数字证书
构建数字证书:
keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 36000 -alias www.lex.org -keystore lex.keystore
或者:
keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA1withRSA -validity 36000 -alias www.zlex.org -keystore -dname "CN=www.zlex.org, OU=zlex, O=zlex,
L=BJ, ST=BJ, C=CN"
-dname <dname> 唯一判别名,不解??????
导出数字证书:
keytool -exportcert -alias www.lex.org -keystore lex.keystore -file zlex.cer -rfc
//打印证书
keytool -printcert -file zlex.cer
密钥库管理私钥,数字证书管理公钥。
所谓的签名,是对数据进行签名,然后保存,让对方再进行验证。
public class CertificateCoder
{
//证书类型
public static final String CERT_TYPE= "X.509";
//加载密钥库
private static KeyStore
getKeyStore(String keyStorePath,String passWord) throws Exception{
//实例化密钥库
KeyStore ks=KeyStore. getInstance(KeyStore.getDefaultType());
//获得密钥库流
FileInputStream fis= new FileInputStream(keyStorePath);
//加载密钥库
ks.load(fis,passWord.toCharArray());
fis.close();
return ks;
}
//获取私钥
private static PrivateKey
getPrivateKeyByKeyStore(String keyStorePath,String alias,String passWord) throws Exception{
//获取密钥库
KeyStore ks= getKeyStore(keyStorePath,passWord);
//获取私钥
return (PrivateKey)
ks.getKey(alias, passWord.toCharArray());
}
//获取证书
private static Certificate
getCertificate(String keyStorePath,String alias,String password) throws Exception{
KeyStore keyStore= getKeyStore(keyStorePath,password);
//获取证书
return keyStore.getCertificate(alias);
}
//加载数字证书
private static Certificate
getCertificate(String certificatePath) throws Exception{
CertificateFactory certFactory=CertificateFactory.getInstance( CERT_TYPE);//证书类型
//取得证书流
FileInputStream fis= new FileInputStream(certificatePath);
//生成证书
Certificate certificate=(Certificate) certFactory.generateCertificate(fis);
//关闭证书文件流
fis.close();
return certificate;
}
//获取公钥
private static PublicKey
getPublicKeyByCertificate(String certificatePath) throws Exception{
//获取证书
Certificate certificate= getCertificate(certificatePath);
return certificate.getPublicKey();
}
//私钥加密
public static byte[]
encryptByPrivateKey(byte[] data,String
keyStorePath,String alias,String password) throws Exception{
//取得私钥
PrivateKey privateKey= getPrivateKeyByKeyStore(keyStorePath, alias,
password);
//对数据加密
Cipher cipher=Cipher. getInstance(privateKey.getAlgorithm());
cipher.init(Cipher. ENCRYPT_MODE,
privateKey);
return cipher.doFinal(data);
}
//私钥解密
public static byte[]
decryptByPrivateKey(byte[] data,String
keyStorePath,String alias,String password) throws Exception{
//取得私钥
PrivateKey privateKey= getPrivateKeyByKeyStore(keyStorePath, alias,
password);
//对数据加密
Cipher cipher=Cipher. getInstance(privateKey.getAlgorithm());
cipher.init(Cipher. DECRYPT_MODE,
privateKey);
return cipher.doFinal(data);
}
//公钥加密
public static byte[]
encryptByPublicKey(byte[] data,String
certificatePath) throws Exception{
//取得公钥
PublicKey pubKey= getPublicKeyByCertificate(certificatePath);
//对数据加密
Cipher cipher=Cipher. getInstance(pubKey.getAlgorithm());
cipher.init(Cipher. ENCRYPT_MODE,
pubKey);
return cipher.doFinal(data);
}
//公钥解密
public static byte[]
decryptByPublicKey(byte[] data,String
certificatePath) throws Exception{
//取得公钥
PublicKey pubKey= getPublicKeyByCertificate(certificatePath);
//对数据加密
Cipher cipher=Cipher. getInstance(pubKey.getAlgorithm());
cipher.init(Cipher. DECRYPT_MODE,
pubKey);
return cipher.doFinal(data);
}
//签名
public static byte[]
sign(byte[] data,String keyStorePath,String
alias,String password) throws Exception{
//获取证书
X509Certificate X509Cert=(X509Certificate)getCertificate(keyStorePath,
alias, password);
//构建签名,由证书指定签名算法
Signature signature= Signature.getInstance(X509Cert.getSigAlgName());
//获取私钥
PrivateKey priKey=getPrivateKeyByKeyStore(keyStorePath,alias,password);
//初始化签名,由私钥构造
signature.initSign(priKey);
signature.update(data);
return signature.sign();
}
//验证签名
public static boolean Verify(byte[]
data, byte[] sign,String certificatePath) throws Exception{
X509Certificate x509Cer=(X509Certificate)getCertificate(certificatePath);
//由证书构建签名
Signature sig=Signature. getInstance(x509Cer.getSigAlgName());
//由证书初始化签名,实际上使用了证书中的公钥
sig.initVerify(x509Cer);
sig.update(data);
return sig.verify(sign);
}
public static void main(String[]
args) throws Exception {
// TODO Auto-generated
method stub
String password= "111111";
String alias= "www.lex.org";
String certificatePath= "E:/ACM/zlex.cer";
String keyStorePath= "E:/ACM/lex.keystore";
System. out.println("公钥加密,私钥解密" );
String inputStr= "数字证书" ;
byte[]
data=inputStr.getBytes();
//公钥加密
byte[]
encrypt=encryptByPublicKey(data, certificatePath);
//私钥解密
byte[] decrypt=decryptByPrivateKey(encrypt,
keyStorePath, alias, password);
String outputStr= new String(decrypt);
System. out.println("加密前:\n" +inputStr);
System. out.println("加密后:\n" +outputStr);
assertArrayEquals(data,decrypt);
String inputStr1= "签名";
byte[]
data2=inputStr1.getBytes();
System. err.println("私钥签名--公钥验证" );
//产生签名
byte[]
sign=sign(data2, keyStorePath, alias, password);
System. err.println("签名:\n" +Hex.encodeHexString (sign));
//验证签名
boolean status=Verify(data2,
sign, certificatePath);
System. err.println("签名状态:\n" +status);
}
}