签名——SHA256-RSA2048

生成私钥、公钥

$ openssl
OpenSSL>
OpenSSL>
OpenSSL> genrsa -out private_key.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
....................................+++++
......................................................+++++
e is 65537 (0x010001)
OpenSSL>
OpenSSL> rsa -in private_key.pem -pubout -out public_key.pem
writing RSA key
OpenSSL> exit

-rw-r--r-- 1 admin 197121 1702 Sep 22 08:16 private_key.pem

-rw-r--r-- 1 admin 197121  460 Sep 22 08:16 public_key.pem

 

#生成私钥
openssl genrsa -out private_key.pem 2048
生成公钥 openssl rsa
-in private_key.pem -pubout -out public_key.pem
#私钥转 PKCS#8 格式 openssl pkcs8
-topk8 -in private_key.pem -out private_key_pkcs8.pem -nocrypt

 

应用私钥对待签名串进行SHA256-RSA2048签名,并对签名结果进行Base64编码得到签名值。

 

Java类


package com.utils;

import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

/**
 * SHA256RSA 签名、验签
 */
public class Sha256RsaUtil {

    public static String sign(byte[] privateKeyBytes, String data) throws Exception {
        // 读取私钥文件
        byte[] keyBytes = privateKeyBytes;
       
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes);
       
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
       
PrivateKey privateKey = keyFactory.generatePrivate(keySpec);

       
// 对数据进行 SHA256-RSA2048 签名
        Signature signature = Signature.getInstance("SHA256withRSA");
       
signature.initSign(privateKey);
       
signature.update(data.getBytes(StandardCharsets.UTF_8));
       
byte[] signBytes = signature.sign();

       
// 对签名结果进行 Base64 编码
        return Base64.getEncoder().encodeToString(signBytes);
   
}

    public static boolean verify(byte[] publicKeyBytes, String responseData, String byteSignature) throws Exception {
        // 读取公钥文件
        byte[] keyBytes = publicKeyBytes;
       
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
       
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
       
PublicKey publicKey = keyFactory.generatePublic(keySpec);

       
// 分割应答数据
        String[] responseParts = responseData.split("\n");
       
String responseTimestamp = responseParts[0];
       
String responseNonceStr = responseParts[1];
       
String responseBody = responseParts[2];

       
// 构造待验签数据
        String unsignedString = responseTimestamp + "\n" + responseNonceStr + "\n" + responseBody;

       
// 解码签名值
        byte[] signBytes = Base64.getDecoder().decode(byteSignature.getBytes());

       
// 验证签名
        Signature signature = Signature.getInstance("SHA256withRSA");
       
signature.initVerify(publicKey);
       
signature.update(unsignedString.getBytes(StandardCharsets.UTF_8));
       
return signature.verify(signBytes);
   
}

}


posted @ 2023-09-22 19:54  会飞的斧头  阅读(990)  评论(0编辑  收藏  举报