时间:2017年4月13日星期四
说明:本文部分内容均来自慕课网。@慕课网:http://www.imooc.com
教学示例源码:https://github.com/zccodere/s...
个人学习源码:https://github.com/zccodere/s...

第一章:概述

1-1 数字签名算法概述

数字签名算法

签名-安全性,抗否认性
数字签名:带有密钥(公钥、私钥)的消息摘要算法
验证数据完整性、认证数据来源、抗否认
OSI参考模型
私钥签名、公钥验证
RSA、DSA、ECDSA

第二章:RSA算法

2-1 数字签名算法RSA

数字签名算法:RSA

经典算法
MD、SHA两类

算法实现:

clipboard.png

代码演示:

package com.myimooc.security.rsa2;

import org.apache.commons.codec.binary.Hex;

import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * RSA数字签名算法演示
 * Created by ZC on 2017/4/13.
 */
public class DemoRSA {

    /** 待加密字符串 */
    private static String src="imooc security rsa";

    public static void main(String[] args)throws Exception{
        jdkRSA();
    }

    /** 使用 JDK 实现 RSA 数字签名  */
    public static void jdkRSA() throws Exception{

        // 1.初始化密钥
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(512);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        RSAPublicKey rsaPublicKey = (RSAPublicKey)keyPair.getPublic();
        RSAPrivateKey rsaPrivateKey = (RSAPrivateKey)keyPair.getPrivate();

        // 2.执行签名
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(rsaPrivateKey.getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        Signature signature = Signature.getInstance("MD5withRSA");
        signature.initSign(privateKey);
        signature.update(src.getBytes());
        byte[] result = signature.sign();
        System.out.println("jdk ras sign:"+ Hex.encodeHexString(result));

        // 3.验证签名
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(rsaPublicKey.getEncoded());
        keyFactory = KeyFactory.getInstance("RSA");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
        signature = Signature.getInstance("MD5withRSA");
        signature.initVerify(publicKey);
        signature.update(src.getBytes());
        boolean bool = signature.verify(result);
        System.out.println("jdk rsa verify:"+bool);
    }

}

流程演示:

clipboard.png

第三章:DSA算法

3-1 数字签名算法DSA

数字签名算法:DSA

DSS(Digital Signature Standard)数字签名标准
DSA(Digital Signature Algorithm)数字签名算法
DSA仅包含数字签名

算法实现:

clipboard.png

代码演示:

package com.myimooc.security.dsa;

import org.apache.commons.codec.binary.Hex;

import java.security.*;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * DSA数字签名算法演示
 * Created by ZC on 2017/4/13.
 */
public class DemoDSA {

    /** 待加密字符串 */
    private static String src="imooc security dsa";

    public static void main(String[] args)throws Exception{
        jdkDSA();
    }

    /** 使用 JDK 实现 DSA 数字签名  */
    public static void jdkDSA() throws Exception{

        // 1.初始化密钥
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DSA");
        keyPairGenerator.initialize(512);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        DSAPublicKey dsaPublicKey = (DSAPublicKey)keyPair.getPublic();
        DSAPrivateKey dsaPrivateKey = (DSAPrivateKey)keyPair.getPrivate();

        // 2.执行签名
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(dsaPrivateKey.getEncoded());
        KeyFactory keyFactory = KeyFactory.getInstance("DSA");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        Signature signature = Signature.getInstance("SHA1withDSA");
        signature.initSign(privateKey);
        signature.update(src.getBytes());
        byte[] result = signature.sign();
        System.out.println("jdk dsa sign:"+ Hex.encodeHexString(result));

        // 3.验证签名
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(dsaPublicKey.getEncoded());
        keyFactory = KeyFactory.getInstance("DSA");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
        signature = Signature.getInstance("SHA1withDSA");
        signature.initVerify(publicKey);
        signature.update(src.getBytes());
        boolean bool = signature.verify(result);
        System.out.println("jdk dsa verify:"+bool);
    }
}

流程演示:

clipboard.png

第四章:ECDSA算法

4-1 数字签名算法ECDSA

数字签名算法:ECDSA

微软:安装office或系统需提供的序列号就是ECDSA算法
Elliptic Curve Digital Signature Algorithm,椭圆曲线数字签名算法
速度快、强度高、签名短

算法实现:

clipboard.png

代码演示:

package com.myimooc.security.ecdsa;

import org.apache.commons.codec.binary.Hex;

import java.security.*;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

/**
 * ECDSA数字签名算法演示
 * Created by ZC on 2017/4/13.
 */
public class DemoECDSA {

    /** 待加密字符串 */
    private static String src="imooc security ecdsa";

    public static void main(String[] args)throws Exception{
        jdkECDSA();
    }

    /** 使用 JDK 实现 ECDSA 数字签名  */
    public static void jdkECDSA() throws Exception{

        // 1.初始化密钥
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
        keyPairGenerator.initialize(256);
        KeyPair keyPair = keyPairGenerator.generateKeyPair();
        ECPublicKey ecPublicKey = (ECPublicKey)keyPair.getPublic();
        ECPrivateKey ecPrivateKey = (ECPrivateKey)keyPair.getPrivate();

        // 2.执行签名
        PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(ecPrivateKey.getEncoded());
        KeyFactory keyFactory =  KeyFactory.getInstance("EC");
        PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);
        Signature signature = Signature.getInstance("SHA1withECDSA");
        signature.initSign(privateKey);
        signature.update(src.getBytes());
        byte[] result = signature.sign();
        System.out.println("jdk ecdsa sign:"+ Hex.encodeHexString(result));

        // 3.验证签名
        X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(ecPublicKey.getEncoded());
        keyFactory = KeyFactory.getInstance("EC");
        PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
        signature = Signature.getInstance("SHA1withECDSA");
        signature.initVerify(publicKey);
        signature.update(src.getBytes());
        boolean bool = signature.verify(result);
        System.out.println("jdk ecdsa verify:"+ bool);
    }

}

流程演示:

clipboard.png

第五章:小结

5-1 数字签名算法总结

数字签名算法:回顾

签名
数字签名:带有密钥(公钥、使用)的消息摘要算法
验证数据完整性、认证数据来源、抗否认
OSI参考模型
私钥签名、公钥验证
RSA、DSA、ECDSA

妙手空空
1.3k 声望370 粉丝

博观而约取,厚积而薄发