10月 10, 2022 | Nix.Huang

依赖 org.bouncycastle:bcpkix-jdk15on 让我们工作更轻松

openssl 产生RSA密钥对

# 产生rsa 私钥
openssl genrsa -out private.pem 2048
# 产生公钥
openssl rsa -in private.pem -RSAPublicKey_out -out pubkey.pem
# 将私钥转换成pkcs8格式
openssl pkcs8 -in private.pem -topk8 -nocrypt -out pkcs8.pem

# 产生rsa 私钥

openssl genrsa -out private.pem 2048

# 产生公钥

openssl rsa -in private.pem -RSAPublicKey_out -out pubkey.pem

# 将私钥转换成pkcs8格式

openssl pkcs8 -in private.pem -topk8 -nocrypt -out pkcs8.pem

java 签名示例

public class SignUtil {

    private static String sign(String  content, PrivateKey privateKey) {
        try {
            byte[] info = content.getBytes("utf-8");
            Signature mySig = Signature.getInstance("SHA1WithRSA");  //用指定算法产生签名对象
            mySig.initSign(privateKey);  //用私钥初始化签名对象
            mySig.update(info);  //将待签名的数据传送给签名对象(须在初始化之后)
            byte[] sigResult = mySig.sign();  //返回签名结果字节数组
            String result = Base64.getMimeEncoder().encodeToString(sigResult);
            return result;
        }catch (Exception e) {
            throw new RuntimeException("SignUtil::sign error", e);
        }
    }

    public static boolean verify(String content, String signInBase64, PublicKey  publicKey) {
        try {
            Signature mySig = Signature.getInstance("SHA1WithRSA");  //用指定算法产生签名对象
            byte[] info = content.getBytes();
            mySig.initVerify(publicKey);  //使用公钥初始化签名对象,用于验证签名
            mySig.update(info); //更新签名内容
            byte[] sign = Base64.getMimeDecoder().decode(signInBase64);
            boolean verify = mySig.verify(sign); //得到验证结果
            return verify;
        }catch (Exception e) {
            throw new RuntimeException("SignUtil::verify", e);
        }
    }
    public static void main(String[] args){

        try{
            /*
            //自己产生keyValue对
            KeyPairGenerator myKeyGen= KeyPairGenerator.getInstance("RSA");
            myKeyGen.initialize(1024);
            KeyPair myKeyPair = myKeyGen.generateKeyPair();
            String _privateKey = Base64.toBase64String(myKeyPair.getPrivate().getEncoded());
            String _publicKey = Base64.toBase64String(myKeyPair.getPublic().getEncoded());
            System.out.println("private:" + _privateKey);
            System.out.println("public:" + _publicKey);

            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            KeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decode(_privateKey.getBytes()));
            PrivateKey privateKey =  keyFactory.generatePrivate(keySpec);
            keySpec = new X509EncodedKeySpec(Base64.decode(_publicKey));
            PublicKey publicKey = keyFactory.generatePublic(keySpec);
            */

            File file = new File("C:\\Users\\Rex\\.ssh\\shit_asshole\\private.pem");
            File file2 = new File("C:\\Users\\Rex\\.ssh\\shit_asshole\\pubkey.pem");
            PublicKey publicKey = readPublicKey(file2);
            PrivateKey privateKey = readPrivateKey(file);

            String info ="ROBOT123";//产生RSA密钥对(myKeyPair)
            String sign = sign(info, privateKey);
            System.out.println("sign:" + sign);

            boolean verify = verify(info, sign, publicKey);
            System.out.println(verify);

        }catch (Exception ex){ex.printStackTrace();}
    }

    public static RSAPublicKey readPublicKey(File file) throws Exception {
        try (FileReader keyReader = new FileReader(file)) {
            PEMParser pemParser = new PEMParser(keyReader);
            JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
            SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(pemParser.readObject());
            return (RSAPublicKey) converter.getPublicKey(publicKeyInfo);
        }
    }

    public static PrivateKey readPrivateKey(File file) throws Exception {
        KeyFactory factory = KeyFactory.getInstance("RSA");

        try (FileReader keyReader = new FileReader(file);
             PemReader pemReader = new PemReader(keyReader)) {

            PemObject pemObject = pemReader.readPemObject();
            byte[] content = pemObject.getContent();
            PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content);
            return factory.generatePrivate(privKeySpec);
        }
    }

}

public class SignUtil {

private static String sign(String content, PrivateKey privateKey) {

try {

byte[] info = content.getBytes("utf-8");

Signature mySig = Signature.getInstance("SHA1WithRSA"); //用指定算法产生签名对象

mySig.initSign(privateKey); //用私钥初始化签名对象

mySig.update(info); //将待签名的数据传送给签名对象(须在初始化之后)

byte[] sigResult = mySig.sign(); //返回签名结果字节数组

String result = Base64.getMimeEncoder().encodeToString(sigResult);

return result;

}catch (Exception e) {

throw new RuntimeException("SignUtil::sign error", e);

}

public static boolean verify(String content, String signInBase64, PublicKey publicKey) {

try {

Signature mySig = Signature.getInstance("SHA1WithRSA"); //用指定算法产生签名对象

byte[] info = content.getBytes();

mySig.initVerify(publicKey); //使用公钥初始化签名对象,用于验证签名

mySig.update(info); //更新签名内容

byte[] sign = Base64.getMimeDecoder().decode(signInBase64);

boolean verify = mySig.verify(sign); //得到验证结果

return verify;

}catch (Exception e) {

throw new RuntimeException("SignUtil::verify", e);

}

public static void main(String[] args){

try{

//自己产生keyValue对

KeyPairGenerator myKeyGen= KeyPairGenerator.getInstance("RSA");

myKeyGen.initialize(1024);

KeyPair myKeyPair = myKeyGen.generateKeyPair();

String _privateKey = Base64.toBase64String(myKeyPair.getPrivate().getEncoded());

String _publicKey = Base64.toBase64String(myKeyPair.getPublic().getEncoded());

System.out.println("private:" + _privateKey);

System.out.println("public:" + _publicKey);

KeyFactory keyFactory = KeyFactory.getInstance("RSA");

KeySpec keySpec = new PKCS8EncodedKeySpec(Base64.decode(_privateKey.getBytes()));

PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

keySpec = new X509EncodedKeySpec(Base64.decode(_publicKey));

PublicKey publicKey = keyFactory.generatePublic(keySpec);

File file = new File("C:\\Users\\Rex\\.ssh\\shit_asshole\\private.pem");

File file2 = new File("C:\\Users\\Rex\\.ssh\\shit_asshole\\pubkey.pem");

PublicKey publicKey = readPublicKey(file2);

PrivateKey privateKey = readPrivateKey(file);

String info ="ROBOT123";//产生RSA密钥对(myKeyPair)

String sign = sign(info, privateKey);

System.out.println("sign:" + sign);

boolean verify = verify(info, sign, publicKey);

System.out.println(verify);

}catch (Exception ex){ex.printStackTrace();}

}

public static RSAPublicKey readPublicKey(File file) throws Exception {

try (FileReader keyReader = new FileReader(file)) {

PEMParser pemParser = new PEMParser(keyReader);

JcaPEMKeyConverter converter = new JcaPEMKeyConverter();

SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfo.getInstance(pemParser.readObject());

return (RSAPublicKey) converter.getPublicKey(publicKeyInfo);

}

public static PrivateKey readPrivateKey(File file) throws Exception {

KeyFactory factory = KeyFactory.getInstance("RSA");

try (FileReader keyReader = new FileReader(file);

PemReader pemReader = new PemReader(keyReader)) {

PemObject pemObject = pemReader.readPemObject();

byte[] content = pemObject.getContent();

PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(content);

return factory.generatePrivate(privKeySpec);

}

参考文献

java-read-pem-file-keys

Posted in: java基础

知行合一，止于至善

java 使用openssl产生的key

openssl 产生RSA密钥对

java 签名示例

参考文献

站内搜索