Linux下實作加簽、驗簽
1.使用OpenSSL 生成公鑰和密鑰;
#用 OpenSSL, Linux 上自帶,常用指令如下:
#生成 RSA 私鑰(傳統格式的)
openssl genrsa -out rsa_private_key.pem 1024
#将傳統格式的私鑰轉換成 PKCS#8 格式的(JAVA需要使用的私鑰需要經過PKCS#8編碼,PHP程式不需要,可以直接略過)
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
#生成 RSA 公鑰
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
2.使用私鑰對檔案進行加簽、并驗證
#有明文檔案file.txt和RSA密鑰rsa_private_key.pem
#使用md5指令指定sha1算法,對file.txt進行簽名,生成簽名檔案sign1.txt
openssl md5 -sha512 -sign rsa_private_key.pem -out data_xinbao.tar.gz.sign data_xinbao.tar.gz
#使用md5指令指定sha1算法,對file.txt進行簽名,生成簽名檔案sign1.txt
openssl dgst -sha512 -sign rsa_private_key.pem -out data_xinbao.tar.gz.sign data_xinbao.tar.gz
#兩個簽名檔案一樣,說明兩個指令完成相同的功能
diff data_xinbao.tar.gz.sign data_xinbao1.tar.gz.sign
#使用RSA公鑰驗證簽名(verify參數),驗證成功
openssl md5 -verify rsa_public_key.pem -sha512 -signature data_xinbao1.tar.gz.sign data_xinbao.tar.gz
openssl dgst -verify rsa_public_key.pem -sha512 -signature data_xinbao.tar.gz.sign data_xinbao.tar.gz
3.檢視OpenSSL和幫助
#通過下面指令可以檢視openssl的參數說明
$ openssl dgst -
options are
-c to output the digest with separating colons
-r to output the digest in coreutils format
-d to output debug info
-hex output as hex dump
-binary output in binary form
-sign file sign digest using private key in file
-verify file verify a signature using public key in file
-prverify file verify a signature using private key in file
-keyform arg key file format (PEM or ENGINE)
-out filename output to filename rather than stdout
-signature file signature to verify
-sigopt nm:v signature parameter
-hmac key create hashed MAC with key
-mac algorithm create MAC (not neccessarily HMAC)
-macopt nm:v MAC algorithm parameters or key
-engine e use engine e, possibly a hardware device.
-md4 to use the md4 message digest algorithm
-md5 to use the md5 message digest algorithm
-ripemd160 to use the ripemd160 message digest algorithm
-sha to use the sha message digest algorithm
-sha1 to use the sha1 message digest algorithm
-sha224 to use the sha224 message digest algorithm
-sha256 to use the sha256 message digest algorithm
-sha384 to use the sha384 message digest algorithm
-sha512 to use the sha512 message digest algorithm
-whirlpool to use the whirlpool message digest algorithm
4.拿加簽的原檔案和加簽後的檔案使用Java代碼進行對比;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import java.io.*;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Date;
/**
* 對檔案加簽、驗簽工具類
* 生成私鑰:openssl genrsa -out rsa_private_key.pem 1024
* 私鑰還不能直接被使用,需要進行PKCS#8編碼:openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
* 根據私鑰生成公鑰:openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
* 使用私鑰sha512簽名:openssl dgst -sha512 -sign rsa_private_key.pem -out xx.tar.gz.sign xx.tar.gz
* 使用公鑰sha512驗簽:openssl dgst -verify rsa_public_key.pem -sha512 -signature xx.tar.gz.sign xx.tar.gz
* @author XIHONGLIE
* @date 2018-03-27
*/
public class RsaEncrypt {
/**
* rsa簽名
* @param data 待簽名的字元串
* @param priKey rsa私鑰字元串
* @return 簽名結果
* @throws Exception 簽名失敗則抛出異常
*/
public byte[] rsaSign(byte[] data, RSAPrivateKey priKey)
throws SignatureException {
try {
Signature signature = Signature.getInstance("SHA512withRSA");
signature.initSign(priKey);
signature.update(data);
byte[] signed = signature.sign();
return signed;
} catch (Exception e) {
throw new SignatureException("RSAcontent = " + data
+ "; charset = ", e);
}
}
/**
* rsa驗簽
* @param data 被簽名的内容
* @param sign 簽名後的結果
* @param pubKey rsa公鑰
* @return 驗簽結果
* @throws SignatureException 驗簽失敗,則抛異常
*/
public boolean verify(byte[] data, byte[] sign, RSAPublicKey pubKey)
throws SignatureException {
try {
Signature signature = Signature.getInstance("SHA512withRSA");
signature.initVerify(pubKey);
signature.update(data);
return signature.verify(sign);
} catch (Exception e) {
e.printStackTrace();
throw new SignatureException("RSA驗證簽名[content = " + data
+ "; charset = " + "; signature = " + sign + "]發生異常!", e);
}
}
/**
* 私鑰
*/
private RSAPrivateKey privateKey;
/**
* 公鑰
*/
private RSAPublicKey publicKey;
/**
* 位元組資料轉字元串專用集合
*/
private static final char[] HEX_CHAR = { '0', '1', '2', '3', '4', '5', '6',
'7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
/**
* 擷取私鑰
* @return 目前的私鑰對象
*/
public RSAPrivateKey getPrivateKey() {
return privateKey;
}
/**
* 擷取公鑰
* @return 目前的公鑰對象
*/
public RSAPublicKey getPublicKey() {
return publicKey;
}
/**
* 随機生成密鑰對
*/
public void genKeyPair() {
KeyPairGenerator keyPairGen = null;
try {
keyPairGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
keyPairGen.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGen.generateKeyPair();
this.privateKey = (RSAPrivateKey) keyPair.getPrivate();
this.publicKey = (RSAPublicKey) keyPair.getPublic();
}
/**
* 從.pem檔案中取得私鑰
* @param filePath 檔案路徑
* @return 私鑰
*/
public String getPrivateKeyFromFile(String filePath){
String strPrivateKey = "";
try {
BufferedReader privateKey = new BufferedReader(new FileReader(filePath));
String line = "";
while((line = privateKey.readLine()) != null){
strPrivateKey += line;
}
privateKey.close();
strPrivateKey = strPrivateKey.replace("-----BEGIN PRIVATE KEY-----","").replace("-----END PRIVATE KEY-----","");
}catch (Exception e){
e.printStackTrace();
}
return strPrivateKey;
}
/**
* 從.pem檔案中取得公鑰
* @param filePath 檔案路徑
* @return 公鑰
*/
public String getPublicKeyFromFile(String filePath){
String strPublicKey = "";
try {
BufferedReader publicKey = new BufferedReader(new FileReader(filePath));
String line = "";
while((line = publicKey.readLine()) != null){
strPublicKey += line;
}
publicKey.close();
strPublicKey = strPublicKey.replace("-----BEGIN PUBLIC KEY-----","").replace("-----END PUBLIC KEY-----","");
}catch (Exception e){
e.printStackTrace();
}
return strPublicKey;
}
/**
* 從字元串中加載公鑰
* @param publicKeyStr 公鑰資料字元串
* @throws Exception 加載公鑰時産生的異常
*/
public void loadPublicKey(String publicKeyStr) throws Exception {
try {
byte[] buffer = Base64Utils.decode(publicKeyStr);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(buffer);
this.publicKey = (RSAPublicKey) keyFactory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
throw new Exception("無此算法");
} catch (InvalidKeySpecException e) {
throw new Exception("公鑰非法");
}catch (NullPointerException e) {
throw new Exception("公鑰資料為空");
}
}
/**
* 加載私鑰
* @param privateKeyStr 私鑰檔案名
* @return 是否成功
* @throws Exception
*/
public void loadPrivateKey(String privateKeyStr) throws Exception {
try {
byte[] buffer = Base64Utils.decode(privateKeyStr);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(buffer);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
this.privateKey = (RSAPrivateKey) keyFactory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
throw new Exception("無此算法");
} catch (InvalidKeySpecException e) {
throw new Exception("私鑰非法");
} catch (NullPointerException e) {
throw new Exception("私鑰資料為空");
}
}
/**
* 加密過程
* @param publicKey 公鑰
* @param plainTextData 明文資料
* @return
* @throws Exception 加密過程中的異常資訊
*/
public byte[] encrypt(RSAPublicKey publicKey, byte[] plainTextData)
throws Exception {
if (publicKey == null) {
throw new Exception("加密公鑰為空, 請設定");
}
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] output = cipher.doFinal(plainTextData);
return output;
} catch (NoSuchAlgorithmException e) {
throw new Exception("無此加密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (InvalidKeyException e) {
throw new Exception("加密公鑰非法,請檢查");
} catch (IllegalBlockSizeException e) {
throw new Exception("明文長度非法");
} catch (BadPaddingException e) {
throw new Exception("明文資料已損壞");
}
}
/**
* 解密過程
* @param privateKey 私鑰
* @param cipherData 密文資料
* @return 明文
* @throws Exception 解密過程中的異常資訊
*/
public byte[] decrypt(RSAPrivateKey privateKey, byte[] cipherData)
throws Exception {
if (privateKey == null) {
throw new Exception("解密私鑰為空, 請設定");
}
Cipher cipher = null;
try {
cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] output = cipher.doFinal(cipherData);
return output;
} catch (NoSuchAlgorithmException e) {
throw new Exception("無此解密算法");
} catch (NoSuchPaddingException e) {
e.printStackTrace();
return null;
} catch (InvalidKeyException e) {
throw new Exception("解密私鑰非法,請檢查");
} catch (IllegalBlockSizeException e) {
throw new Exception("密文長度非法");
} catch (BadPaddingException e) {
throw new Exception("密文資料已損壞");
}
}
/**
* 位元組資料轉十六進制字元串
* @param data 輸入資料
* @return 十六進制内容
*/
public static String byteArrayToString(byte[] data) {
StringBuilder stringBuilder = new StringBuilder();
for (int i = 0; i < data.length; i++) {
// 取出位元組的高四位 作為索引得到相應的十六進制辨別符 注意無符号右移
stringBuilder.append(HEX_CHAR[(data[i] & 0xf0) >>> 4]);
// 取出位元組的低四位 作為索引得到相應的十六進制辨別符
stringBuilder.append(HEX_CHAR[(data[i] & 0x0f)]);
if (i < data.length - 1) {
stringBuilder.append(' ');
}
}
return stringBuilder.toString();
}
/**
* btye轉換hex函數
* @param byteArray
* @return
*/
public static String byteToHex(byte[] byteArray) {
StringBuffer strBuff = new StringBuffer();
for (int i = 0; i < byteArray.length; i++) {
if (Integer.toHexString(0xFF & byteArray[i]).length() == 1) {
strBuff.append("0").append(
Integer.toHexString(0xFF & byteArray[i]));
} else {
strBuff.append(Integer.toHexString(0xFF & byteArray[i]));
}
}
return strBuff.toString();
}
/**
* 以位元組為機關讀取檔案,常用于讀二進制檔案,如圖檔、聲音、影像等檔案。
*/
public static byte[] readFileByBytes(String fileName) {
File file = new File(fileName);
InputStream in = null;
byte[] txt = new byte[(int) file.length()];
try {
// 一次讀一個位元組
in = new FileInputStream(file);
int tempbyte;
int i = 0;
while ((tempbyte = in.read()) != -1) {
txt[i] = (byte) tempbyte;
i++;
}
in.close();
return txt;
} catch (IOException e) {
e.printStackTrace();
return txt;
}
}
/**
* Main 測試方法
* @param args
*/
public static void main(String[] args) {
RsaEncrypt rsaEncrypt = new RsaEncrypt();
try {
String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPTrsUJ26WDSEQwKuAJhQ6XTNHKl1/+bWeyKRQKb0jeCyuiChMxN/qYSgg2BvS2bP51Rb5P9/UE1Rxm5drr3RYNMDvQoXBuA+rHiUX3wkdXmWSaktVbfe5C95N5FCF2jyLMIuWmrMk6Wo3r5MXrCb54A6zU7SzO/r7F0VkpBh9KwIDAQAB";
rsaEncrypt.loadPublicKey(publicKey);
System.out.println("加載公鑰成功");
} catch (Exception e) {
System.err.println(e.getMessage());
System.err.println("加載公鑰失敗");
}
// 加載私鑰
try {
String privateKey = "MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAM9OuxQnbpYNIRDAq4AmFDpdM0cqXX/5tZ7IpFApvSN4LK6IKEzE3+phKCDYG9LZs/nVFvk/39QTVHGbl2uvdFg0wO9ChcG4D6seJRffCR1eZZJqS1Vt97kL3k3kUIXaPIswi5aasyTpajevkxesJvngDrNTtLM7+vsXRWSkGH0rAgMBAAECgYAlnFEQnP7RNlyTX4E95Kqy1AnjlWoVN8adoiU9bfUkpD7nA0jcdLNzIGFZZBvYKysd3m0ml1ISdddSLTpRjSl8K6O9dJDud3G9Oh3qCGgFflcKuKEXDnlaooX1sBrWF5vS0Gvg98x2C52Pnblm2eGVuTvCMaINDZLaamUlaFldMQJBAO3clhAIBJSWlm7Tt/a1d7+IbsGcS16Rk/N23DHg6LADXxIezxgSrpztSa5Nq81W5RC2WsotYYeRt+8KHsPRRn8CQQDfHa7A7hBTOT/V4FXTApuJUlReUh6cHWPsrxf/rUYKylK9WYBAJv1AZW9KaRtcadyu7ldNMb3MAsbE2vLoW2tVAkEAxhvLAF8tMXSapoO/3MMXkXbYiHjcbU9iooyEqSZhpven3ze51Jr6w8j+bSZTyRpufpTi2TEi4f8D6xvKs91BkQJBAKLS05xiX7GMfwSDQb7LEVzmo0FuJn6BiFHK+fWRqyLmwfkDHvAyQ/FB1TT1fY00iGN09msUWNFQWWSB8HEXfj0CQQCAJYV35rNJ781DXhBH5m1tq74zDNzAqynjm0hqhzlVMSHTYFIeU6SBnhk3swnfvJ8kgy3bQJtohYZ8Tuaz19VN";
rsaEncrypt.loadPrivateKey(privateKey);
System.out.println("加載私鑰成功");
} catch (Exception e) {
System.err.println(e.getMessage());
System.err.println("加載私鑰失敗");
}
// 測試字元串
String encryptStr = "12321dsfasf1321312fsfdsafsdafasfsadf";
try {
System.out.println(new Date());
// 加密
byte[] cipher = rsaEncrypt.encrypt(rsaEncrypt.getPublicKey(),
encryptStr.getBytes());
// 解密
byte[] plainText = rsaEncrypt.decrypt(rsaEncrypt.getPrivateKey(),
cipher);
System.out.println(new Date());
System.out.println(new String(plainText));
byte[] content = readFileByBytes("/data/zhnx/IN/data_xinbao.tar.gz");
// 簽名驗證
byte[] signbyte = rsaEncrypt.rsaSign(content, rsaEncrypt.getPrivateKey());
System.out.println("簽名-----:" + byteToHex(signbyte));
ByteUtil.saveFile(signbyte,"/data/zhnx/IN/","data_xinbao1.tar.gz.sign");
Boolean isok = rsaEncrypt.verify(content, signbyte, rsaEncrypt.getPublicKey());
System.out.println("驗證:" + isok);
// 讀取驗證檔案
byte[] read = readFileByBytes("/data/zhnx/IN/data_xinbao.tar.gz.sign");
System.out.println("讀取簽名檔案:" + byteToHex(read));
Boolean isfok = rsaEncrypt.verify(content, read, rsaEncrypt.getPublicKey());
System.out.println("檔案驗證2:" + isfok);
} catch (Exception e) {
System.err.println(e.getMessage());
}
}
}
import java.io.UnsupportedEncodingException;
/**
* Base64 加密解密工具類
* @author XIHONGLEI
* @date 2018-03-27
*/
public class Base64Utils {
private static char[] base64EncodeChars = new char[]
{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm',
'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5',
'6', '7', '8', '9', '+', '/'};
private static byte[] base64DecodeChars = new byte[]
{-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1,
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, 52, 53,
54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,
12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, -1, 26, 27, 28, 29,
30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1,
-1, -1, -1};
public static String encode(byte[] data) {
StringBuffer sb = new StringBuffer();
int len = data.length;
int i = 0;
int b1, b2, b3;
while (i < len) {
b1 = data[i++] & 0xff;
if (i == len) {
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[(b1 & 0x3) << 4]);
sb.append("==");
break;
}
b2 = data[i++] & 0xff;
if (i == len) {
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[(b2 & 0x0f) << 2]);
sb.append("=");
break;
}
b3 = data[i++] & 0xff;
sb.append(base64EncodeChars[b1 >>> 2]);
sb.append(base64EncodeChars[((b1 & 0x03) << 4) | ((b2 & 0xf0) >>> 4)]);
sb.append(base64EncodeChars[((b2 & 0x0f) << 2) | ((b3 & 0xc0) >>> 6)]);
sb.append(base64EncodeChars[b3 & 0x3f]);
}
return sb.toString();
}
public static byte[] decode(String str) {
try {
return decodePrivate(str);
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
return new byte[]
{};
}
private static byte[] decodePrivate(String str) throws UnsupportedEncodingException {
StringBuffer sb = new StringBuffer();
byte[] data = null;
data = str.getBytes("US-ASCII");
int len = data.length;
int i = 0;
int b1, b2, b3, b4;
while (i < len) {
do {
b1 = base64DecodeChars[data[i++]];
} while (i < len && b1 == -1);
if (b1 == -1) {
break;
}
do {
b2 = base64DecodeChars[data[i++]];
} while (i < len && b2 == -1);
if (b2 == -1) {
break;
}
sb.append((char) ((b1 << 2) | ((b2 & 0x30) >>> 4)));
do {
b3 = data[i++];
if (b3 == 61) {
return sb.toString().getBytes("iso8859-1");
}
b3 = base64DecodeChars[b3];
} while (i < len && b3 == -1);
if (b3 == -1) {
break;
}
sb.append((char) (((b2 & 0x0f) << 4) | ((b3 & 0x3c) >>> 2)));
do {
b4 = data[i++];
if (b4 == 61) {
return sb.toString().getBytes("iso8859-1");
}
b4 = base64DecodeChars[b4];
} while (i < len && b4 == -1);
if (b4 == -1) {
break;
}
sb.append((char) (((b3 & 0x03) << 6) | b4));
}
return sb.toString().getBytes("iso8859-1");
}
}
注:私鑰必須是通過pkcs8 進行編碼以後的;
import java.io.*;
/**
* byte數組工具類實作byte[]與檔案之間的互相轉換
* @author XIHONGLEI
* @Date 2018-03-26
*/
public class ByteUtil {
/**
* 獲得指定檔案的byte數組
*/
public static byte[] getBytes(String filePath){
byte[] buffer = null;
try {
File file = new File(filePath);
FileInputStream fis = new FileInputStream(file);
ByteArrayOutputStream bos = new ByteArrayOutputStream(1000);
byte[] b = new byte[1000];
int n;
while ((n = fis.read(b)) != -1) {
bos.write(b, 0, n);
}
fis.close();
bos.close();
buffer = bos.toByteArray();
} catch (FileNotFoundException e) {
e.printStackTrace();
} catch (IOException e) {
e.printStackTrace();
}
return buffer;
}
/**
* 根據byte數組,生成檔案
*/
public static void saveFile(byte[] bfile, String filePath,String fileName) {
BufferedOutputStream bos = null;
FileOutputStream fos = null;
File file = null;
try {
File dir = new File(filePath);
//判斷檔案目錄是否存在
if(!dir.exists()&&dir.isDirectory()){
dir.mkdirs();
}
file = new File(filePath+"\\"+fileName);
fos = new FileOutputStream(file);
bos = new BufferedOutputStream(fos);
bos.write(bfile);
} catch (Exception e) {
e.printStackTrace();
} finally {
if (bos != null) {
try {
bos.close();
} catch (IOException e1) {
e1.printStackTrace();
}
}
if (fos != null) {
try {
fos.close();
} catch (IOException e1) {
e1.printStackTrace();
}
}
}
}
}
5.驗證結果: