/** * 取得私钥 * * @param keyMap 密钥对Map * @return 私钥 * @throws UnsupportedEncodingException 假如用户的环境不支持UTF-8 * @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA * @throws InvalidKeySpecException 假如根据privateKey生成密钥失败 */ public static Key getPrivateKey(String key) throws UnsupportedEncodingException, NoSuchAlgorithmException, InvalidKeySpecException { // 对密钥解密 byte[] keyBytes = Base64ForServer.base64toByte(key); // 取得私钥 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); return keyFactory.generatePrivate(pkcs8KeySpec); }
/** * 用私钥对信息生成数字签名 * * @param data 需要签名的数据 * @param privateKey 用来签名的私钥 * @return 对数据的签名 * @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA * @throws InvalidKeySpecException 假如根据privateKey生成密钥失败 * @throws InvalidKeyException 假如输入的RSA私钥不合法 * @throws SignatureException 假如根据privateKey生成密钥失败 * @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码 */ public static String sign(byte[] data, String privateKey) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException, UnsupportedEncodingException { // 解密由base64编码的私钥 byte[] keyBytes = Base64ForServer.base64toByte(privateKey); // 构造PKCS8EncodedKeySpec对象 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取私钥匙对象 PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec); // 用私钥对信息生成数字签名 Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initSign(priKey); signature.update(data); return Base64ForServer.byteToBase64(signature.sign()); }
/** * 校验数字签名的正确性 * * @param data 需要校验的数据 * @param publicKey 用来检验数字签名的公钥 * @param sign 数字签名 * @return 校验成功返回true 失败返回false * @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA * @throws InvalidKeySpecException 假如根据privateKey生成密钥失败 * @throws InvalidKeyException 假如输入的RSA私钥不合法 * @throws SignatureException 假如根据privateKey生成密钥失败 * @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码 */ public static boolean verify(byte[] data, String publicKey, String sign) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException, UnsupportedEncodingException { // 解密由base64编码的公钥 byte[] keyBytes = Base64ForServer.base64toByte(publicKey); // 构造X509EncodedKeySpec对象 X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); // KEY_ALGORITHM 指定的加密算法 KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); // 取公钥匙对象 PublicKey pubKey = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM); signature.initVerify(pubKey); signature.update(data); // 验证签名是否正常 return signature.verify(Base64ForServer.base64toByte(sign)); }
/** * 用私钥加密数据 * * @param data 等待加密的原始数据 * @param key 用来加密的私钥 * @return 加密后的数据 * @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA * @throws InvalidKeySpecException 假如根据privateKey生成密钥失败 * @throws InvalidKeyException 假如输入的RSA私钥不合法 * @throws SignatureException 假如根据privateKey生成密钥失败 * @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码 * @throws NoSuchPaddingException 假如产生的密钥对有问题 * @throws BadPaddingException 假如输入的加密的数据填充数据错误 * @throws IllegalBlockSizeException 假如输入的加密的数据字节数不是BlockSize的整数倍 * @throws ShortBufferException */ public static byte[] encryptByPrivateKey(byte[] data, String key) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException, UnsupportedEncodingException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, ShortBufferException { // 对密钥解密 byte[] keyBytes = Base64ForServer.base64toByte(key); // 取得私钥 PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key privateKey = keyFactory.generatePrivate(pkcs8KeySpec); // 对数据加密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return CipherUtil.process(cipher, 117, data); }
/** * 用公钥解密通过私钥加密的数据 * * @param data 通过私钥加密的数据 * @param key 用来解密的公钥 * @return 解密后的数据 * @throws NoSuchAlgorithmException 假如用户的JDK不支持RSA * @throws InvalidKeySpecException 假如根据privateKey生成密钥失败 * @throws InvalidKeyException 假如输入的RSA私钥不合法 * @throws SignatureException 假如根据privateKey生成密钥失败 * @throws UnsupportedEncodingException 假如privateKey不是使用UTF-8进行编码 * @throws NoSuchPaddingException 假如产生的密钥对有问题 * @throws BadPaddingException 假如输入的加密的数据填充数据错误 * @throws IllegalBlockSizeException 假如输入的加密的数据字节数不是BlockSize的整数倍 * @throws ShortBufferException */ public static byte[] decryptByPublicKey(byte[] data, String key) throws NoSuchAlgorithmException, InvalidKeySpecException, InvalidKeyException, SignatureException, UnsupportedEncodingException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, ShortBufferException { // 对密钥解密 byte[] keyBytes = Base64ForServer.base64toByte(key); // 取得公钥 X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM); Key publicKey = keyFactory.generatePublic(x509KeySpec); // 对数据解密 Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return CipherUtil.process(cipher, 128, data); }
/** * 取得公钥 * * @param keyMap 密钥对Map * @return 公钥 * @throws UnsupportedEncodingException 假如用户的环境不支持UTF-8 */ public static String getPublicKey(Map<String, Object> keyMap) throws UnsupportedEncodingException { Key key = (Key) keyMap.get(PUBLIC_KEY); return Base64ForServer.byteToBase64(key.getEncoded()); }