生成命令备份:
生成私钥 openssl genrsa -out me_private.pem 1024 生成公钥 openssl rsa -in me_private.pem -pubout -out me_public.pem 生成证书请求文件 openssl req -new -key me_private.pem -out me_rsa_cerreq.csr 生成证书 openssl x509 -req -days 3650 -in me_rsa_cerreq.csr -signkey me_private.pem -out me_rsacert.crt 生成pkcs8格式私钥 openssl pkcs8 -topk8 -in me_private.pem -out me_private_pkcs8.pem -nocrypt 生成私钥 openssl genrsa -out blaze_private.pem 2048 生成公钥 openssl rsa -in blaze_private.pem -pubout -out blaze_public.pem 生成证书请求文件 openssl req -new -key blaze_private.pem -out blaze_rsa_cerreq.csr 生成证书 openssl x509 -req -days 3650 -in blaze_rsa_cerreq.csr -signkey blaze_private.pem -out blaze_cert.pem 生成pkcs8格式私钥 openssl pkcs8 -topk8 -in blaze_private.pem -out blaze_private_pkcs8.pem -nocrypt
package com.blaze.chain.util; import java.io.FileInputStream; import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.spec.PKCS8EncodedKeySpec; import org.apache.commons.codec.binary.Base64; import org.bouncycastle.util.io.pem.PemReader; import org.slf4j.Logger; import com.blaze.chain.common.loggers.ChainLogger; import com.blaze.core.utils.LogUtils; /** * SHA256WithRSA签名、验签工具 * * @FileName: RSASignUtils.java */ public class RSASignUtils { /** 日志 */ private static Logger LOGGER = LogUtils.getLogger(RSASignUtils.class); private static final String SIGN_SHA256RSA_ALGORITHMS = "SHA256WithRSA"; /** * 签名 * * @param content * @param privateKey * @return * @throws Exception */ public static String sign(String content, PrivateKey privateKey) throws Exception { Signature signature = Signature.getInstance(SIGN_SHA256RSA_ALGORITHMS); signature.initSign(privateKey); signature.update(content.getBytes(StandardCharsets.UTF_8)); // 签名使用Base64编码后得到的值即为请求数据中signature字段的值 return Base64.encodeBase64String(signature.sign()); } /** * 验签 * * @param content * @param signature * @param publicKey * @return */ public static Boolean checkSign(String content, String signature, PublicKey publicKey) { try { LOGGER.info("content = " + content); LOGGER.info("signature = " + signature); Signature signatureTool = Signature.getInstance(SIGN_SHA256RSA_ALGORITHMS); signatureTool.initVerify(publicKey); signatureTool.update(content.getBytes(StandardCharsets.UTF_8)); byte[] signbyte = Base64.decodeBase64(signature.getBytes()); return signatureTool.verify(signbyte); } catch (Exception e) { LOGGER.error("signature error", e); } return false; } /** * 加载 pkcs8 格式私钥 * * @param path * @return * @throws Exception */ public static PrivateKey loadPrivateKey(String path) throws Exception { PemReader pemReader = new PemReader(new InputStreamReader(new FileInputStream(path))); PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(pemReader.readPemObject().getContent()); pemReader.close(); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); return keyFactory.generatePrivate(pkcs8EncodedKeySpec); } /** * 从证书加载公钥 * * @param path * @return * @throws Exception */ public static PublicKey loadPublicKey(String path) throws Exception { CertificateFactory fact = CertificateFactory.getInstance("X.509"); FileInputStream is = new FileInputStream(path); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); return cer.getPublicKey(); } }
测试代码
String configPath = System.getProperty("user.dir") + "/config/";
PublicKey publicKey = RSASignUtils.loadPublicKey(configPath + "blaze_cert.pem");
PrivateKey privateKey = RSASignUtils.loadPrivateKey(configPath + "blaze_private_pkcs8.pem");
String content = "hi,man...";
String signature = RSASignUtils.sign(content, privateKey);
boolean rs = RSASignUtils.checkSign(content, signature, publicKey);
LOGGER.info("content = " + content);
LOGGER.info("signature = " + signature);
LOGGER.info("rs = " + rs);
本文参考:
https://blog.csdn.net/qq_15259303/article/details/81133735