本文中的Base64Utils.java在其他随笔中已经贴出。Java证书生成命令如下,不做过多解释,可先到网上查询下资料,本文仅提供工具类代码:
把生成的密钥库和证书都放到类的同包下。
keytool -validity 365 -genkey -v -alias www.asdc.com.cn -keyalg RSA -keystore D:\key\asdc.keystore -dname "CN=172.25.67.98,OU=stos,O=asdc,L=Haidian,ST=Beijing,c=cn" -storepass 123456 -keypass 123456
keytool -export -v -alias www.asdc.com.cn -keystore D:\key\asdc.keystore -storepass 123456 -rfc -file D:\key\asdc.cer
keytool -export -v -alias www.asdc.com.cn -keystore D:\key\asdc.keystore -storepass 123456 -rfc -file D:\key\asdc.cer
CertificateUtils.java
import java.io.ByteArrayOutputStream; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.InputStream; import java.io.OutputStream; import java.nio.MappedByteBuffer; import java.nio.channels.FileChannel; import java.security.KeyStore; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Date; import javax.crypto.Cipher; /** * <p> * 数字签名/加密解密工具包 * </p> * * @author IceWee * @date 2012-4-26 * @version 1.0 */ public class CertificateUtils { /** * Java密钥库(Java 密钥库,JKS)KEY_STORE */ public static final String KEY_STORE = "JKS"; public static final String X509 = "X.509"; /** * 文件读取缓冲区大小 */ private static final int CACHE_SIZE = 2048; /** * 最大文件加密块 */ private static final int MAX_ENCRYPT_BLOCK = 117; /** * 最大文件解密块 */ private static final int MAX_DECRYPT_BLOCK = 128; /** * <p> * 根据密钥库获得私钥 * </p> * * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ private static PrivateKey getPrivateKey(String keyStorePath, String alias, String password) throws Exception { KeyStore keyStore = getKeyStore(keyStorePath, password); PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); return privateKey; } /** * <p> * 获得密钥库 * </p> * * @param keyStorePath 密钥库存储路径 * @param password 密钥库密码 * @return * @throws Exception */ private static KeyStore getKeyStore(String keyStorePath, String password) throws Exception { FileInputStream in = new FileInputStream(keyStorePath); KeyStore keyStore = KeyStore.getInstance(KEY_STORE); keyStore.load(in, password.toCharArray()); in.close(); return keyStore; } /** * <p> * 根据证书获得公钥 * </p> * * @param certificatePath 证书存储路径 * @return * @throws Exception */ private static PublicKey getPublicKey(String certificatePath) throws Exception { Certificate certificate = getCertificate(certificatePath); PublicKey publicKey = certificate.getPublicKey(); return publicKey; } /** * <p> * 获得证书 * </p> * * @param certificatePath 证书存储路径 * @return * @throws Exception */ private static Certificate getCertificate(String certificatePath) throws Exception { CertificateFactory certificateFactory = CertificateFactory.getInstance(X509); FileInputStream in = new FileInputStream(certificatePath); Certificate certificate = certificateFactory.generateCertificate(in); in.close(); return certificate; } /** * <p> * 根据密钥库获得证书 * </p> * * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ private static Certificate getCertificate(String keyStorePath, String alias, String password) throws Exception { KeyStore keyStore = getKeyStore(keyStorePath, password); Certificate certificate = keyStore.getCertificate(alias); return certificate; } /** * <p> * 私钥加密 * </p> * * @param data 源数据 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String alias, String password) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password); Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); int inputLen = data.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段加密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK); } else { cache = cipher.doFinal(data, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_ENCRYPT_BLOCK; } byte[] encryptedData = out.toByteArray(); out.close(); return encryptedData; } /** * <p> * 文件私钥加密 * </p> * <p> * 过大的文件可能会导致内存溢出 * </> * * @param filePath 文件路径 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static byte[] encryptFileByPrivateKey(String filePath, String keyStorePath, String alias, String password) throws Exception { byte[] data = fileToByte(filePath); return encryptByPrivateKey(data, keyStorePath, alias, password); } /** * <p> * 文件加密 * </p> * * @param srcFilePath 源文件 * @param destFilePath 加密后文件 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @throws Exception */ public static void encryptFileByPrivateKey(String srcFilePath, String destFilePath, String keyStorePath, String alias, String password) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password); Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); File srcFile = new File(srcFilePath); FileInputStream in = new FileInputStream(srcFile); File destFile = new File(destFilePath); if (!destFile.getParentFile().exists()) { destFile.getParentFile().mkdirs(); } destFile.createNewFile(); OutputStream out = new FileOutputStream(destFile); byte[] data = new byte[MAX_ENCRYPT_BLOCK]; byte[] encryptedData; // 加密块 while (in.read(data) != -1) { encryptedData = cipher.doFinal(data); out.write(encryptedData, 0, encryptedData.length); out.flush(); } out.close(); in.close(); } /** * <p> * 文件加密成BASE64编码的字符串 * </p> * * @param filePath 文件路径 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static String encryptFileToBase64ByPrivateKey(String filePath, String keyStorePath, String alias, String password) throws Exception { byte[] encryptedData = encryptFileByPrivateKey(filePath, keyStorePath, alias, password); return Base64Utils.encode(encryptedData); } /** * <p> * 私钥解密 * </p> * * @param encryptedData 已加密数据 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static byte[] decryptByPrivateKey(byte[] encryptedData, String keyStorePath, String alias, String password) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password); Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); // 解密byte数组最大长度限制: 128 int inputLen = encryptedData.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段解密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK); } else { cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_DECRYPT_BLOCK; } byte[] decryptedData = out.toByteArray(); out.close(); return decryptedData; } /** * <p> * 公钥加密 * </p> * * @param data 源数据 * @param certificatePath 证书存储路径 * @return * @throws Exception */ public static byte[] encryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得公钥 PublicKey publicKey = getPublicKey(certificatePath); Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); int inputLen = data.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段加密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(data, offSet, MAX_ENCRYPT_BLOCK); } else { cache = cipher.doFinal(data, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_ENCRYPT_BLOCK; } byte[] encryptedData = out.toByteArray(); out.close(); return encryptedData; } /** * <p> * 公钥解密 * </p> * * @param encryptedData 已加密数据 * @param certificatePath 证书存储路径 * @return * @throws Exception */ public static byte[] decryptByPublicKey(byte[] encryptedData, String certificatePath) throws Exception { PublicKey publicKey = getPublicKey(certificatePath); Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); int inputLen = encryptedData.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offSet = 0; byte[] cache; int i = 0; // 对数据分段解密 while (inputLen - offSet > 0) { if (inputLen - offSet > MAX_DECRYPT_BLOCK) { cache = cipher.doFinal(encryptedData, offSet, MAX_DECRYPT_BLOCK); } else { cache = cipher.doFinal(encryptedData, offSet, inputLen - offSet); } out.write(cache, 0, cache.length); i++; offSet = i * MAX_DECRYPT_BLOCK; } byte[] decryptedData = out.toByteArray(); out.close(); return decryptedData; } /** * <p> * 文件解密 * </p> * * @param srcFilePath 源文件 * @param destFilePath 目标文件 * @param certificatePath 证书存储路径 * @throws Exception */ public static void decryptFileByPublicKey(String srcFilePath, String destFilePath, String certificatePath) throws Exception { PublicKey publicKey = getPublicKey(certificatePath); Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); File srcFile = new File(srcFilePath); FileInputStream in = new FileInputStream(srcFile); File destFile = new File(destFilePath); if (!destFile.getParentFile().exists()) { destFile.getParentFile().mkdirs(); } destFile.createNewFile(); OutputStream out = new FileOutputStream(destFile); byte[] data = new byte[MAX_DECRYPT_BLOCK]; byte[] decryptedData; // 解密块 while (in.read(data) != -1) { decryptedData = cipher.doFinal(data); out.write(decryptedData, 0, decryptedData.length); out.flush(); } out.close(); in.close(); } /** * <p> * 生成数据签名 * </p> * * @param data 源数据 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static byte[] sign(byte[] data, String keyStorePath, String alias, String password) throws Exception { // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password); // 获取私钥 KeyStore keyStore = getKeyStore(keyStorePath, password); // 取得私钥 PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); // 构建签名 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); signature.initSign(privateKey); signature.update(data); return signature.sign(); } /** * <p> * 生成数据签名并以BASE64编码 * </p> * * @param data 源数据 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static String signToBase64(byte[] data, String keyStorePath, String alias, String password) throws Exception { return Base64Utils.encode(sign(data, keyStorePath, alias, password)); } /** * <p> * 生成文件数据签名(BASE64) * </p> * <p> * 需要先将文件私钥加密,再根据加密后的数据生成签名(BASE64),适用于小文件 * </p> * * @param filePath 源文件 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ public static String signFileToBase64WithEncrypt(String filePath, String keyStorePath, String alias, String password) throws Exception { byte[] encryptedData = encryptFileByPrivateKey(filePath, keyStorePath, alias, password); return signToBase64(encryptedData, keyStorePath, alias, password); } /** * <p> * 生成文件签名 * </p> * <p> * 注意:<br> * 方法中使用了FileChannel,其巨大Bug就是不会释放文件句柄,导致签名的文件无法操作(移动或删除等)<br> * 该方法已被generateFileSign取代 * </p> * * @param filePath 文件路径 * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return * @throws Exception */ @Deprecated public static byte[] signFile(String filePath, String keyStorePath, String alias, String password) throws Exception { byte[] sign = new byte[0]; // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password); // 获取私钥 KeyStore keyStore = getKeyStore(keyStorePath, password); // 取得私钥 PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); // 构建签名 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); signature.initSign(privateKey); File file = new File(filePath); if (file.exists()) { FileInputStream in = new FileInputStream(file); FileChannel fileChannel = in.getChannel(); MappedByteBuffer byteBuffer = fileChannel.map(FileChannel.MapMode.READ_ONLY, 0, file.length()); signature.update(byteBuffer); fileChannel.close(); in.close(); sign = signature.sign(); } return sign; } /** * <p> * 生成文件数字签名 * </p> * * <p> * <b>注意:</b><br> * 生成签名时update的byte数组大小和验证签名时的大小应相同,否则验证无法通过 * </p> * * @param filePath * @param keyStorePath * @param alias * @param password * @return * @throws Exception */ public static byte[] generateFileSign(String filePath, String keyStorePath, String alias, String password) throws Exception { byte[] sign = new byte[0]; // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password); // 获取私钥 KeyStore keyStore = getKeyStore(keyStorePath, password); // 取得私钥 PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, password.toCharArray()); // 构建签名 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); signature.initSign(privateKey); File file = new File(filePath); if (file.exists()) { FileInputStream in = new FileInputStream(file); byte[] cache = new byte[CACHE_SIZE]; int nRead = 0; while ((nRead = in.read(cache)) != -1) { signature.update(cache, 0, nRead); } in.close(); sign = signature.sign(); } return sign; } /** * <p> * 文件签名成BASE64编码字符串 * </p> * * @param filePath * @param keyStorePath * @param alias * @param password * @return * @throws Exception */ public static String signFileToBase64(String filePath, String keyStorePath, String alias, String password) throws Exception { return Base64Utils.encode(generateFileSign(filePath, keyStorePath, alias, password)); } /** * <p> * 验证签名 * </p> * * @param data 已加密数据 * @param sign 数据签名[BASE64] * @param certificatePath 证书存储路径 * @return * @throws Exception */ public static boolean verifySign(byte[] data, String sign, String certificatePath) throws Exception { // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath); // 获得公钥 PublicKey publicKey = x509Certificate.getPublicKey(); // 构建签名 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); signature.initVerify(publicKey); signature.update(data); return signature.verify(Base64Utils.decode(sign)); } /** * <p> * 校验文件完整性 * </p> * <p> * 鉴于FileChannel存在的巨大Bug,该方法已停用,被validateFileSign取代 * </p> * * @param filePath 文件路径 * @param sign 数据签名[BASE64] * @param certificatePath 证书存储路径 * @return * @throws Exception */ @Deprecated public static boolean verifyFileSign(String filePath, String sign, String certificatePath) throws Exception { boolean result = false; // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath); // 获得公钥 PublicKey publicKey = x509Certificate.getPublicKey(); // 构建签名 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); signature.initVerify(publicKey); File file = new File(filePath); if (file.exists()) { byte[] decodedSign = Base64Utils.decode(sign); FileInputStream in = new FileInputStream(file); FileChannel fileChannel = in.getChannel(); MappedByteBuffer byteBuffer = fileChannel.map(FileChannel.MapMode.READ_ONLY, 0, file.length()); signature.update(byteBuffer); in.close(); result = signature.verify(decodedSign); } return result; } /** * <p> * 校验文件签名 * </p> * * @param filePath * @param sign * @param certificatePath * @return * @throws Exception */ public static boolean validateFileSign(String filePath, String sign, String certificatePath) throws Exception { boolean result = false; // 获得证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath); // 获得公钥 PublicKey publicKey = x509Certificate.getPublicKey(); // 构建签名 Signature signature = Signature.getInstance(x509Certificate.getSigAlgName()); signature.initVerify(publicKey); File file = new File(filePath); if (file.exists()) { byte[] decodedSign = Base64Utils.decode(sign); FileInputStream in = new FileInputStream(file); byte[] cache = new byte[CACHE_SIZE]; int nRead = 0; while ((nRead = in.read(cache)) != -1) { signature.update(cache, 0, nRead); } in.close(); result = signature.verify(decodedSign); } return result; } /** * <p> * BASE64解码->签名校验 * </p> * * @param base64String BASE64编码字符串 * @param sign 数据签名[BASE64] * @param certificatePath 证书存储路径 * @return * @throws Exception */ public static boolean verifyBase64Sign(String base64String, String sign, String certificatePath) throws Exception { byte[] data = Base64Utils.decode(base64String); return verifySign(data, sign, certificatePath); } /** * <p> * BASE64解码->公钥解密-签名校验 * </p> * * * @param base64String BASE64编码字符串 * @param sign 数据签名[BASE64] * @param certificatePath 证书存储路径 * @return * @throws Exception */ public static boolean verifyBase64SignWithDecrypt(String base64String, String sign, String certificatePath) throws Exception { byte[] encryptedData = Base64Utils.decode(base64String); byte[] data = decryptByPublicKey(encryptedData, certificatePath); return verifySign(data, sign, certificatePath); } /** * <p> * 文件公钥解密->签名校验 * </p> * * @param encryptedFilePath 加密文件路径 * @param sign 数字证书[BASE64] * @param certificatePath * @return * @throws Exception */ public static boolean verifyFileSignWithDecrypt(String encryptedFilePath, String sign, String certificatePath) throws Exception { byte[] encryptedData = fileToByte(encryptedFilePath); byte[] data = decryptByPublicKey(encryptedData, certificatePath); return verifySign(data, sign, certificatePath); } /** * <p> * 校验证书当前是否有效 * </p> * * @param certificate 证书 * @return */ public static boolean verifyCertificate(Certificate certificate) { return verifyCertificate(new Date(), certificate); } /** * <p> * 验证证书是否过期或无效 * </p> * * @param date 日期 * @param certificate 证书 * @return */ public static boolean verifyCertificate(Date date, Certificate certificate) { boolean isValid = true; try { X509Certificate x509Certificate = (X509Certificate) certificate; x509Certificate.checkValidity(date); } catch (Exception e) { isValid = false; } return isValid; } /** * <p> * 验证数字证书是在给定的日期是否有效 * </p> * * @param date 日期 * @param certificatePath 证书存储路径 * @return */ public static boolean verifyCertificate(Date date, String certificatePath) { Certificate certificate; try { certificate = getCertificate(certificatePath); return verifyCertificate(certificate); } catch (Exception e) { e.printStackTrace(); return false; } } /** * <p> * 验证数字证书是在给定的日期是否有效 * </p> * * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return */ public static boolean verifyCertificate(Date date, String keyStorePath, String alias, String password) { Certificate certificate; try { certificate = getCertificate(keyStorePath, alias, password); return verifyCertificate(certificate); } catch (Exception e) { e.printStackTrace(); return false; } } /** * <p> * 验证数字证书当前是否有效 * </p> * * @param keyStorePath 密钥库存储路径 * @param alias 密钥库别名 * @param password 密钥库密码 * @return */ public static boolean verifyCertificate(String keyStorePath, String alias, String password) { return verifyCertificate(new Date(), keyStorePath, alias, password); } /** * <p> * 验证数字证书当前是否有效 * </p> * * @param certificatePath 证书存储路径 * @return */ public static boolean verifyCertificate(String certificatePath) { return verifyCertificate(new Date(), certificatePath); } /** * <p> * 文件转换为byte数组 * </p> * * @param filePath 文件路径 * @return * @throws Exception */ public static byte[] fileToByte(String filePath) throws Exception { byte[] data = new byte[0]; File file = new File(filePath); if (file.exists()) { FileInputStream in = new FileInputStream(file); ByteArrayOutputStream out = new ByteArrayOutputStream(2048); byte[] cache = new byte[CACHE_SIZE]; int nRead = 0; while ((nRead = in.read(cache)) != -1) { out.write(cache, 0, nRead); out.flush(); } out.close(); in.close(); data = out.toByteArray(); } return data; } /** * <p> * 二进制数据写文件 * </p> * * @param bytes 二进制数据 * @param filePath 文件生成目录 */ public static void byteArrayToFile(byte[] bytes, String filePath) throws Exception { InputStream in = new ByteArrayInputStream(bytes); File destFile = new File(filePath); if (!destFile.getParentFile().exists()) { destFile.getParentFile().mkdirs(); } destFile.createNewFile(); OutputStream out = new FileOutputStream(destFile); byte[] cache = new byte[CACHE_SIZE]; int nRead = 0; while ((nRead = in.read(cache)) != -1) { out.write(cache, 0, nRead); out.flush(); } out.close(); in.close(); } }
CertificateTester.java
package security; import static org.junit.Assert.assertArrayEquals; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; public class CertificateTester { private static final String KEY_STORE_NAME = "asdc.keystore"; private static final String CERTIFICATE_NAME = "asdc.cer"; private static final String password = "123456"; private static final String alias = "www.asdc.com.cn"; private static String certificatePath; private static String keyStorePath; static { String currentDir = CertificateTester.class.getResource("").getPath(); if (currentDir.startsWith("/")) currentDir = currentDir.substring(1); if (!currentDir.endsWith("/")) currentDir += "/"; keyStorePath = currentDir + KEY_STORE_NAME; certificatePath = currentDir + CERTIFICATE_NAME; } public static void main(String[] args) throws Exception { simple(); simpleSign(); testFileSign(); } static void simple() throws Exception { System.err.println("公钥加密——私钥解密"); String source = "这是一行没有任何意义的文字,你看完了等于没看,不是吗?"; byte[] data = source.getBytes(); byte[] encrypt = CertificateUtils.encryptByPublicKey(data, certificatePath); byte[] decrypt = CertificateUtils.decryptByPrivateKey(encrypt, keyStorePath, alias, password); String outputStr = new String(decrypt); System.out.println("加密前: \r\n" + source + "\r\n" + "解密后: \r\n" + outputStr); // 验证数据一致 assertArrayEquals(data, decrypt); // 验证证书有效 assertTrue(CertificateUtils.verifyCertificate(certificatePath)); } static void simpleSign() throws Exception { System.err.println("私钥加密——公钥解密"); String source = "这是一行签名的测试文字"; byte[] data = source.getBytes(); byte[] encodedData = CertificateUtils.encryptByPrivateKey(data, keyStorePath, alias, password); byte[] decodedData = CertificateUtils.decryptByPublicKey(encodedData, certificatePath); String target = new String(decodedData); System.out.println("加密前: \r\n" + source + "\r\n" + "解密后: \r\n" + target); assertEquals(source, target); System.err.println("私钥签名——公钥验证签名"); // 产生签名 String sign = CertificateUtils.signToBase64(encodedData, keyStorePath, alias, password); System.out.println("签名:\r\n" + sign); // 验证签名 boolean status = CertificateUtils.verifySign(encodedData, sign, certificatePath); System.err.println("状态:\r\n" + status); assertTrue(status); } static void testFileSign() throws Exception { String filePath = "D:/software/eclipse-SDK-3.3.2-win32.zip"; String sign = CertificateUtils.signFileToBase64(filePath, keyStorePath, alias, password); System.err.println("生成签名:\r\n" + sign); boolean result = CertificateUtils.verifyFileSign(filePath, sign, certificatePath); System.err.println("校验结果:" + result); } }
发表评论
-
android window.requestWindowFeature()常用方法
2011-12-23 14:41 1054最近在网上看到一篇 ... -
专家指导 UML类图关系表示方法
2011-12-07 13:36 1602UML类图关系主要有关联,依赖,泛化,实现等,那么它们的表 ... -
存取之美——HashMap原理与实践
2011-12-05 17:48 1705HashMap是一种十分常用的数据结构,作为一个应用开发 ... -
Android异步加载图像小结 (含线程池,缓存方法)
2011-12-05 17:11 1174Android异步加载图像小结 来源:互联网作者:未知 ... -
java项目命名规范
2011-11-30 11:59 2519规范等级说明 级别I: 默认登记要求所有 ...
相关推荐
综上所述,Java中的国密算法实现涉及多个步骤和技术,包括但不限于密钥管理、加密解密、哈希计算、签名验证以及证书处理。开发者需要熟悉相关API和库,以正确地集成这些功能到他们的项目中。在实际开发过程中,还要...
通过使用Java技术实现数字证书的签名和验证,不仅可以提高应用的安全性,还可以增强用户对系统的信任。尽管实现过程可能较为复杂,但通过遵循上述步骤,开发者可以有效地提升应用程序的安全级别,特别是在涉及敏感...
综合应用篇既细致地讲解了加密技术对数字证书和SSL/TLS协议的应用,又以示例的方式讲解了加密与解密技术在网络中的实际应用,极具实践指导性。Java开发者将通过本书掌握密码学和Java加密与解密技术的所有细节;系统...
Java的`java.security`和`javax.crypto`包中包含了许多用于加密操作的工具类,如Cipher用于加解密操作,MessageDigest用于哈希计算,Signature用于数字签名等。 9. **PKCS7/PKCS8标准** PKCS(Public Key ...
RSA算法是一种非对称加密算法,它在信息安全领域有着广泛的应用,特别是在数字签名、数据加密和安全通信中。本文将详细讲解RSA算法的加签、加密、解密以及验签的过程,结合Java语言来实现这一系列操作,并涉及到证书...
本资源“java加密与解密的艺术全包括源码.rar”提供了全面的Java加密解密技术实现,涵盖了多种算法和应用场景。下面我们将深入探讨其中涉及的一些核心知识点。 1. **对称加密**:对称加密是最常见的加密方式,如DES...
本书涵盖了从基础的对称加密、非对称加密到数字签名、证书、哈希函数等多方面的内容,旨在提升开发者在信息安全领域的专业技能。 1. 对称加密:在Java中,最常用的对称加密算法有DES(Data Encryption Standard)、...
- **Java中的非对称加密API**:`java.security.KeyPairGenerator`用于生成公钥和私钥对,`java.security.PublicKey`和`java.security.PrivateKey`分别表示公钥和私钥,`Cipher`类同样用于非对称加密和解密。...
9. **JSymxx175.zip**:这个文件可能是书中源码的压缩包,可能包含了各种加密解密算法的实现,包括上述提到的对称加密、非对称加密、哈希计算等,是学习和实践Java加密解密技术的好材料。 在学习这部分内容时,你...
4. 数据校验:服务器接收到请求后,使用私钥解密签名,再对比解密后的参数与原始请求参数是否一致。如果一致,则说明数据在传输过程中未被修改,接口调用校验成功。 在实际开发中,可以使用Java的`java.security`和...
在加密解密的过程中,SHA1并不适用于传统意义上的加密,因为它不具备可逆性。它的主要功能是创建一个数据指纹,用于检查数据是否被篡改。例如,在文件传输或下载后,可以通过计算本地文件与原始服务器文件的SHA1哈希...
以下是对Java加密解密算法的详细概述: 1. **基础概念** - **加密**:将明文数据转化为无法直接理解的形式,称为密文。 - **解密**:将密文还原为原始明文的过程。 - **密钥**:用于加密和解密的特殊数据,分为...
《Java加密与解密的艺术》是一本深入探讨Java平台上的加密和解密技术的专业书籍。这本书结合源码分析,旨在帮助读者理解加密算法的核心原理,掌握在Java环境中实现安全通信和数据保护的方法。 首先,我们要了解加密...
数字签名利用非对称加密技术,结合公钥和私钥,实现对数据的签名和验证,以确保信息未被篡改。证书,如X.509证书,是公开密钥的电子文档,由权威机构(如CA,证书颁发机构)签名,用来验证持有者的身份。 关于密钥...
Java加密解密工具集是Java开发中不可或缺的一部分,它提供了对数据进行安全处理的能力,确保信息在传输或存储过程中的隐私性和完整性。JCT(Java Cryptography Toolkit)可能是指Java提供的加密工具包,用于实现各种...
本文将深入探讨JAVA文件内容加密的相关知识点,包括加密的基本原理、常用的加密算法、JAVA中的加密API以及如何实际操作对文件内容进行加密。 1. **加密基本原理**: 加密是一种将明文信息转换为看似随机的密文的...
《Java加密与解密的艺术》是一本专注于Java平台上的安全技术专著,涵盖了广泛的加密和解密技术。这本书深入探讨了如何在Java环境中实施高效且安全的加密算法,以保护数据的隐私和完整性。以下是对该主题的一些关键...