java实现(RSA非对称加密) SHA1WithRSA加签验签 及openssl生成公私钥
openssl
传输层安全性/安全套接层及其加密库
项目地址:https://gitcode.com/gh_mirrors/ope/openssl
免费下载资源
·
RSA加签验签流程:
|
本地发送请求时(本地已对请求根据私钥进行加签) 接收方平台根据公钥进行验签 判断是否合法
接收来自平台的响应时(平台已根据私钥进行加签) 需要根据本地公钥对响应进行验签 判断是否合法
|
生成公私钥方法:
在Linuxx下输入openssl 进入openssl 获取公私钥
生成私钥:
openssl>
genrsa -out rsa_private_key.pem 1024 默认输出pkcs1
生成公钥:
openssl>
rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
私钥需要做pkcs1转pkcs8
---------------------------------------------------------------------
- PKCS8格式私钥转换为PKCS1(传统私钥格式) -
- openssl pkcs8 -in pkcs8.pem -nocrypt -out pri_key.pem -
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------
- PKCS1格式私钥转换为PKCS8(传统私钥格式) -
-
pkcs8 -topk8 -inform PEM -in rsa_key.pem -outform PEM -nocrypt
-
-----------------------------------------------------------------------------------------------------------
生成私钥:
Last login: Fri Aug 4 09:30:12 2017 from 192.168.88.211
[koolapp@aop-70-104 ~]$ openssl
OpenSSL> genrsa -out rsa_oo_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus
...............................++++++
.......................++++++
e is 65537 (0x10001)
----------Java开发者需将私钥转换成PKCS8格式再做签名使用,转换方法如下:--------
OpenSSL> pkcs8 -topk8 -inform PEM -in rsa_oo_private_key.pem -outform PEM -nocrypt
--pkcs1转pkcs8
-----BEGIN PRIVATE KEY-----
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALzHKDGu18RHHJUT
2+ufbzoq+8L41HYRzosZQ+EoCucMmosUaxX6DWB/uFPKOMsWbgrFk9qkB5sAXnR/
Xwy+zQ9p6WisBY8I0NqihnBcA0MqksJcBYMXuWrlsZait4I7v5rOC1hDpz6RVVWl
R2Ft2Mb/k5ckzWm1UDoBIbjF28pjAgMBAAECgYBewNwk6+yzQTpQfZJSV0ld+fs6
ZulFhjSUzw6qMg4e4M2lZ49EjakvOYxMymDtVwnO8FMBWHnUzD+c293aqN6Fs/cU
MK7rFDdR0GQcclezHfkL/j0xvj+y8DgYd2JiAqh/qeuwbTs4Z0o6dMlqazJ7l16R
s3MnYzU8ABdK6rv9wQJBAOn4brXDH2jcHR4/PWYH1/uNU0FWHwfT9jg9KLTU8k5H
m6c2K5l1eHhir9KmyZhncrPYCynC1iwZzK7ik3GZhwMCQQDOjWpvJEgE+7SLwe2D
+j1vEY8kU3NR3xyZAqVz1fWkd2kW4kr0TPPchVbJBGJpOOa0wwRtf04Lb/nONZDR
jiEhAkAaPlJ0stE4GtBtTxyc8C5KufxnrLhIUX8hqcKCHgybuS59X/cd/G4p2q/s
Cec84AWepJID+iW5xp8N0r5FFLpvAkEAmEB9V/dybtnqt6n3HfVzG0/iJ3Cr7Il9
VvwwYTYxn0211PxxK6sdhktzMTFeKRmcVVn7BYt1R9D+XhX17cHKgQJBANjpDrt1
T+qYZPgGbiEonb0bmjunnMY9Dn5GOh4YDHuv5ObnZZCkNTRJQUCJPjgsF/bkVhPg
dqL+gUqh3ZFVIg4=
-----END PRIVATE KEY-----
生成公钥:
OpenSSL> rsa -in rsa_oo_private_key.pem -pubout -out rsa_public_key.pem
writing RSA key
OpenSSL> quit openssl
退出openssl 输入ls检查是否生成对应的公私钥文件
[aofdapp@root-01 ~]$ ls
0219.zip backup key.pem notify notify.2 ops rsa_oo_private_key.pem rsa_public_key.pem
genrsa pub_key.pem rsa_private_key.pem token
[aofdapp@root-01 ~]$ vi rsa_public_key.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8xygxrtfERxyVE9vrn286KvvC
+NR2Ec6LGUPhKArnDJqLFGsV+g1gf7hTyjjLFm4KxZPapAebAF50f18Mvs0Paelo
rAWPCNDaooZwXANDKpLCXAWDF7lq5bGWoreCO7+azgtYQ6c+kVVVpUdhbdjG/5OX
JM1ptVA6ASG4xdvKYwIDAQAB
-----END PUBLIC KEY-----
公钥、私钥
publicstatic String privatestr = "MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBANlx8rhWlKYH54BaTuL8jRuXtssu7zr04O6KvZDTzIycvArF3ohMUcgFIQ4a+JlvN5S1sokmxLTKPr4xrS6xRnaUvIW1qXh5SXvwpBEHPpCoHXqP5zNMftxA2MH4ktPfKBtWpoKLP2DsJ4EpGRr34wP3CrchYbjlYyGdY5lvMcbHAgMBAAECgYAvzDJ0fuOyE2658iABGU7TT+gohaqkpQuEpA7DdSszhYh4PcKK52vasfXwKdGXuLDZCY+zQkhfDU35dOYCq4k3Q84cjiLVe5sFlJNucBgqlEcxrLsUkTuXzNntOWjTpWjAnfUXB7GkvT7ekpnCwqWb8qlUGHzsGioTkTOy0cfIUQJBAPuQmI0EpORqP+v/Vd6SWlxq6Be20hsT5erVpz2Ke1KczbQwRi2ogBpYRMaAmT4kWfsl2hU/hbmESG/yymWS+BMCQQDdR1uCJXSJqu7Urlg4zCa4kBk0rwYYttLJj1jL6d5kKawf9iEgoAElVlRZWWXRnyD4Nesf8n5kTlgtawz+jnT9AkEAi1aP6KwF2S6wsTsAiQNvYXkljN0Ki0z+MJCezYuCu0N2/LMwa+HE8tKpZXmdZ7oizOUuYk6I9zS6GqfUS2aYWQJBAJMjzxK0y1B77IJaSGnEPv89OrWQqNIoR/QlsNsvcWVTXJSIOzERlJF6XW5ohs8kLG1AlU/SFP+oJPRWmfZvThUCQDbM7X6PF+DHa9x2YPEWYYiiThbTGTO1mOxBt2V6GuFqnGHFIa3OeZZpv7SW+aDzTGEmrtByqxRkSd3WpeJzu0I=";
public static String publicstr = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCjyiajomfYD80A7tN8vdeXllTiGrSdocq1nvgceicanNb8QaoNGdAPE6AMuSqnMWs40tj/XoXQmPxNrdUmclwwLJza5Aq5PNqDiFC5QLmIFtATN/n3ymqIYnw78ME8Dv5yjYJs1xk0EL6+1wlFFrylApBWKUGE2c2m2seBY+in5wIDAQAB";
加签:
public String signWhole(String keycode, String param) {
// 使用私钥加签
byte[] signature = null;
try {
//获取privatekey
byte[] keyByte = Base64.decode(keycode);
KeyFactory keyfactory = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec encoderule = new PKCS8EncodedKeySpec(keyByte);
PrivateKey privatekey = keyfactory.generatePrivate(encoderule);
//用私钥给入参加签
Signature sign = Signature.getInstance("SHA1WithRSA");
sign.initSign(privatekey);
sign.update(param.getBytes());
signature = sign.sign();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//将加签后的入参转成16进制
String terminal = Hex.encodeHexStr(signature);
return terminal;
}
openssl
传输层安全性/安全套接层及其加密库
项目地址:https://gitcode.com/gh_mirrors/ope/openssl
验签:
public boolean verifyWhole(String param,String signature,String keycode){
try {
//获取公钥
KeyFactory keyFactory=KeyFactory.getInstance("RSA");
byte[] keyByte=Base64.decode(keycode);
X509EncodedKeySpec encodeRule=new X509EncodedKeySpec(keyByte);
PublicKey publicKey= keyFactory.generatePublic(encodeRule);
//用获取到的公钥对 入参中未加签参数param 与 入参中的加签之后的参数signature 进行验签
Signature sign=Signature.getInstance("SHA1WithRSA");
sign.initVerify(publicKey);
sign.update(param.getBytes());
//将16进制码转成字符数组
byte[] hexByte=Hex.hexStringToBytes(signature);
//验证签名
return sign.verify(hexByte);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Base64DecodingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return false;
}
推荐内容
阅读全文
AI总结
GitHub 加速计划 / ope / openssl
26
1
下载
传输层安全性/安全套接层及其加密库
最近提交(Master分支:6 个月前 )
69acfa35
Recently ci on master has been failing:
https://github.com/openssl/openssl/actions/runs/14234051502/job/39919663876
Its occuring because the s390 gcc compiler is complaining about various
functions attempting to write past the end of an array.
However, I can find no case in which we actually do so in this case.
The problem resolves when we either:
1) Disable the stringop-overflow warning
or
2) disable all loop unrolling optimizations with fno-loop-nest-optimize
Given that asan doesn't report any out of bounds errors on s390 when
built with case (1), and case (2) can be a significant performance hit,
coupled with the fact that gcc on any other platform avoids the same
issue (s390 is stuck on gcc 12, instead of gcc 16 where the other
platforms are), I think the right thing to do is just disable the
warning here
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27253)
1 天前
c66e0039
- Add information about OpenSSL 3.5 server-side QUIC support
- Include specific command instructions for running the QUIC server example
- Explicitly note that s_server does NOT support QUIC
- Fix documentation formatting (trailing spaces and blank lines around code blocks)
Signed-off-by: Samson S. Kolge <eglok1980@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27230)
2 天前
旨在为数千万中国开发者提供一个无缝且高效的云端环境,以支持学习、使用和贡献开源项目。
更多推荐
5
0- 0
已为社区贡献1条内容
相关推荐
查看更多
openssl
0
mirror of https://www.openssl.org
openssl
0
A functions wrapping of OpenSSL library for symmetric and asymmetric encryption and decryption.
openssl
0
OpenSSL bindings for Go
热门开源项目
运营活动
活动日历
查看更多
直播时间 2025-03-13 18:32:35
全栈自研企业级AI平台:Java核心技术×私有化部署实战
直播时间 2025-03-11 18:35:18
从0到1:Go IoT 开发平台的架构演进与生态蓝图
直播时间 2025-03-05 14:35:37
国产工作流引擎 终结「996」开发困局!
直播时间 2025-02-25 14:38:13
免费开源宝藏 ShopXO,电商系统搭建秘籍大公开!
直播时间 2025-02-18 14:31:04
从数据孤岛到数据智能 - 企业级数据管理利器深度解析
所有评论(0)