接下来我们介绍DSA数字签名非对称加密的另一种实现
DSA
DSADigital Signature Algorithm 是Schnorr和ElGamal签名算法的变种被美国NIST作为DSS(DigitalSignature Standard)简单的说这是一种更高级的验证方式用作数字签名不单单只有公钥私钥还有数字签名私钥加密生成数字签名公钥验证数据及签名如果数据和签名不匹配则认为验证失败!数字签名的作用就是校验数据在传输过程中不被修改数字签名是单向加密的升级!
通过java代码实现如下
import javasecurityKey;
import javasecurityKeyFactory;
import javasecurityKeyPair;
import javasecurityKeyPairGenerator;
import javasecurityPrivateKey;
import javasecurityPublicKey;
import javasecuritySecureRandom;
import javasecuritySignature;
import javasecurityinterfacesDSAPrivateKey;
import javasecurityinterfacesDSAPublicKey;
import javasecurityspecPKCSEncodedKeySpec;
import javasecurityspecXEncodedKeySpec;
import javautilHashMap;
import javautilMap;
/**
* DSA安全编码组件
*
* @author 梁栋
* @version
* @since
*/
public abstract class DSACoder extends Coder {
public static final String ALGORITHM = DSA;
/**
* 默认密钥字节数
*
* <pre>
* DSA
* Default Keysize
* Keysize must be a multiple of ranging from to (inclusive)
* </pre>
*/
private static final int KEY_SIZE = ;
/**
* 默认种子
*/
private static final String DEFAULT_SEED = fabbddddae;
private static final String PUBLIC_KEY = DSAPublicKey;
private static final String PRIVATE_KEY = DSAPrivateKey;
/**
* 用私钥对信息生成数字签名
*
* @param data
* 加密数据
* @param privateKey
* 私钥
*
* @return
* @throws Exception
*/
public static String sign(byte[] data String privateKey) throws Exception {
// 解密由base编码的私钥
byte[] keyBytes = decryptBASE(privateKey);
// 构造PKCSEncodedKeySpec对象
PKCSEncodedKeySpec pkcsKeySpec = new PKCSEncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactorygetInstance(ALGORITHM);
// 取私钥匙对象
PrivateKey priKey = keyFactorygeneratePrivate(pkcsKeySpec);
// 用私钥对信息生成数字签名
Signature signature = SignaturegetInstance(keyFactorygetAlgorithm());
signatureinitSign(priKey);
signatureupdate(data);
return encryptBASE(signaturesign());
}
/**
* 校验数字签名
*
* @param data
* 加密数据
* @param publicKey
* 公钥
* @param sign
* 数字签名
*
* @return 校验成功返回true 失败返回false
* @throws Exception
*
*/
public static boolean verify(byte[] data String publicKey String sign)
throws Exception {
// 解密由base编码的公钥
byte[] keyBytes = decryptBASE(publicKey);
// 构造XEncodedKeySpec对象
XEncodedKeySpec keySpec = new XEncodedKeySpec(keyBytes);
// ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactorygetInstance(ALGORITHM);
// 取公钥匙对象
PublicKey pubKey = keyFactorygeneratePublic(keySpec);
Signature signature = SignaturegetInstance(keyFactorygetAlgorithm());
signatureinitVerify(pubKey);
signatureupdate(data);
// 验证签名是否正常
return signatureverify(decryptBASE(sign));
}
/**
* 生成密钥
*
* @param seed
* 种子
* @return 密钥对象
* @throws Exception
*/
public static Map<String Object> initKey(String seed) throws Exception {
KeyPairGenerator keygen = KeyPairGeneratorgetInstance(ALGORITHM);
// 初始化随机产生器
SecureRandom secureRandom = new SecureRandom();
secureRandomsetSeed(seedgetBytes());
keygeninitialize(KEY_SIZE secureRandom);
KeyPair keys = keygengenKeyPair();
DSAPublicKey publicKey = (DSAPublicKey) keysgetPublic();
DSAPrivateKey privateKey = (DSAPrivateKey) keysgetPrivate();
Map<String Object> map = new HashMap<String Object>();
mapput(PUBLIC_KEY publicKey);
mapput(PRIVATE_KEY privateKey);
return map;
}
/**
* 默认生成密钥
*
* @return 密钥对象
* @throws Exception
*/
public static Map<String Object> initKey() throws Exception {
return initKey(DEFAULT_SEED);
}
/**
* 取得私钥
*
* @param keyMap
* @return
* @throws Exception
*/
public static String getPrivateKey(Map<String Object> keyMap)
throws Exception {
Key key = (Key) keyMapget(PRIVATE_KEY);
return encryptBASE(keygetEncoded());
}
/**
* 取得公钥
*
* @param keyMap
* @return
* @throws Exception
*/
public static String getPublicKey(Map<String Object> keyMap)
throws Exception {
Key key = (Key) keyMapget(PUBLIC_KEY);
return encryptBASE(keygetEncoded());
}
}
再给出一个测试类
import static orgjunitAssert*;
import javautilMap;
import orgjunitTest;
/**
*
* @author 梁栋
* @version
* @since
*/
public class DSACoderTest {
@Test
public void test() throws Exception {
String inputStr = abc;
byte[] data = inputStrgetBytes();
// 构建密钥
Map<String Object> keyMap = DSACoderinitKey();
// 获得密钥
String publicKey = DSACodergetPublicKey(keyMap);
String privateKey = DSACodergetPrivateKey(keyMap);
Systemerrprintln(公钥:\r + publicKey);
Systemerrprintln(私钥:\r + privateKey);
// 产生签名
String sign = DSACodersign(data privateKey);
Systemerrprintln(签名:\r + sign);
// 验证签名
boolean status = DSACoderverify(data publicKey sign);
Systemerrprintln(状态:\r + status);
assertTrue(status);
}
控制台输出
公钥:
MIIBtzCCASwGByqGSMBAEwggEfAoGBAP/UEddRIpUtKnCsOfEbdSPOEAMMePCUSZp
RVAIlHWTNWPq/xfWMPbLmVsEgBb/JmYLdrmVClpJ+fARECLCTup/xhvOfn
xqimFQE+PUewwIVBNaFpEynXzrithyrviIDGZRSAHHAhUAlBQjxUjCyykrmCouuE
C/BYHPUCgYEA+GghdabPdLvKtcNrhXuXmUrvOuqC+VdMCzHgmdRWVeOutRZT+ZxBxCBgLRJ
FnEjEwoFhOzwkyjMimTwWeotUfIoKOuHiuzpnWRbqN/C/ohNWLx+JASQzKTxvqhRkImo
g/hWuWfBpKLZlAeUlZAFMO/PSSoDgYQAAoGAIuRUlcQLpPIMrbssOY+uySVnpTULSv
TVaHoKzsLHgGTrwOvsGA+VyCNlWDuDbSLFliTWgOj+SMOEaPkVyRTlLXZWGPsfMfd
XAbMeVyKDSHHVGbMjBScajfbXooYQMlyoHiOt/WrCo+mvefstMMPGo=
私钥:
MIIBTAIBADCCASwGByqGSMBAEwggEfAoGBAP/UEddRIpUtKnCsOfEbdSPOEAMMePC
USZpRVAIlHWTNWPq/xfWMPbLmVsEgBb/JmYLdrmVClpJ+fARECLCTup/xhv
OfnxqimFQE+PUewwIVBNaFpEynXzrithyrviIDGZRSAHHAhUAlBQjxUjCyykrmC
ouuEC/BYHPUCgYEA+GghdabPdLvKtcNrhXuXmUrvOuqC+VdMCzHgmdRWVeOutRZT+ZxBxCB
gLRJFnEjEwoFhOzwkyjMimTwWeotUfIoKOuHiuzpnWRbqN/C/ohNWLx+JASQzKTxvqhR
kImog/hWuWfBpKLZlAeUlZAFMO/PSSoEFwIVAIegLUtmmoQKQJTOiLugHTSjl/q
签名:
MCCFQCMgJ/uZmFGuRprTNqwnDwIUJCyYNah+HtbUNcQfyAcLeLQs=
状态:
true
