一、概述
ECC算法(Elliptic curve cryptography,橢圓曲線密碼學)
橢圓加密算法(ECC)是一種公鑰加密體制,最初由Koblitz和Miller兩人於1985年提出,其數學基礎是利用橢圓曲線上的有理點構成Abel加法群上橢圓離散對數的計算困難性。
是目前已知的公鑰體制中,對每比特所提供加密強度最高的一種體制。在軟件注冊保護方面起到很大的作用,一般的序列號通常由該算法產生。
- ECDSA is a digital signature algorithm是一種數字簽名算法
- ECIES is an Integrated Encryption scheme 是一種集成加密方案
- ECDH is a key secure key exchange algorithm是密鑰安全密鑰交換算法
1.1、jdk實現
ECC算法在jdk1.5后加入支持,目前僅僅只能完成密鑰的生成與解析。
JDK1.7開始內置了ECC公私鑰生成、簽名驗簽,但沒有實現加密解密。
jdk支持ecdsa、不支持ecdh、ecies
bc支持ecdsa、ecdh、ecies
1.2、bc實現【提供實現】
在Java中使用ECC算法有以下幾點需要注意:
- JDK1.7開始內置了ECC公私鑰生成、簽名驗簽,但沒有實現加密解密,因此需要使用BouncyCastle來做Security Provider;
- 在Java中使用高級別的加解密算法,比如AES使用256bit密鑰、ECC使用Secp256r1等需要更新JRE的security policy文件,否則會報類似“Illegal key size or default parameters”這樣的錯誤。具體怎樣更換policy文件,可以參考這里
- 實際項目開發過程中,可能發現有傳遞給Java的公鑰不是完整的X.509 SubjectPublicKeyInfo,比如只傳遞了一個65字節的ECPoint過來,這種情況可以跟對方溝通清楚所使用的Algorithm以及NamedCurve,補全DER數據后,再使用Java Security庫解析。
public class BcEcc { public static KeyPair initKeyPair(String algorithm, Integer keySize) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC","BC"); keyPairGenerator.initialize(keySize, new SecureRandom()); KeyPair keyPair = keyPairGenerator.generateKeyPair(); return keyPair; } public static byte[] encrypt(byte[] content, PublicKey publicKey) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Cipher cipher = Cipher.getInstance("ECIES","BC");//寫不寫 BC都可以,都是會選擇BC實現來做 cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(content); } public static byte[] decrypt(byte[] content, PrivateKey privateKey) throws Exception { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); Cipher cipher = Cipher.getInstance("ECIES","BC"); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(content); } }
代碼地址:https://github.com/bjlhx15/algorithm-sign.git
二、ECDSA簽名
基於ECC與DSA簽名算法分類信息,ECDSA(elliptic curve digital signature algorithm) 橢圓曲線數字簽名算法:速度快,強度高,簽名短
| 算法 | 密鑰長度 | 默認長度 | 簽名長度 | 實現的方 |
| NONEwithECDSA | 112-571 | 256 | 128 | JDK/BC |
| RIPEMD160withECDSA | 同上 | 256 | 160 | BC |
| SHA1withECDSA | ... | 256 | 160 | JDK/BC |
| SHA224withECDSA | ... | 256 | 224 | JDK/BC |
| SHA256withECDSA | ... | 256 | 256 | JDK/BC |
| SHA384withECDSA | ... | 256 | 384 | JDK/BC |
| SHA512withECDSA | ... | 256 | 512 | JDK/BC |
簽名示例
代碼地址:https://github.com/bjlhx15/algorithm-sign.git
/algorithm-sign/algorithm-sign-impl/src/main/java/com/github/bjlhx15/security/sign003ecc
http://baike.baidu.com/item/%E6%A4%AD%E5%9C%86%E5%8A%A0%E5%AF%86%E7%AE%97%E6%B3%95/10305582?sefr=cr
三、nodejs版
crypto支持ecdsa、ecdh,不支持ecies加密解密
ecccrypto支持ecies加密解密
jsrsasign 使用
3.1、使用原生crypto 操作ecdsa、ecdh
無需安裝類庫模塊
// 原生crypto 支持 簽名 驗簽 密鑰交換 //簽名 function ecc_ecdsa_sign(signAlgorithmName, privateKey, srcData) { const crypto = require('crypto'); const sign = crypto.createSign(signAlgorithmName); sign.update(srcData); // 注意這里是pkcs1, java后端默認是pkcs8 const private_key = '-----BEGIN EC PRIVATE KEY-----\n' + privateKey + '-----END EC PRIVATE KEY-----\n'; return sign.sign(private_key).toString('base64'); } //驗簽 function ecc_ecdsa_verify(signAlgorithmName, publicKey,sign, srcData) { // 校驗這里直接使用公鑰,直接后端java生成的即可 const crypto = require('crypto'); const verify = crypto.createVerify(signAlgorithmName); verify.update(srcData); // verify.update(new Buffer(srcData, 'utf-8')); var public_key='-----BEGIN PUBLIC KEY-----\n' + publicKey +'-----END PUBLIC KEY-----\n'; console.log(verify.verify(public_key, sign,"base64")); } //密鑰交換 function ecc_ecdh(srcData) { const crypto = require('crypto'); const assert = require('assert'); // Generate Alice's keys... const alice = crypto.createECDH('secp521r1'); const alice_key = alice.generateKeys(); // Generate Bob's keys... const bob = crypto.createECDH('secp521r1'); const bob_key = bob.generateKeys(); // Exchange and generate the secret... const alice_secret = alice.computeSecret(bob_key); const bob_secret = bob.computeSecret(alice_key); console.log("alice_secret:" + alice_secret.toString("base64")) console.log("bob_secret:" + bob_secret.toString("base64")) assert(alice_secret, bob_secret); } //算法 var algorithmName = { sha1: "sha1", sha224: "sha224", sha256: "sha256", sha384: "sha384", sha512: "sha512" } module.exports = { algorithmName, ecc_ecdsa_sign, ecc_ecdsa_verify, ecc_ecdh }
測試:
function main() { var algorithm = require("../main/ecc001crypto") //pkcs1 var priKey = "MHQCAQEEID7ytsiAhdlS+hisEkdox7E2pTDP/nKmFdyKWyrqaFh/oAcGBSuBBAAKoUQDQgAEE0eb7o1ibninvBQlX8+sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A==\n"; //普通的后端key var pubKey = "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE0eb7o1ibninvBQlX8+sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A==\n"; console.log("-----簽名-驗簽-------") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha1, priKey, "hello world") console.log(value) algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha1, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha224, priKey, "hello world") console.log(value) algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha224, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha256, priKey, "hello world") console.log(value) algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha256, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha384, priKey, "hello world") console.log(value) algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha384, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha512, priKey, "hello world") console.log(value) algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha512, pubKey, value, "hello world") console.log("-----java的簽名-驗簽-------") var javaSign='MEYCIQDFtnUYxR0jPw8/16iZxYlEkW+AJkcPIxpXSWNnU9DoGwIhAJ1A8XlSoeqRvGC9ZzOthvGvQoOXZ+saiy7iryHINJa0'; algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha256, pubKey, javaSign, "我是測試數據對的紛紛") console.log("-----密鑰交換-------") algorithm.ecc_ecdh("") } main();
3.2、使用類庫ecccrypto操作ecdsa、ecdh、ecies加密解密
安裝:npm i eccrypto
// 使用 eccrypto 庫 支持 簽名 驗簽 密鑰交換 加密解密 //簽名 驗簽 function ecc_ecdsa(signAlgorithmName, pubKey, priKey, str) { var crypto = require("crypto"); var eccrypto = require("eccrypto"); // A new random 32-byte private key. var privateKey = eccrypto.generatePrivate(); console.log(privateKey.toString("base64")) // Corresponding uncompressed (65-byte) public key. var publicKey = eccrypto.getPublic(privateKey); console.log(publicKey.toString("base64")) // var str = "message to sign"; // Always hash you message to sign! var msg = crypto.createHash(signAlgorithmName).update(str).digest(); eccrypto.sign(privateKey, msg).then(function (sig) { console.log("Signature in DER format:", sig.toString("base64")); eccrypto.verify(publicKey, msg, sig).then(function () { console.log("Signature is OK"); }).catch(function () { console.log("Signature is BAD"); }); }); } //密鑰交換 function ecc_ecdh() { var eccrypto = require("eccrypto"); var privateKeyA = eccrypto.generatePrivate(); var publicKeyA = eccrypto.getPublic(privateKeyA); var privateKeyB = eccrypto.generatePrivate(); var publicKeyB = eccrypto.getPublic(privateKeyB); eccrypto.derive(privateKeyA, publicKeyB).then(function (sharedKey1) { eccrypto.derive(privateKeyB, publicKeyA).then(function (sharedKey2) { console.log("Both shared keys are equal:", sharedKey1.toString("base64"), sharedKey2.toString("base64")); }); }); } //ecc加密解密 function ecc_ecies() { var eccrypto = require("eccrypto"); var privateKeyA = eccrypto.generatePrivate(); var publicKeyA = eccrypto.getPublic(privateKeyA); var privateKeyB = eccrypto.generatePrivate(); var publicKeyB = eccrypto.getPublic(privateKeyB); // Encrypting the message for B. eccrypto.encrypt(publicKeyB, Buffer.from("msg to b")).then(function (encrypted) { // B decrypting the message. console.log("Message to part B[encrypted]:", encrypted.ciphertext.toString("base64")); eccrypto.decrypt(privateKeyB, encrypted).then(function (plaintext) { console.log("Message to part B:", plaintext.toString()); }); }); // Encrypting the message for A. eccrypto.encrypt(publicKeyA, Buffer.from("msg to a")).then(function (encrypted) { // A decrypting the message. console.log("Message to part A[encrypted]:", encrypted.ciphertext.toString("base64")); eccrypto.decrypt(privateKeyA, encrypted).then(function (plaintext) { console.log("Message to part A:", plaintext.toString()); }); }); } //算法 var algorithmName = { sha1: "sha1", sha224: "sha224", sha256: "sha256", // sha384: "sha384", //Error: Message is too long // sha512: "sha512" } module.exports = { algorithmName, ecc_ecdsa, ecc_ecdh, ecc_ecies }
測試:
function main() { var algorithm = require("../main/ecc002eccrypto") //pkcs1 var priKey = "MHQCAQEEID7ytsiAhdlS+hisEkdox7E2pTDP/nKmFdyKWyrqaFh/oAcGBSuBBAAKoUQDQgAEE0eb7o1ibninvBQlX8+sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A=="; //普通的后端key var pubKey = "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE0eb7o1ibninvBQlX8+sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A=="; console.log("-----簽名-驗簽-------") var value = algorithm.ecc_ecdsa(algorithm.algorithmName.sha1, pubKey,priKey, "hello world") var value = algorithm.ecc_ecdsa(algorithm.algorithmName.sha224, pubKey,priKey, "hello world") var value = algorithm.ecc_ecdsa(algorithm.algorithmName.sha256, pubKey,priKey, "hello world") // var value = algorithm.ecc_ecdsa(algorithm.algorithmName.sha384, pubKey,priKey, "hello world") console.log("-----密鑰交換-------") algorithm.ecc_ecdh("") console.log("-----加密 解密-------") algorithm.ecc_ecies("") } main();
更多:https://www.npmjs.com/package/eccrypto
3.3、使用類庫jsrsasign操作
// 使用 eccrypto 庫 支持 簽名 驗簽 密鑰交換 加密解密 //簽名 驗簽 function ecc_ecdsa_sign(signAlgorithmName, priKey, str) { var Jsrsasign = require('jsrsasign'); // 導入的Jsrsasign模塊里面有很多實用的對象,對應不同的方法 console.log(Jsrsasign) const privateKeyString = '-----BEGIN PRIVATE KEY-----\n' + priKey + '\n-----END PRIVATE KEY-----\n'; // 傳入私鑰 // 默認傳入的私鑰是PKCS#1的格式,所以采用readPrivateKeyFromPEMString(keyPEM)這個方法 // rsa.readPrivateKeyFromPEMString(PrivateKey); // 如果后台生產出來的私鑰是PKCS#8的格式,就不能用readPrivateKeyFromPEMString(keyPEM)這個方法 const key = Jsrsasign.KEYUTIL.getKey(privateKeyString); // 創建 Signature 對象,設置簽名編碼算法 const signature = new Jsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName }); // 初始化 signature.init(key); // 上面3行相當於這句 // const signature = new Jsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName,prvkeypem:privateKeyString });//!這里指定 私鑰 pem! // 傳入待加密字符串 signature.updateString(str); // 生成密文 const originSign = signature.sign(); const sign64 = Jsrsasign.hextob64(originSign); console.log('sign base64 =======', sign64); // const sign64u = Jsrsasign.hextob64u(originSign); // console.log('sign base64u=======', sign64u); return sign64; } function ecc_ecdsa_verify(signAlgorithmName, pubKey, sign, str) { var Jsrsasign = require('jsrsasign'); // 導入的Jsrsasign模塊里面有很多實用的對象,對應不同的方法 console.log(Jsrsasign) const pKeyString = '-----BEGIN PUBLIC KEY-----\n' + pubKey + '\n-----END PUBLIC KEY-----\n'; // 1.傳入私鑰 // 默認傳入的私鑰是PKCS#1的格式,所以采用readPrivateKeyFromPEMString(keyPEM)這個方法 // rsa.readPrivateKeyFromPEMString(PrivateKey); // 如果后台生產出來的私鑰是PKCS#8的格式,就不能用readPrivateKeyFromPEMString(keyPEM)這個方法 // const key = Jsrsasign.KEYUTIL.getKey(pKeyString); //2. 創建 Signature 對象,設置簽名編碼算法 // const signature = new Jsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName}); //3.初始化 //signature.init(key) //上面3行另一種寫法 const signature = new Jsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName, prvkeypem: pKeyString }); // 傳入待加密字符串 signature.updateString(str); var b = signature.verify(Jsrsasign.b64tohex(sign)) // 生成密文 console.log('sign verify =======', b); return b; } //ecc加密解密 function ecc_ecies() { var Jsrsasign = require('jsrsasign'); var keypair = Jsrsasign.KEYUTIL.generateKeypair("EC","secp256k1"); console.log(keypair) var pubKey=keypair.pubKeyObj.pubKeyHex var priKey=keypair.prvKeyObj.prvKeyHex console.log(Jsrsasign.hextob64(pubKey)) console.log(Jsrsasign.hextob64(priKey)) } //算法 var algorithmName = { SHA1withECDSA: "SHA1withECDSA", SHA224withECDSA: "SHA224withECDSA", SHA256withECDSA: "SHA256withECDSA", SHA384withECDSA: "SHA384withECDSA", //Error: Message is too long SHA512withECDSA: "SHA512withECDSA" } module.exports = { algorithmName, ecc_ecdsa_sign, ecc_ecdsa_verify, ecc_ecies }
測試
function main() { var algorithm = require("../main/ecc003jsrsasign") //pkcs1 var priKeyPkcs1 = "MHQCAQEEID7ytsiAhdlS+hisEkdox7E2pTDP/nKmFdyKWyrqaFh/oAcGBSuBBAAKoUQDQgAEE0eb7o1ibninvBQlX8+sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A=="; var priKeyPkcs8 = "MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQgPvK2yICF2VL6GKwSR2jHsTalMM/+cqYV3IpbKupoWH+gBwYFK4EEAAqhRANCAAQTR5vujWJueKe8FCVfz6yOKAdoHjrXY2frbSnbTM/FsoCMtrnDkzaMnC0Pe/ZtEOOYh4BXcAeHPHM823nq3sHo"; //普通的后端key var pubKey = "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE0eb7o1ibninvBQlX8+sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A=="; console.log("-----簽名-驗簽-------") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA1withECDSA, priKeyPkcs8, "hello world") algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA1withECDSA, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA224withECDSA, priKeyPkcs8, "hello world") algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA224withECDSA, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA256withECDSA, priKeyPkcs8, "hello world") algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA256withECDSA, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA384withECDSA, priKeyPkcs8, "hello world") algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA384withECDSA, pubKey, value, "hello world") var value = algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA512withECDSA, priKeyPkcs8, "hello world") algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA512withECDSA, pubKey, value, "hello world") // console.log("-----密鑰交換-------") // algorithm.ecc_ecdh("") console.log("-----加密 解密-------") algorithm.ecc_ecies("") } main();
更多:https://github.com/kjur/jsrsasign.git
3.5、nodejs結合java使用簽名驗簽
Java 語言,就使用「PKCS8」密鑰格式,也叫 「PKCS#8」,如果非 Java 語言可以考慮「PKCS1」。
Java 使用private key 和 public key時,要把首尾「-----BEGIN PRIVATE KEY-----」之類的刪除,但在 JavaScript 里使用時,一定要加上。
nodejs與java的ecc加密簽名通訊。
3.5.1、使用java操作生成雙方公私鑰
java端ecc:https://github.com/bjlhx15/algorithm-sign.git
使用測代碼生成:com.github.bjlhx15.security.encryptSign001BcEcc.BcEccAlgorithmUtilTest 生成 initKeyPairBase64 ,后續操作方便使用 process 測試
A pubKey:MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYfNJOtj1Xkfp9bVqoXlB4ixVhNtN7Zl+mPPiyeDrPbKNX7XhmN8EcyOhjfpbXYmJY8JItue9rajOqouS45wYpQ== A priKey:MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQg1xRtgNwZ3oo+509hN+EkoH+hGRDhHiq0zfZy0zQxAOegBwYFK4EEAAqhRANCAARh80k62PVeR+n1tWqheUHiLFWE203tmX6Y8+LJ4Os9so1fteGY3wRzI6GN+ltdiYljwki2572tqM6qi5LjnBil A priKey[pkcs1]:MHQCAQEEINcUbYDcGd6KPudPYTfhJKB/oRkQ4R4qtM32ctM0MQDnoAcGBSuBBAAKoUQDQgAEYfNJOtj1Xkfp9bVqoXlB4ixVhNtN7Zl+mPPiyeDrPbKNX7XhmN8EcyOhjfpbXYmJY8JItue9rajOqouS45wYpQ== B pubKey:MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEJN5FVWR90XaFSMjVEbCGgAqrMbvHCIM0i84kVLuKpESDNgGSnz0AZt4HKElRR8MkZbzsnJdMq5gmDxTrYMyg8Q== B priKey:MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQgUHzI83yRMCfl395xdpx/CB2eZPIsEORBN3OPQyN0RT6gBwYFK4EEAAqhRANCAAQk3kVVZH3RdoVIyNURsIaACqsxu8cIgzSLziRUu4qkRIM2AZKfPQBm3gcoSVFHwyRlvOycl0yrmCYPFOtgzKDx A 向 B 發送數據【密文、簽名】 A 需要用B的 公鑰加密數據 密文:BNmsoiMfajCwsqvNGwx198QliMzFVFySnsGkJuBWGNHxbe/lKxcsDnh3qTyD8DNd+m0se2l3mmJudy+2+msDwCde2lVGLDCRjHh8htCFaFJUGSPP/f7IrzWUMJB1zF8nr1VB7GIGgMeGyGaynE31viTg3Q== A 需要用自己的 私鑰簽名 sign:MEUCIQCEF3hAZed32ZLwxuhuGozogPstm2YPSYNp+jMqGTnK7wIge3L+RMWegt9eBm6u5j7oWi06boKTWspOBSWJRY33Fj8= A 向 B 發送數據:ok B用 需要用自己 的私鑰解密 解密后:我是測試數據對的紛紛 B需要用A 的公鑰驗簽 check:true
3.5.2、nodejs交互操作
方案一、使用nodejs自帶模塊crypto簽名
將A的公私鑰,分發給nodejs使用
java使用的是pkcs8,nodejs的crypto使用的是pkcs1,所以這里使用的是 priKey[pkcs1]
參看3.1示例,注意使用的是sha256的算法
簽名值:MEUCIEuuqtMhHw/JvZgyBrs5djPD0VIZjxdeHYUWeEJsqcdlAiEAyVowkbpvQJuZWrUG2FXhq6+BFDpq9wFSl2CcjcSjGRM=
方案二、使用工具類-jsrsasign
安裝: npm i jsrsasign
參看3.2
3.5.3、java驗簽
此時nodejs端會將簽名發送至,java端
java端驗簽:使用客戶的公鑰,以及簽名
@org.junit.Test public void pkcs8checkSign() throws Exception { String msg = "我是測試數據對的 http://blog.bjlhx.top/"; System.out.println("B需要用A 的公鑰驗簽"); boolean check = BcEccAlgorithmUtil.verify("MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYfNJOtj1Xkfp9bVqoXlB4ixVhNtN7Zl+mPPiyeDrPbKNX7XhmN8EcyOhjfpbXYmJY8JItue9rajOqouS45wYpQ==", msg, "MEUCIEuuqtMhHw/JvZgyBrs5djPD0VIZjxdeHYUWeEJsqcdlAiEAyVowkbpvQJuZWrUG2FXhq6+BFDpq9wFSl2CcjcSjGRM="); System.out.println("check:" + check); }
輸出
B需要用A 的公鑰驗簽 check:true
https://github.com/bjlhx15/algorithm-sign.git的encryptSign001BcEcc 的pkcs8checkSign
3.5.4、java端回發數據簽名
參看:com.github.bjlhx15.security.encryptSign001BcEcc.BcEccAlgorithmUtilTest#process
簽名值:MEQCIEQbw0cfSMncVG/3OT+/HnNQamNAZFPLYt5uYpjCsvoZAiAI9l4hdDDJqXlfKBxovkBUtqjl8r+5BQHZfkS4QRH0/A==
3.5.5、node驗簽
參看3.1
console.log("-----java的簽名-驗簽-------")
var javaSign = 'MEQCIEQbw0cfSMncVG/3OT+/HnNQamNAZFPLYt5uYpjCsvoZAiAI9l4hdDDJqXlfKBxovkBUtqjl8r+5BQHZfkS4QRH0/A==';
algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha256, pubKeyRemote, javaSign, msg+":B")
pubKeyRemote:是B的公鑰;
java端代碼:https://github.com/bjlhx15/algorithm-sign.git的com.github.bjlhx15.security.encryptSign001BcEcc.BcEccAlgorithmUtilTest
nodejs端代碼:https://github.com/bjlhx15/algorithm-sign-nodejs.git 的ecc00X代碼 主要看:testEcc001crypto