RSA 算法私钥公钥生成和导入秘钥库步骤,加签名和验签 Java 代码

1)RSA私钥和公钥生成步骤

步骤一,生成JKS文件ecouponNotificationRsa.jks,别名为:ecoupon_notification_key,期限20年,jks证书密码123456,算法是RSA
keytool -genkeypair -keyalg RSA -keysize 2048 -validity 7300 -dname "CN=disney, OU=disney, O=disney, L=shanghai, ST=shanghai, C=CN" -alias ecoupon_notification_key -keystore myRsa.jks -storepass 123456

步骤二,查看JKS证书信息
keytool -list -v -keystore ecouponNotificationRsa.jks -storepass 123456

步骤三,根据 jks 私钥生成cer证书, cer证书密码设置为 555666
keytool -export -alias my_service_key -keystore myRsa.jks -storepass 555666 -file myRsaPublicKey.cer

步骤四,根据 cer 证书生成公钥,并将公钥导入到客户端秘钥库中(这一步是调用此service的对方app操作,需要借助第三步生成的cer证书)
keytool -import -alias ecoupon_notification_rsa_public_key -file myRsaPublicKey.cer -keystore ecoupon_notification_rsa_public_key.jks -storepass 555666

步骤五,将第一步生成好的jks证书的绝对路径地址配置到配置中心,例子如下
rsa.private.key.jks.path=/key/library/myRsa.jks
rsa.private.key.jks.password=123456
rsa.public.key.certificate.alias=my_service_key
rsa.public.key.certificate.password=555666

2)生成私钥 bean 和 公钥 bean,注入到 spring 容器

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;

@Slf4j
@Configuration
public class ConfigRsa {

    @Bean("keyStore")
    public KeyStore getKeyStore(
            @Value("${rsa.private.key.jks.path}") String privateKeyJksPath,
            @Value("${rsa.private.key.jks.password}") String privateKeyJksPassword
    ) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        try (FileInputStream fis = new FileInputStream(privateKeyJksPath)) {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(fis, privateKeyJksPassword.toCharArray());
            return keyStore;
        }
    }

    @Bean("privateKey")
    public PrivateKey getPrivateKey(
            @Qualifier("keyStore") KeyStore keyStore,
            @Value("${rsa.public.key.certificate.alias}") String publicKeyCertificateAlias,
            @Value("${rsa.public.key.certificate.password}") String publicKeyCertificatePassword
    ) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        return (PrivateKey) keyStore.getKey(publicKeyCertificateAlias, publicKeyCertificatePassword.toCharArray());
    }

    @Bean("publicKey")
    public PublicKey getPublicKey(
            @Qualifier("keyStore") KeyStore keyStore,
            @Value("${rsa.public.key.certificate.alias}") String publicKeyCertificateAlias
    ) throws KeyStoreException {
        return keyStore.getCertificate(publicKeyCertificateAlias).getPublicKey();
    }

}

3)自定义 RsaUtil 类去签名和验签

import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.util.Base64;

@Slf4j
@Component("rsaUtil")
public class RsaUtil {

    private static final String ALGORITHM = "SHA256withRSA"; // sign type: RSA2, refer doc: https://opendocs.alipay.com/open/291/106115
    @Autowired
    @Qualifier("privateKey")
    private PrivateKey privateKey;
    @Autowired
    @Qualifier("publicKey")
    private PublicKey publicKey;

    public String sign(String originalData) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(ALGORITHM);
        signature.initSign(privateKey);
        signature.update(originalData.getBytes());
        String signedData = java.util.Base64.getEncoder()
                .encodeToString(signature.sign()).replace("\r\n","").replace("\n","");
        return signedData;
    }

    public boolean verify(String originalData, String signedData) throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Signature signature = Signature.getInstance(ALGORITHM);
        signature.initVerify(publicKey);
        signature.update(originalData.getBytes());
        boolean isVerify = signature.verify(Base64.getDecoder().decode(signedData));
        return isVerify;
    }

}

 

 

 

end.

posted on 2021-04-29 15:59  梦幻朵颜  阅读(1140)  评论(0编辑  收藏  举报