一 数字签名算法
带有秘钥(公钥,私钥)的消息摘要算法
验证数据完整性,认证数据来源,抗否认
OSI参考模型
私钥签名,公钥验证
RSA,DSA,ECDSA
二 数字签名算法RSA
经典算法
MD,SHA两类
例子:jdkRSA 算法
1 packagecom.dzj.rsa;2
3 importjava.security.KeyFactory;4 importjava.security.KeyPair;5 importjava.security.KeyPairGenerator;6 importjava.security.PrivateKey;7 importjava.security.PublicKey;8 importjava.security.Signature;9 importjava.security.interfaces.RSAPrivateKey;10 importjava.security.interfaces.RSAPublicKey;11 importjava.security.spec.PKCS8EncodedKeySpec;12 importjava.security.spec.X509EncodedKeySpec;13
14 mons.codec.binary.Hex;15
16 public classRSA {17 private static String src = "imooc security rsa";18
19 public static voidmain(String[] args) {20 jdkRSA();21 }22
23 public static voidjdkRSA() {24 try{25 //1 初始化密钥
26 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");27 keyPairGenerator.initialize(512);28 KeyPair keyPair =keyPairGenerator.generateKeyPair();29
30 RSAPublicKey rsaPublicKey =(RSAPublicKey) keyPair.getPublic();31 RSAPrivateKey rsaPrivateKey =(RSAPrivateKey) keyPair.getPrivate();32
33 //2 私钥加密、公钥解密——加密34 //用私钥进行签名
35 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = newPKCS8EncodedKeySpec(rsaPrivateKey.getEncoded());36
37 KeyFactory keyFactory = KeyFactory.getInstance("RSA");38 //执行key的转化
39 PrivateKey privateKey =keyFactory.generatePrivate(pkcs8EncodedKeySpec);40
41 //声明一个签名对象 使用JDK实现
42 Signature signature = Signature.getInstance("MD5withRSA");43 signature.initSign(privateKey);44 signature.update(src.getBytes());45 byte[] sign =signature.sign();46 System.out.println("私钥加密、公钥解密——加密:" +Hex.encodeHexString(sign));47
48 //3私钥加密、公钥解密——解密
49 X509EncodedKeySpec x509EncodedKeySpec = newX509EncodedKeySpec(rsaPublicKey.getEncoded());50 keyFactory = KeyFactory.getInstance("RSA");51 PublicKey publicKey =keyFactory.generatePublic(x509EncodedKeySpec);52 //创建签名对象
53 signature = Signature.getInstance("MD5withRSA");54 signature.initVerify(publicKey);55 signature.update(src.getBytes());56 boolean verify =signature.verify(sign);57 System.out.println("私钥加密、公钥解密——解密:" +verify);58
59 } catch(Exception e) {60 //TODO Auto-generated catch block
61 e.printStackTrace();62 }63
64 }65
66 }
View Code
数字签名算法----过程
三 数字签名算法DSA
DSS(Digital Signature Standard)数字签名标准
DSA(Digital Signature Algorithm)数字签名算法
DSA仅包含数字签名,没有办法进行加密通讯
RSA即包括加解密,又包括数字签名的算法
例子
1 packagecom.dzj.dsa;2
3 importjava.security.KeyFactory;4 importjava.security.KeyPair;5 importjava.security.KeyPairGenerator;6 importjava.security.PrivateKey;7 importjava.security.PublicKey;8 importjava.security.Signature;9 importjava.security.interfaces.DSAPrivateKey;10 importjava.security.interfaces.DSAPublicKey;11 importjava.security.spec.PKCS8EncodedKeySpec;12 importjava.security.spec.X509EncodedKeySpec;13
14 mons.codec.binary.Hex;15
16 public classDSA {17
18 private static String src = "imooc security dsa";19
20 public static voidmain(String[] args) {21 jdkDSA();22 }23
24 public static voidjdkDSA() {25 try{26 //1.初始化密钥
27 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");28 keyPairGenerator.initialize(512);29 KeyPair keyPair =keyPairGenerator.generateKeyPair();30 DSAPublicKey dsaPublicKey =(DSAPublicKey) keyPair.getPublic();31 DSAPrivateKey dsaPrivateKey =(DSAPrivateKey) keyPair.getPrivate();32
33 //2.执行签名 私钥进行签名
34 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = newPKCS8EncodedKeySpec(dsaPrivateKey.getEncoded());35 KeyFactory keyFactory = KeyFactory.getInstance("DSA");36 PrivateKey privateKey =keyFactory.generatePrivate(pkcs8EncodedKeySpec);37 Signature signature = Signature.getInstance("SHA1withDSA");38 signature.initSign(privateKey);39 signature.update(src.getBytes());40 byte[] result =signature.sign();41 System.out.println("jdk dsa sign : " +Hex.encodeHexString(result));42
43 //3.验证签名
44 X509EncodedKeySpec x509EncodedKeySpec = newX509EncodedKeySpec(dsaPublicKey.getEncoded());45 keyFactory = KeyFactory.getInstance("DSA");46 PublicKey publicKey =keyFactory.generatePublic(x509EncodedKeySpec);47 signature = Signature.getInstance("SHA1withDSA");48 signature.initVerify(publicKey);49 signature.update(src.getBytes());50 boolean bool =signature.verify(result);51 System.out.println("jdk dsa verify : " +bool);52 } catch(Exception e) {53 e.printStackTrace();54 }55 }56
57 }
View Code
四 数字签名算法ECDSA
微软
Ellipticc Curve Digital Signature Algorithm,椭圆曲线数字签名算法
速度快,强度高,签名短
例子:
1 packagecom.dzj.ecdsa;2
3 importjava.security.KeyFactory;4 importjava.security.KeyPair;5 importjava.security.KeyPairGenerator;6 importjava.security.PrivateKey;7 importjava.security.PublicKey;8 importjava.security.Signature;9 importjava.security.interfaces.ECPrivateKey;10 importjava.security.interfaces.ECPublicKey;11 importjava.security.spec.PKCS8EncodedKeySpec;12 importjava.security.spec.X509EncodedKeySpec;13
14 mons.codec.binary.Hex;15
16 public classECDSA {17 private static String src = "imooc security ecdsa";18
19 public static voidmain(String[] args) {20
21 jdkECDSA();22
23 }24
25 public static voidjdkECDSA() {26 try{27 //1 初始化密钥
28 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");29 keyPairGenerator.initialize(256);30 KeyPair keyPair =keyPairGenerator.generateKeyPair();31 ECPublicKey ecPublicKey =(ECPublicKey) keyPair.getPublic();32 ECPrivateKey ecPrivateKey =(ECPrivateKey) keyPair.getPrivate();33
34 //2 执行签名
35 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = newPKCS8EncodedKeySpec(ecPrivateKey.getEncoded());36 KeyFactory keyFactory = KeyFactory.getInstance("EC");37 PrivateKey privateKey =keyFactory.generatePrivate(pkcs8EncodedKeySpec);38 Signature signature = Signature.getInstance("SHA1withECDSA");39 signature.initSign(privateKey);40 signature.update(src.getBytes());41 byte[] sign =signature.sign();42 System.out.println("jdk ecdsa sign:" +Hex.encodeHexString(sign));43
44 //3验证
45 X509EncodedKeySpec x509EncodedKeySpec = newX509EncodedKeySpec(ecPublicKey.getEncoded());46 keyFactory = KeyFactory.getInstance("EC");47 PublicKey publicKey =keyFactory.generatePublic(x509EncodedKeySpec);48 signature = Signature.getInstance("SHA1withECDSA");49 signature.initVerify(publicKey);50 signature.update(src.getBytes());51 boolean verify =signature.verify(sign);52 System.out.println("jdk ecdsa verify:" +verify);53 } catch(Exception e) {54 //TODO Auto-generated catch block
55 e.printStackTrace();56 }57
58 }59
60 }
View Code