本篇文章给大家分享的是有关Java读取OpenSSL实现生成PEM公钥文件的操作,小编觉得挺实用的,因此分享给大家学习,希望大家阅读完这篇文章后可以有所收获,话不多说,跟着小编一起来看看吧。
代码如下:
计算
安全
数据库
网络和加速
企业服务
@Service
class SignService {
private static Logger LOG = LoggerFactory.getLogger(SignService.class);
@Autowired
private Config config;
private Signature signature;
@PostConstruct
private void init() {
try {
PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec(
getDecoder().decode(config.getPrivateKey().getBytes(ISO_8859_1)));
KeyFactory factory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = factory.generatePrivate(priKeySpec);
signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(privateKey);
} catch (NoSuchAlgorithmException |
/*InvalidAlgorithmParameterException |*/
InvalidKeySpecException |
InvalidKeyException ex) {
LOG.warn("RSA init error: {}.", ex);
}
}
String signAndEncode(String source) {
if (Objects.isNull(source)) {
return null;
} else {
return sign(source)
.map(this::encode)
.orElse("");
}
}
private String encode(byte[] source) {
return getEncoder()
.encodeToString(source);
}
private synchronized Optional<byte[]> sign(String source) {
try {
signature.update(source.getBytes(ISO_8859_1));
return Optional.of(signature.sign());
} catch (SignatureException e) {
LOG.warn("SHA1WithRSA {} error: {}.", source, e);
return Optional.empty();
}
}
}单元测试,验证签名是否正确。先初始化Signature:
private Signature signature;
@Before
public void init() {
try {
byte[] key = Files.readAllBytes(Paths.get("/home/ls", "ras_public_key.pem"));
Security.addProvider(new BouncyCastleProvider());
final PemObject pemObject;
try (PemReader pemReader = new PemReader(new InputStreamReader(
new ByteArrayInputStream(key)))) {
pemObject = pemReader.readPemObject();
}
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pemObject.getContent());
KeyFactory factory = KeyFactory.getInstance("RSA");
PublicKey publicKey = factory.generatePublic(pubKeySpec);
signature = Signature.getInstance("SHA1WithRSA");
signature.initVerify(publicKey);
} catch (Exception e) {
e.printStackTrace();
}
}验证方法
private boolean verify(String source, String sign) {
byte[] data = getDecoder().decode(sign);
try {
signature.update(source.getBytes());
return signature.verify(data);
} catch (SignatureException e) {
e.printStackTrace();
return false;
}
}测试
String source = service.signature(request);
String sign = signService.signAndEncode(source);
System.out.println(sign);
assertTrue(verify(source, sign));证明,内容没有被篡改。
其中,ras_public_key.pem文件由openSSL生成。
ls@LS-8500:~$ openssl genrsa -out rsa_private_key.pem 1024
Generating RSA private key, 1024 bit long modulus (2 primes)
...+++++
...............+++++
e is 65537 (0x010001)
ls@LS-8500:~$ openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
-----BEGIN PRIVATE KEY-----
MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAOk4nqif4LtwfePZ
IeGgUc5XYbWk8FpT6UEgO/43i0uprf2RXs3j9eDjOyRwkW2iMCF6S3bNxYuiyJv4
eNc+8w87PJ9bOMRq9WH+ISWIfnPu2x6A1oNOeNkAL7v3ztmpcAn2bNMJ5VscSKp8
S1U02LbHpOErPjvnEul9a/e8xb7TAgMBAAECgYEAvpMeyuoCKQiORo6aqhVoY7Vx
yY2jPhyNYUNm4qAeulBINgkBMDtUI1VrcaZun+jFbcXSPp19DFKTnSgYDsOItt04
VLRSZm5yU1EfL21ZvbxIQjjSMv4BxndjdfdoGh6Gve0p1vqtnXtMivkNNI/HdCrx
R2CpcGNo4Uqg+zgvwzECQQD1yULuH1sMTEGqLHZaBXVVt1ny+oF+3CnDz2ZdQTWj
SLFfBSKplCL8TuEakauUiYf6BVtOjrpzKHRs7hDuZLW5AkEA8umwPbO09ijQdg5e
/nkEnJnG5C4krXZuIcsYnf1wrBCLAoOImgDSvVzRrXHMGNvvP0D3gTIxwZSNPt57
1OFe6wJBAJmcOm9WO3IZKqTvetxSMv3qRJY+B7bAZH3TXleEDMDLCsenDv3K7n6f
0cHoLsL7nXcd5+3V+CNGslTuCLjlSkkCQQCM1fqNu5xmwAElAW4IIkgPN4U+FJbF
T43I4ATUzPU/fZPrEDHqACIvEhqrcfgATbuns9YMPPrmHmfKFJo9MbGjAkEAzmbW
IsDQP4S8TJVd6PvyNZgNrTZvtlMT8/v4MytaEErrljhAR/YLKLcWFxLmQNAL9g4M
SsHT8KunE5YrBmkXkg==
-----END PRIVATE KEY-----
ls@LS-8500:~$ openssl rsa -in rsa_private_key.pem -pubout -out ras_public_key.pem
writing RSA key补充知识:Java导入OpenSSL生成的公私钥文件
1. 生成2048-bit RSA私钥
$ openssl genrsa -out private_key.pem 2048
2. 导出RSA公钥
$ openssl rsa -in private_key.pem -pubout -out public_key.pem
3. 将公私钥文件private_key.pem和public_key.pem的头尾注释去掉
即:
-----BEGIN PUBLIC KEY-----
-----END PUBLIC KEY-----
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
4. 读取公私钥文件内容
// filePath即为private_key.pem和public_key.pem
public static String getKeyFromFile(String filePath) throws Exception {
File file = new File(filePath);
InputStream ins = new FileInputStream(file);
BufferedReader br = new BufferedReader(new InputStreamReader(ins));
String readLine = null;
StringBuffer sb = new StringBuffer();
while ((readLine = br.readLine()) != null) {
sb.append(readLine);
}
br.close();
ins.close();
return new String(sb);
}5. 读取私钥
public static PrivateKey getPrivateKey(String privateKey) throws Exception {
// 解码由base64编码的私钥
byte[] keyBytes = decryptBASE64(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取得私钥
PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
return priKey;
}6. 读取公钥
public static PublicKey getPublicKey(String publicKeyStr) throws Exception {
// 解码由base64编码的公钥
byte[] keyBytes = decryptBASE64(publicKeyStr);
// 取得公钥
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicKey = keyFactory.generatePublic(x509KeySpec);
return publicKey;
}以上就是Java读取OpenSSL实现生成PEM公钥文件的操作,小编相信有部分知识点可能是我们日常工作会见到或用到的。希望你能通过这篇文章学到更多知识。更多详情敬请关注亿速云行业资讯频道。
亿速云提供多种品牌、不同类型SSL证书签发服务,包含:域名型、企业型、企业型专业版、增强型以及增强型专业版,单域名SSL证书300元/年起。点击查看>>
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。
