/**
* 取得私钥
*
* @param keyMap 密钥对Map
* @return 私钥
* @throws UnsupportedEncodingException 假如用户的环境不支持UTF-8
* @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA
* @throws InvalidKeySpecException 假如根据privateKey生成密钥失败
*/
public static Key getPrivateKey(String key)
throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException {
// 对密钥解密
byte[] keyBytes = Base64ForServer.base64toByte(key);
// 取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
return keyFactory.generatePrivate(pkcs8KeySpec);
}
/**
* 用私钥对信息生成数字签名
*
* @param data 需要签名的数据
* @param privateKey 用来签名的私钥
* @return 对数据的签名
* @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA
* @throws InvalidKeySpecException 假如根据privateKey生成密钥失败
* @throws InvalidKeyException 假如输入的RSA私钥不合法
* @throws SignatureException 假如根据privateKey生成密钥失败
* @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码
*/
public static String sign(byte[] data, String privateKey)
throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException,
SignatureException, UnsupportedEncodingException {
// 解密由base64编码的私钥
byte[] keyBytes = Base64ForServer.base64toByte(privateKey);
// 构造PKCS8EncodedKeySpec对象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取私钥匙对象
PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
// 用私钥对信息生成数字签名
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(priKey);
signature.update(data);
return Base64ForServer.byteToBase64(signature.sign());
}
/**
* 校验数字签名的正确性
*
* @param data 需要校验的数据
* @param publicKey 用来检验数字签名的公钥
* @param sign 数字签名
* @return 校验成功返回true 失败返回false
* @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA
* @throws InvalidKeySpecException 假如根据privateKey生成密钥失败
* @throws InvalidKeyException 假如输入的RSA私钥不合法
* @throws SignatureException 假如根据privateKey生成密钥失败
* @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码
*/
public static boolean verify(byte[] data, String publicKey, String sign)
throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException,
SignatureException, UnsupportedEncodingException {
// 解密由base64编码的公钥
byte[] keyBytes = Base64ForServer.base64toByte(publicKey);
// 构造X509EncodedKeySpec对象
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取公钥匙对象
PublicKey pubKey = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(pubKey);
signature.update(data);
// 验证签名是否正常
return signature.verify(Base64ForServer.base64toByte(sign));
}
/**
* 用私钥加密数据
*
* @param data 等待加密的原始数据
* @param key 用来加密的私钥
* @return 加密后的数据
* @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA
* @throws InvalidKeySpecException 假如根据privateKey生成密钥失败
* @throws InvalidKeyException 假如输入的RSA私钥不合法
* @throws SignatureException 假如根据privateKey生成密钥失败
* @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码
* @throws NoSuchPaddingException 假如产生的密钥对有问题
* @throws BadPaddingException 假如输入的加密的数据填充数据错误
* @throws IllegalBlockSizeException 假如输入的加密的数据字节数不是BlockSize的整数倍
* @throws ShortBufferException
*/
public static byte[] encryptByPrivateKey(byte[] data, String key)
throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException,
SignatureException, UnsupportedEncodingException, NoSuchPaddingException,
IllegalBlockSizeException, BadPaddingException, ShortBufferException {
// 对密钥解密
byte[] keyBytes = Base64ForServer.base64toByte(key);
// 取得私钥
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
// 对数据加密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return CipherUtil.process(cipher, 117, data);
}
/**
* 用公钥解密通过私钥加密的数据
*
* @param data 通过私钥加密的数据
* @param key 用来解密的公钥
* @return 解密后的数据
* @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA
* @throws InvalidKeySpecException 假如根据privateKey生成密钥失败
* @throws InvalidKeyException 假如输入的RSA私钥不合法
* @throws SignatureException 假如根据privateKey生成密钥失败
* @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码
* @throws NoSuchPaddingException 假如产生的密钥对有问题
* @throws BadPaddingException 假如输入的加密的数据填充数据错误
* @throws IllegalBlockSizeException 假如输入的加密的数据字节数不是BlockSize的整数倍
* @throws ShortBufferException
*/
public static byte[] decryptByPublicKey(byte[] data, String key)
throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException,
SignatureException, UnsupportedEncodingException, NoSuchPaddingException,
IllegalBlockSizeException, BadPaddingException, ShortBufferException {
// 对密钥解密
byte[] keyBytes = Base64ForServer.base64toByte(key);
// 取得公钥
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
Key publicKey = keyFactory.generatePublic(x509KeySpec);
// 对数据解密
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return CipherUtil.process(cipher, 128, data);
}
/**
* 取得公钥
*
* @param keyMap 密钥对Map
* @return 公钥
* @throws UnsupportedEncodingException 假如用户的环境不支持UTF-8
*/
public static String getPublicKey(Map<String, Object> keyMap)
throws UnsupportedEncodingException {
Key key = (Key) keyMap.get(PUBLIC_KEY);
return Base64ForServer.byteToBase64(key.getEncoded());
}
