package com.sdyy.common.bc_sm2;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.encoders.Hex;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
/**
* @創建人
* @創建時間 2020/5/7
* @描述
*/
public class BcUtils {
// private static String sm2PfxLocation = ConfigService.getConfig("SM2_PFX_LOCATION");
private static String certStr = "MIIBszCCAV6gAwIBAgIGAWEmMrj+MAwGCCqBHM9VAYN1BQAwHzELMAkGA1UEBhMC\n" +
"Q04xEDAOBgNVBAMTB0F1dG9DQUQwHhcNMTgwMTI0MDMyNTEyWhcNMzUwODA1MTYw\n";
public static void main(String[] args) throws Exception{
String orgData = "123123123";//要簽名的數據
String algorithm = "SM3withSM2";
String yqData = "123123123";//要簽名的數據
String pfxFile = "D:/ESM.pfx";//sm2證書對應的pfx
String password = "111111"; //pfx訪問密碼
Security.addProvider(new BouncyCastleProvider());
FileInputStream fis = new FileInputStream(pfxFile);
KeyStore ks2 = KeyStore.getInstance("PKCS12", "BC");
ks2.load(fis, password.toCharArray());
Enumeration enum1 = ks2.aliases();
String keyAlias = null;
if (enum1.hasMoreElements())
{
keyAlias = (String)enum1.nextElement();
}
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initSign((PrivateKey) ks2.getKey(keyAlias, null), new SecureRandom());
sig.update(orgData.getBytes());
byte[] rs = sig.sign();
String str = Hex.toHexString(rs);
System.out.println(str);
//驗證簽名
sm2VerifySignedData(rs,certStr,yqData);
}
/**
*sm2對簽名后的數據進行驗簽
* @param rs 簽名產生簽名值
* @param certKey 證書串,及公鑰
* @param signValue 簽名原文
* @return
*/
public static void sm2VerifySignedData(byte[] rs,String certKey,String signValue){
try {
CertificateFactory factory = new CertificateFactory();
X509Certificate certificate = (X509Certificate) factory.engineGenerateCertificate(new ByteArrayInputStream(Base64.decode(certKey)));
System.out.println(certificate.getSigAlgName());
// 驗證簽名
Signature signature = Signature.getInstance(certificate.getSigAlgName(), new BouncyCastleProvider());
signature.initVerify(certificate);
signature.update(signValue.getBytes(StandardCharsets.UTF_8));
System.out.println(signature.verify(rs));
}catch (Exception e){
e.printStackTrace();
}
}
//bc包sm2簽名
/**
* bc包sm2簽名
* @param data 待簽數據
* @param pfxFile pfx文件地址(sm2證書對應的pfx)
* @param password pfx訪問密碼
* @return 簽名值
*/
public static byte[] sm2SignData(String data,String pfxFile,String password){
try {
String algorithm = "SM3withSM2";
Security.addProvider(new BouncyCastleProvider());
FileInputStream fis = new FileInputStream(pfxFile);
KeyStore ks2 = KeyStore.getInstance("PKCS12", "BC");
ks2.load(fis, password.toCharArray());
Enumeration enum1 = ks2.aliases();
String keyAlias = null;
if (enum1.hasMoreElements())
{
keyAlias = (String)enum1.nextElement();
}
Signature sig = Signature.getInstance(algorithm, "BC");
sig.initSign((PrivateKey) ks2.getKey(keyAlias, null), new SecureRandom());
sig.update(data.getBytes());
byte[] rs = sig.sign();
String str = Hex.toHexString(rs);
System.out.println(str);
return rs;
}catch (Exception e){
e.printStackTrace();
}
return null;
}
}
Java BC包做sm2加密方法 ,簽名驗簽方法
免責聲明!
本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。