Java加密技术(六)——数字签名算法DSA

Posted on

Java加密技术(六)——数字签名算法DSA

接下来我们介绍DSA数字签名,非对称加密的另一种实现。

DSA DSA-Digital Signature Algorithm 是Schnorr和ElGamal签名算法的变种,被美国NIST作为DSS(DigitalSignature Standard)。简单的说,这是一种更高级的验证方式,用作数字签名。不单单只有公钥、私钥,还有数字签名。私钥加密生成数字签名,公钥验证数据及签名。如果数据和签名不匹配则认为验证失败!数字签名的作用就是校验数据在传输过程中不被修改。数字签名,是单向加密的升级!

  2. 通过java代码实现如下:Coder类见 Java加密技术(一) Java代码 复制代码 收藏代码

  3. import java.security.Key;

  4. import java.security.KeyFactory;
  5. import java.security.KeyPair;
  6. import java.security.KeyPairGenerator;
  7. import java.security.PrivateKey;
  8. import java.security.PublicKey;
  9. import java.security.SecureRandom;
  10. import java.security.Signature;
  11. import java.security.interfaces.DSAPrivateKey;
  12. import java.security.interfaces.DSAPublicKey;
  13. import java.security.spec.PKCS8EncodedKeySpec;
  14. import java.security.spec.X509EncodedKeySpec;
  15. import java.util.HashMap;
  16. import java.util.Map;
  18. ///
  19. /* DSA安全编码组件
  20. /*
  21. /* @author 梁栋
  22. /* @version 1.0
  23. /* @since 1.0
  24. /*/
  25. public abstract class DSACoder extends Coder {
  27. public static final String ALGORITHM = "DSA";
  29. ///
  30. /* 默认密钥字节数
  31. /*
  32. /*
  33. /* DSA
  34. /* Default Keysize 1024
  35. /* Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
  36. /*
  37. /*/
  38. private static final int KEY_SIZE = 1024;
  40. ///
  41. /* 默认种子
  42. /*/
  43. private static final String DEFAULT_SEED = "0f22507a10bbddd07d8a3082122966e3";
  45. private static final String PUBLIC_KEY = "DSAPublicKey";
  46. private static final String PRIVATE_KEY = "DSAPrivateKey";
  48. ///
  49. /* 用私钥对信息生成数字签名
  50. /*
  51. /* @param data
  52. /* 加密数据
  53. /* @param privateKey
  54. /* 私钥
  55. /*
  56. /* @return
  57. /* @throws Exception
  58. /*/
  59. public static String sign(byte[] data, String privateKey) throws Exception {
  60. // 解密由base64编码的私钥
  61. byte[] keyBytes = decryptBASE64(privateKey);
  63. // 构造PKCS8EncodedKeySpec对象
  64. PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
  66. // KEY_ALGORITHM 指定的加密算法
  67. KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
  69. // 取私钥匙对象
  70. PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
  72. // 用私钥对信息生成数字签名
  73. Signature signature = Signature.getInstance(keyFactory.getAlgorithm());
  74. signature.initSign(priKey);
  75. signature.update(data);
  77. return encryptBASE64(signature.sign());
  78. }
  80. ///
  81. /* 校验数字签名
  82. /*
  83. /* @param data
  84. /* 加密数据
  85. /* @param publicKey
  86. /* 公钥
  87. /* @param sign
  88. /* 数字签名
  89. /*
  90. /* @return 校验成功返回true 失败返回false
  91. /* @throws Exception
  92. /*
  93. /*/
  94. public static boolean verify(byte[] data, String publicKey, String sign)
  95. throws Exception {
  97. // 解密由base64编码的公钥
  98. byte[] keyBytes = decryptBASE64(publicKey);
  100. // 构造X509EncodedKeySpec对象
  101. X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
  103. // ALGORITHM 指定的加密算法
  104. KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);
  106. // 取公钥匙对象
  107. PublicKey pubKey = keyFactory.generatePublic(keySpec);
  109. Signature signature = Signature.getInstance(keyFactory.getAlgorithm());
  110. signature.initVerify(pubKey);
  111. signature.update(data);
  113. // 验证签名是否正常
  114. return signature.verify(decryptBASE64(sign));
  115. }
  117. ///
  118. /* 生成密钥
  119. /*
  120. /* @param seed
  121. /* 种子
  122. /* @return 密钥对象
  123. /* @throws Exception
  124. /*/
  125. public static Map initKey(String seed) throws Exception {
  126. KeyPairGenerator keygen = KeyPairGenerator.getInstance(ALGORITHM);
  127. // 初始化随机产生器
  128. SecureRandom secureRandom = new SecureRandom();
  129. secureRandom.setSeed(seed.getBytes());
  130. keygen.initialize(KEY_SIZE, secureRandom);
  132. KeyPair keys = keygen.genKeyPair();
  134. DSAPublicKey publicKey = (DSAPublicKey) keys.getPublic();
  135. DSAPrivateKey privateKey = (DSAPrivateKey) keys.getPrivate();
  137. Map map = new HashMap(2);
  138. map.put(PUBLIC_KEY, publicKey);
  139. map.put(PRIVATE_KEY, privateKey);
  141. return map;
  142. }
  144. ///
  145. /* 默认生成密钥
  146. /*
  147. /* @return 密钥对象
  148. /* @throws Exception
  149. /*/
  150. public static Map initKey() throws Exception {
  151. return initKey(DEFAULT_SEED);
  152. }
  154. ///
  155. /* 取得私钥
  156. /*
  157. /* @param keyMap
  158. /* @return
  159. /* @throws Exception
  160. /*/
  161. public static String getPrivateKey(Map keyMap)
  162. throws Exception {
  163. Key key = (Key) keyMap.get(PRIVATE_KEY);
  165. return encryptBASE64(key.getEncoded());
  166. }
  168. ///
  169. /* 取得公钥
  170. /*
  171. /* @param keyMap
  172. /* @return
  173. /* @throws Exception
  174. /*/
  175. public static String getPublicKey(Map keyMap)
  176. throws Exception {
  177. Key key = (Key) keyMap.get(PUBLIC_KEY);
  179. return encryptBASE64(key.getEncoded());
  180. }
  181. }

import java.security.Key;

import java.security.KeyFactory; import java.security.KeyPair;

import java.security.KeyPairGenerator; import java.security.PrivateKey;

import java.security.PublicKey; import java.security.SecureRandom;

import java.security.Signature; import java.security.interfaces.DSAPrivateKey;

import java.security.interfaces.DSAPublicKey; import java.security.spec.PKCS8EncodedKeySpec;

import java.security.spec.X509EncodedKeySpec; import java.util.HashMap;

import java.util.Map;

/// /* DSA安全编码组件

/ / @author 梁栋

/ @version 1.0 / @since 1.0

/*/ public abstract class DSACoder extends Coder {

public static final String ALGORITHM = "DSA";


//*/*

 /* 默认密钥字节数
 /*

 /* <pre>
 /* DSA

 /* Default Keysize 1024 
 /* Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).

 /* </pre>
 /*/

private static final int KEY_SIZE = 1024;


//*/*
 /* 默认种子

 /*/
private static final String DEFAULT_SEED = "0f22507a10bbddd07d8a3082122966e3";


private static final String PUBLIC_KEY = "DSAPublicKey";

private static final String PRIVATE_KEY = "DSAPrivateKey";


//*/*
 /* 用私钥对信息生成数字签名

 /*
 /* @param data

 /*            加密数据
 /* @param privateKey

 /*            私钥
 /*

 /* @return
 /* @throws Exception

 /*/
public static String sign(byte[] data, String privateKey) throws Exception {

    // 解密由base64编码的私钥
    byte[] keyBytes = decryptBASE64(privateKey);


    // 构造PKCS8EncodedKeySpec对象

    PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);


    // KEY_ALGORITHM 指定的加密算法
    KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);


    // 取私钥匙对象

    PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);


    // 用私钥对信息生成数字签名
    Signature signature = Signature.getInstance(keyFactory.getAlgorithm());

    signature.initSign(priKey);
    signature.update(data);


    return encryptBASE64(signature.sign());

}


//*/*
 /* 校验数字签名

 /*
 /* @param data

 /*            加密数据
 /* @param publicKey

 /*            公钥
 /* @param sign

 /*            数字签名
 /*

 /* @return 校验成功返回true 失败返回false
 /* @throws Exception

 /*
 /*/

public static boolean verify(byte[] data, String publicKey, String sign)
        throws Exception {


    // 解密由base64编码的公钥

    byte[] keyBytes = decryptBASE64(publicKey);


    // 构造X509EncodedKeySpec对象
    X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);


    // ALGORITHM 指定的加密算法

    KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);


    // 取公钥匙对象
    PublicKey pubKey = keyFactory.generatePublic(keySpec);


    Signature signature = Signature.getInstance(keyFactory.getAlgorithm());

    signature.initVerify(pubKey);
    signature.update(data);


    // 验证签名是否正常

    return signature.verify(decryptBASE64(sign));
}


//*/*

 /* 生成密钥
 /*

 /* @param seed
 /*            种子

 /* @return 密钥对象
 /* @throws Exception

 /*/
public static Map<String, Object> initKey(String seed) throws Exception {

    KeyPairGenerator keygen = KeyPairGenerator.getInstance(ALGORITHM);
    // 初始化随机产生器

    SecureRandom secureRandom = new SecureRandom();
    secureRandom.setSeed(seed.getBytes());

    keygen.initialize(KEY_SIZE, secureRandom);


    KeyPair keys = keygen.genKeyPair();


    DSAPublicKey publicKey = (DSAPublicKey) keys.getPublic();
    DSAPrivateKey privateKey = (DSAPrivateKey) keys.getPrivate();


    Map<String, Object> map = new HashMap<String, Object>(2);

    map.put(PUBLIC_KEY, publicKey);
    map.put(PRIVATE_KEY, privateKey);


    return map;

}


//*/*
 /* 默认生成密钥

 /*
 /* @return 密钥对象

 /* @throws Exception
 /*/

public static Map<String, Object> initKey() throws Exception {
    return initKey(DEFAULT_SEED);

}


//*/*
 /* 取得私钥

 /*
 /* @param keyMap

 /* @return
 /* @throws Exception

 /*/
public static String getPrivateKey(Map<String, Object> keyMap)

        throws Exception {
    Key key = (Key) keyMap.get(PRIVATE_KEY);


    return encryptBASE64(key.getEncoded());

}


//*/*
 /* 取得公钥

 /*
 /* @param keyMap

 /* @return
 /* @throws Exception

 /*/
public static String getPublicKey(Map<String, Object> keyMap)

        throws Exception {
    Key key = (Key) keyMap.get(PUBLIC_KEY);


    return encryptBASE64(key.getEncoded());

}

} 再给出一个测试类: Java代码 复制代码 收藏代码

  1. import static org.junit.Assert./*;
  3. import java.util.Map;
  5. import org.junit.Test;
  7. ///
  8. /*
  9. /* @author 梁栋
  10. /* @version 1.0
  11. /* @since 1.0
  12. /*/
  13. public class DSACoderTest {
  15. @Test
  16. public void test() throws Exception {
  17. String inputStr = "abc";
  18. byte[] data = inputStr.getBytes();
  20. // 构建密钥
  21. Map keyMap = DSACoder.initKey();
  23. // 获得密钥
  24. String publicKey = DSACoder.getPublicKey(keyMap);
  25. String privateKey = DSACoder.getPrivateKey(keyMap);
  27. System.err.println("公钥:\r" + publicKey);
  28. System.err.println("私钥:\r" + privateKey);
  30. // 产生签名
  31. String sign = DSACoder.sign(data, privateKey);
  32. System.err.println("签名:\r" + sign);
  34. // 验证签名
  35. boolean status = DSACoder.verify(data, publicKey, sign);
  36. System.err.println("状态:\r" + status);
  37. assertTrue(status);
  39. }
  41. }

import static org.junit.Assert./*;

import java.util.Map;

import org.junit.Test;

///

/ / @author 梁栋

/ @version 1.0 / @since 1.0

/*/ public class DSACoderTest {

@Test

public void test() throws Exception {
    String inputStr = "abc";

    byte[] data = inputStr.getBytes();


    // 构建密钥
    Map<String, Object> keyMap = DSACoder.initKey();


    // 获得密钥

    String publicKey = DSACoder.getPublicKey(keyMap);
    String privateKey = DSACoder.getPrivateKey(keyMap);


    System.err.println("公钥:\r" + publicKey);

    System.err.println("私钥:\r" + privateKey);


    // 产生签名
    String sign = DSACoder.sign(data, privateKey);

    System.err.println("签名:\r" + sign);


    // 验证签名
    boolean status = DSACoder.verify(data, publicKey, sign);

    System.err.println("状态:\r" + status);
    assertTrue(status);


}

} 控制台输出: Console代码 复制代码 收藏代码

  1. 公钥:
  2. MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZp
  3. RV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn
  4. xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuE
  5. C/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ
  6. FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo
  7. g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAIu4RUlcQLp49PI0MrbssOY+3uySVnp0TULSv
  8. 5T4VaHoKzsLHgGTrwOvsGA+V3yCNl2WDu3D84bSLF7liTWgOj+SMOEaPk4VyRTlLXZWGPsf1Mfd9
  9. 21XAbMeVyKDSHHVGbMjBScajf3bXooYQMlyoHiOt/WrCo+mv7efstMM0PGo=
  11. 私钥:
  12. MIIBTAIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2
  13. USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4
  14. O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC
  15. ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB
  16. gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhR
  17. kImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFwIVAIegLUtmm2oQKQJTOiLugHTSjl/q
  19. 签名:
  20. MC0CFQCMg0J/uZmF8GuRpr3TNq48w60nDwIUJCyYNah+HtbU6NcQfy8Ac6LeLQs=
  22. 状态:
  23. true

公钥:

MIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZp RV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fn

xqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuE C/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJ

FnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImo g9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQAAoGAIu4RUlcQLp49PI0MrbssOY+3uySVnp0TULSv

5T4VaHoKzsLHgGTrwOvsGA+V3yCNl2WDu3D84bSLF7liTWgOj+SMOEaPk4VyRTlLXZWGPsf1Mfd9 21XAbMeVyKDSHHVGbMjBScajf3bXooYQMlyoHiOt/WrCo+mv7efstMM0PGo=

私钥:

MIIBTAIBADCCASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2 USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4

O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmC ouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCB

gLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhR kImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoEFwIVAIegLUtmm2oQKQJTOiLugHTSjl/q

签名:

MC0CFQCMg0J/uZmF8GuRpr3TNq48w60nDwIUJCyYNah+HtbU6NcQfy8Ac6LeLQs=

状态: true 注意状态为true,就验证成功! 相关链接: Java加密技术(一)——BASE64与单向加密算法MD5&SHA&MAC Java加密技术(二)——对称加密DES&AES Java加密技术(三)——PBE算法 Java加密技术(四)——非对称加密算法RSA Java加密技术(五)——非对称加密算法的由来 Java加密技术(六)——数字签名算法DSA Java加密技术(七)——非对称加密算法最高ECC Java加密技术(八)——数字证书 Java加密技术(九)——初探SSL Java加密技术(十)——单向认证 Java加密技术(十一)——双向认证 Java加密技术(十二)——/.PFX(/.p12)&个人信息交换文件

希望本站内容对您有点用处,有什么疑问或建议请在后面留言评论
转载请注明作者(RobinChia)和出处 It so life ,请勿用于任何商业用途
本文链接: Java加密技术(六)——数字签名算法DSA