1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
| import java.io.File; import java.io.FileInputStream; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Paths; import java.security.KeyFactory; import java.security.MessageDigest; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Security; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.MGF1ParameterSpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.PSSParameterSpec; import java.security.spec.X509EncodedKeySpec; import java.util.Base64; import javax.crypto.EncryptedPrivateKeyInfo; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import sun.misc.BASE64Encoder;
public class RSASignature {
private static final Logger Logger = LoggerFactory.getLogger(RSASignature.class);
private static final String SIGN_ALGORITHMS = "SHA256withRSA"; private static final String SIGN_ALGORITHMS_PSS = "SHA256withRSA/PSS"; private static final String ENCODE_ALGORITHM = "SHA-256";
public static String digest(String content, String encode) { try { MessageDigest messageDigest = MessageDigest.getInstance(ENCODE_ALGORITHM); messageDigest.update(content.getBytes(encode)); byte[] digestBytes = messageDigest.digest(); return new String(Base64.getEncoder().encode(digestBytes), ICommon.GBK_ENCODEING); } catch (Exception e) { Logger.error("Summary calculation failed. {}", e.getMessage()); } return null; }
public static void sign(File file, String signFile, String signKeyFile, String keyPassword) { try { String encrypted = new String(Files.readAllBytes(Paths.get(signKeyFile))); encrypted = encrypted.replace("-----BEGIN ENCRYPTED PRIVATE KEY-----", ""); encrypted = encrypted.replace("-----END ENCRYPTED PRIVATE KEY-----", ""); encrypted = encrypted.replaceAll("\\n", ""); EncryptedPrivateKeyInfo pkInfo = new EncryptedPrivateKeyInfo(Base64.getDecoder().decode(encrypted)); PBEKeySpec keySpec = new PBEKeySpec(keyPassword.toCharArray()); SecretKeyFactory pbeKeyFactory = SecretKeyFactory.getInstance(pkInfo.getAlgName()); PKCS8EncodedKeySpec encodedKeySpec = pkInfo.getKeySpec(pbeKeyFactory.generateSecret(keySpec)); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey priKey = keyFactory.generatePrivate(encodedKeySpec);
Security.addProvider(new BouncyCastleProvider()); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS_PSS); signature.setParameter(new PSSParameterSpec(MGF1ParameterSpec.SHA256.getDigestAlgorithm(), "MGF1", MGF1ParameterSpec.SHA256, 32, 1)); signature.initSign(priKey); signature.update(Files.readAllBytes(file.toPath())); byte[] signed = signature.sign(); String signStr = new String(Base64.getEncoder().encode(signed), StandardCharsets.UTF_8); System.out.println(signStr); Files.write(Paths.get(signFile), signStr.getBytes(StandardCharsets.UTF_8)); } catch (Exception e) { Logger.error("digital signature failed", e); } }
public static boolean verify(File originFile, String signFile, String signCertFile) { try { CertificateFactory fact = CertificateFactory.getInstance("X.509"); X509Certificate certificate = (X509Certificate) fact.generateCertificate(new FileInputStream(signCertFile)); PublicKey pk = certificate.getPublicKey(); byte[] keyBytes = pk.getEncoded(); String publicKey = new BASE64Encoder().encode(keyBytes); publicKey = publicKey.replaceAll("\\r?\\n", ""); byte[] encodedKey = Base64.getDecoder().decode(publicKey); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey pubKey = keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey)); Security.addProvider(new BouncyCastleProvider()); java.security.Signature signature = java.security.Signature.getInstance(SIGN_ALGORITHMS_PSS); signature.setParameter(new PSSParameterSpec(MGF1ParameterSpec.SHA256.getDigestAlgorithm(), "MGF1", MGF1ParameterSpec.SHA256, 32, 1)); signature.initVerify(pubKey); signature.update(Files.readAllBytes(originFile.toPath())); String signStr = new String(Files.readAllBytes(Paths.get(signFile)), StandardCharsets.UTF_8); return signature.verify(Base64.getDecoder().decode(signStr.replaceAll("\\n", ""))); } catch (Exception e) { Logger.error("Digital signature verification failed. {}", e.getMessage()); } return false; } }
|