Java教程:使用RSA2算法生成公私钥与签名验签(Base64传输方式)
说明:
RSA2是在原来SHA1WithRSA签名算法的基础上,新增了支持SHA256WithRSA的签名算法,该算法在摘要算法上比SHA1WithRSA有更强的安全能力,官方建议使用SHA256WithRSA的签名算法,接下来就来讲一下如何使用rsa2进行签名验签与公私钥生成。
1,导入pom
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.10</version>
</dependency>
2、源码
/**
* RSA2工具
*
* @author wfeil211@foxmail.com
*/
public class RSA2Util {
// 算法类别
private final static String SIGN_TYPE = "RSA";
// 算法位数
private final static Integer KEY_SIZE = 2048;
/**
* 生成公私钥
*/
public Map<String, String> getPublicPrivateKey() {
Map<String, String> pubPriKey = new HashMap<>();
KeyPair keyPair = KeyUtil.generateKeyPair(SIGN_TYPE, KEY_SIZE);
String publicKeyStr = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());
String privateKeyStr = Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded());
pubPriKey.put("publicKey", publicKeyStr);
pubPriKey.put("privateKey", privateKeyStr);
return pubPriKey;
}
/**
* 签名
*/
public static String sign256(byte[] signData, String priKey) {
try {
byte[] keyBytes = Base64.getDecoder().decode(priKey);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(SIGN_TYPE);
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
Signature si = Signature.getInstance(SignAlgorithm.SHA256withRSA.getValue());
si.initSign(privateKey);
si.update(signData);
byte[] sign = si.sign();
return Base64.getEncoder().encodeToString(sign);
} catch (Exception e) {
throw new RuntimeException(e.getMessage());
}
}
/**
* 验签
*/
public static boolean verify256(byte[] dataBytes, String sign, String pubkey) {
boolean flag = false;
try {
byte[] signByte = Base64.getDecoder().decode(sign);
byte[] encodedKey = Base64.getDecoder().decode(pubkey);
Signature verf = Signature.getInstance(SignAlgorithm.SHA256withRSA.getValue());
KeyFactory keyFac = KeyFactory.getInstance(SIGN_TYPE);
PublicKey puk = keyFac.generatePublic(new X509EncodedKeySpec(encodedKey));
verf.initVerify(puk);
verf.update(dataBytes);
flag = verf.verify(signByte);
} catch (Exception e) {
throw new RuntimeException(e.getMessage());
}
return flag;
}
}