));
}
/**
* 加密
* @param data 待加密数据
* @param key 密钥
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encrypt(byte[] data,byte[] key) throws Exception
{
//还原密钥
Key k=toKey(key);
//实例化
Cipher cipher=Cipher.getInstance(ALGORITHM);
//初始化,设置为加密模式
cipher.init(Cipher.ENCRYPT_MODE, k);
//执行操作
return cipher.doFinal(data);
}
/**
* 加密
* @param data 待加密数据
* @param key 密钥
* @return byte[] 加密数据
* @throws Exception
*/
public static byte[] encrypt(byte[] data,String key) throws Exception
{
return encrypt(data,getKey(key));
}
/**
* 生成密钥
* @return byte[] 二进制密钥
* @throws Exception
*/
public static byte[] initKey() throws Exception
{
//实例化
KeyGenerator kg=KeyGenerator.getInstance(ALGORITHM);
//初始化密钥长度
kg.init(KEY_SIZE);
//生成秘密密钥
SecretKey secretKey=kg.generateKey();
//获得密钥的二进制编码形式
return secretKey.getEncoded();
}
/**
* 初始化密钥
* @return String Base64编码密钥
* @throws Exception
*/
public static String initKeyString() throws Exception
{
return Base64.encodeBase64String(initKey());
}
/**
* 获取密钥
* @param key
* @return byte[] 密钥
* @throws Exception
*/
public static byte[] getKey(String key) throws Exception
{
return Base64.decodeBase64(key);
}
/**
* 摘要处理
* @param data 待摘要数据
* @return String 摘要字符串
*/
public static String shaHex(byte[] data)
{
return DigestUtils.md5Hex(data);
}
/**
* 验证
* @param data 待摘要数据
* @param messageDigest 摘要字符串
* @return 验证结果
*/
public static boolean validate(byte[] data,String messageDigest)
{
return messageDigest.equals(shaHex(data));
}
}
package com.algorithm;
/**
* 对称加密算法测试用例
* @author Administrator
*
*/
public class AESCoderTest {
public static void main(String args[])
{
try {
//初始化密钥
String secretKey=AESCoder.initKeyString();
System.out.println("密钥为:"+secretKey);
String s="我们的大中国";
//加密数据
byte[] encryptData=AESCoder.encrypt(s.getBytes(), secretKey);
//解密数据
byte[] data=AESCoder.decrypt(encryptData, secretKey);
//比较
System.out.println(new String(data).equals(s));
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
附证书生成命令:
keytool生成证书
keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 360 -alias www.dominic.com -keystore dominic.keystore
导出数字证书
keytool -exportcert -alias www.dominic.com -keystore dominic.keystore -file dominic.cer -rfc
打印数字证书
keytool -printcert -file dominic.cer
这里是自制证书,如果需要权威机构签发,需要导出证书申请文件由第三方签发
openssl证书创建
根证书构建命令?
echo 构建随机数 private/.rand
openssl rand -out private/.rand 1000
echo 构建根证书私钥 private/ca.key.pem
openssl genrsa -aes256 -out private/ca.key.pem 2048
echo 生成根证书签发申请 private/ca.csr
openssl req -new -key private/ca.key.pem -out private/ca.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
echo 签发根证书 private/ca.cer
openssl x509 -req -days 10000 -sha1 -extensions v3_ca -signkey private/ca.key.pem -in private/ca.csr -out certs/ca.cer
echo 根证书转换 private/ca.p12
openssl pkcs12 -export -cacerts inkey private/ca.key.pem -in private/ca.csr -out certs/ca.cer
服务器证书构建步骤命令?
(1)echo 构建服务器私钥 private/server.key.pem
(2)openssl genrsa -aes256 -out private/server.key.pem 2048
echo 生成服务器证书签发申请 private/server.csr
(3)openssl req -new -key private/server.key.pem -out private/server.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
echo 签发服务器证书 private/server.cer
openssl x509 -req -days 3650 -sha1 -extensions v3_req -CA certs/ca.cer -CAkey private/ca.key.pem -CAserial ca.srl -CAcreateserial -in private/server.csr -out certs/server.cer
echo 服务器证书转换 private/server.p12
openssl pkcs12 -export -clcerts -inkey private/server.key.pem -in certs/server.cer -out certs/server.p12
客户证书构建命令?
echo 构建客户私钥 private/client.key.pem
openssl genrsa -aes256 -out private/client.key.pem 2048
echo 生成服务器证书签发申请 private/client.csr
openssl req -new -key private/client.key.pem -out private/client.csr -subj "/C=CN/ST=BJ/L=BJ/O=dominic/OU=dominic/CN=www.dominic.com"
echo 签发客户证书 private/server.cer
openssl ca -days 3650 -in private/client.csr -out certs/client.cer -cert certs/ca.cer -keyfile private/ca.key.pem
echo 客户证书转换 certs/client.p12
openssl pkcs12 -export -inkey private/client.key.pem -in certs/client.cer -out certs/client.p12