介绍
签名:就有安全性,抗否认性
数字签名:带有密钥(公钥,私钥)的消息摘要算法
作用:
1. 验证数据的完整性
2. 认证数据来源
3. 抗否认
数字签名遵循:私钥签名,公钥验证
常用的数字签名算法:RSA,DSA,ECDSA
RSA
介绍:
是经典算法,是目前为止使用最广泛的数字签名算法。
RSA数字签名算法的密钥实现与RSA的加密算法是一样的,算法的名称都叫RSA。密钥的产生和转换都是一样的。
RSA数字签名算法主要包括MD和SHA两类。
具体包括那些内容见下图:
例子:
package com.timliu.security.signature;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Hex;
public class RSATest {
public static final String src = "hello world";
public static void main(String[] args) {
jdkRSA();
}
/**
* 说明: 用java的jdk里面相关方法实现rsa的签名及签名验证
*/
public static void jdkRSA() {
try {
// 1.初始化密钥
KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("RSA");
//设置KEY的长度
keyPairGenerator.initialize(512);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//得到公钥
RSAPublicKey rsaPublicKey = (RSAPublicKey) keyPair.getPublic();
//得到私钥
RSAPrivateKey rsaPrivateKey = (RSAPrivateKey) keyPair.getPrivate();
// 2.进行签名
//用私钥进行签名
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(
rsaPrivateKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
//构造一个privateKey
PrivateKey privateKey = keyFactory
.generatePrivate(pkcs8EncodedKeySpec);
//声明签名的对象
Signature signature = Signature.getInstance("MD5withRSA");
signature.initSign(privateKey);
signature.update(src.getBytes());
//进行签名
byte[] result = signature.sign();
System.out.println("jdk rsa sign:" + Hex.encodeHexString(result));
// 3.验证签名
//用公钥进行验证签名
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
rsaPublicKey.getEncoded());
keyFactory = KeyFactory.getInstance("RSA");
//构造一个publicKey
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
//声明签名对象
signature = Signature.getInstance("MD5withRSA");
signature.initVerify(publicKey);
signature.update(src.getBytes());
//验证签名
boolean bool = signature.verify(result);
System.out.println("jdk rsa verify:" + bool);
} catch (Exception e) {
System.out.println(e.toString());
}
}
}
运行结果:
RSA的应用场景:
DSA
介绍:
DSS(Digital Signature Standard):数字签名标准
在DSS的基础上逐渐形成了DSA算法。
DSA(Digital Signature Algorithm):数字签名算法
DSA与RSA的区别:
DSA仅包含数字签名,使用DSA这种算法的证书是没法进行加密通信的。
但是RSA既包含数字签名算法,也包含加解密。
例子:
package com.timliu.security.signature;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Hex;
public class DSATest {
public static final String src = "hello world";
public static void main(String[] args) {
jdkDSA();
}
/**
*
* 说明: 用java的jdk里面相关方法实现dsa的签名及签名验证
*/
public static void jdkDSA() {
try {
// 1.初始化密钥
KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("DSA");
//设置密钥的长度
keyPairGenerator.initialize(512);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//得到公钥
DSAPublicKey dsaPublicKey = (DSAPublicKey) keyPair.getPublic();
//得到私钥
DSAPrivateKey dsaPrivateKey = (DSAPrivateKey) keyPair.getPrivate();
// 2.进行签名
//私钥进行签名
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(
dsaPrivateKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("DSA");
//得到执行签名时用到的privateKey
PrivateKey privateKey = keyFactory
.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initSign(privateKey);
signature.update(src.getBytes());
//执行签名
byte[] result = signature.sign();
System.out.println("jdk dsa sign:" + Hex.encodeHexString(result));
// 3.验证签名
//公钥进行验证
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
dsaPublicKey.getEncoded());
keyFactory = KeyFactory.getInstance("DSA");
//得到验证签名时用到的publicKey
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
signature = Signature.getInstance("SHA1withDSA");
signature.initVerify(publicKey);
signature.update(src.getBytes());
//执行验证
boolean bool = signature.verify(result);
System.out.println("jdk dsa verify:" + bool);
} catch (Exception e) {
System.out.println(e.toString());
}
}
}
运行结果:
DSA的应用场景:
ECDSA
介绍:
微软产品的序列号验证算法使用的就是ECDSA。
ECDSA(Elliptic Curve Digital Signature Algorithm):椭圆曲线数字签名算法
优点:
与传统的数字签名算法相比,速度快,强度高,签名短。
注意:
这里JDK实现ECDSA算法是在JDK1.7之后。
例子:
package com.timliu.security.signature;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Hex;
public class ECDSATest {
public static final String src = "hello world";
public static void main(String[] args) {
jdkECDSA();
}
/**
* 说明: 用java的jdk里面相关方法实现ECDSA的签名及签名验证,要jdk7.x以上,ECDSA:椭圆曲线数字签名算法
*/
public static void jdkECDSA() {
try {
// 1.初始化密钥
KeyPairGenerator keyPairGenerator = KeyPairGenerator
.getInstance("EC");
//设置密钥的长度
keyPairGenerator.initialize(256);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
//得到公钥
ECPublicKey ecPublicKey = (ECPublicKey) keyPair.getPublic();
//得到私钥
ECPrivateKey ecPrivateKey = (ECPrivateKey) keyPair.getPrivate();
// 2.进行签名
//私钥进行加密
PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(
ecPrivateKey.getEncoded());
KeyFactory keyFactory = KeyFactory.getInstance("EC");
//得到签名用的privateKey
PrivateKey privateKey = keyFactory
.generatePrivate(pkcs8EncodedKeySpec);
Signature signature = Signature.getInstance("SHA1withECDSA");
signature.initSign(privateKey);
signature.update(src.getBytes());//更新要签名的字符串
//进行签名
byte[] result = signature.sign();
System.out.println("jdk ecdsa sign:" + Hex.encodeHexString(result));
// 3.验证签名
//公钥进行验证
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
ecPublicKey.getEncoded());
keyFactory = KeyFactory.getInstance("EC");
//得到验证签名用的publicKey
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
signature = Signature.getInstance("SHA1withECDSA");
signature.initVerify(publicKey);
signature.update(src.getBytes());
//进行验证
boolean bool = signature.verify(result);
System.out.println("jdk ecdsa verify:" + bool);
} catch (Exception e) {
System.out.println(e.toString());
}
}
}
运行结果:
ECDSA应用场景:
加密学习笔记的源码下载:
转载自原文链接, 如需删除请联系管理员。
原文链接:数字签名算法---加密学习笔记(五),转载请注明来源!