使用openssl生成证书和对应的私钥请参考使用openssl生成根证书CA并签发下级证书_晒干的老咸鱼的博客-CSDN博客_openssl生成根证书
本篇主要讲解生成证书和私钥之后,如何使用公私钥进行加解密,私钥签名,公钥验签
public static void testPubKey(){
try {
//公钥证书
String workCert = "MIIDtzCCAp8CFEHdcA7b5rGZmtBflLQ6O/97RZW2MA0GCSqGSIb3DQEBCwUAMIGN\n" +
"MQswCQYDVQQGEwJ6ZzEOMAwGA1UECAwFaHViZWkxEzARBgNVBAcMCnlhbmdfaHVi\n" +
"ZXUxEzARBgNVBAoMCnlhbmdfaHViZWkxEzARBgNVBAsMCnlhbmdfaHViZWkxEzAR\n" +
"BgNVBAMMCnlhbmdfaHViZWkxGjAYBgkqhkiG9w0BCQEWC3lhbmdAcXEuY29tMB4X\n" +
"DTIyMDczMDAzMDQxNVoXDTMyMDcyNzAzMDQxNVowgaExCzAJBgNVBAYTAnpnMQ4w\n" +
"DAYDVQQIDAVodWJlaTEYMBYGA1UEBwwPeWFuZ193b3JrX2h1YmVpMRgwFgYDVQQK\n" +
"DA95YW5nX3dvcmtfaHViZWkxGDAWBgNVBAsMD3lhbmdfd29ya19odWJlaTEYMBYG\n" +
"A1UEAwwPeWFuZ193b3JrX2h1YmVpMRowGAYJKoZIhvcNAQkBFgt5YW5nQHFxLmNv\n" +
"bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM14s8Y+Ky9EWRhkEsxq\n" +
"qPNaGS+FyUdLJMR7v9SUY0fH0UpYMV7hYRZC1SEeK8Ig5GwIhPRIQ2dotr8oDd6R\n" +
"kNytraMd668998o9TavHVjNQPzKuPNDtBklD0TNB2a5p/4aw5sC8kUh1WBtAAyz9\n" +
"yZ8gZu5EAxSZd2lm/t1AAv06JNTDVqQqH2C0UUeRyQ6f3rKLOqQWMjoVysWqn+ge\n" +
"IfGlJO70R+3nF6q60epFY9CO/3kJ00xUi6CpOw0u9886bEPmhsr0dAcjPRCOkSWj\n" +
"xMCLlb7aTKEQAK1wPiSiDAgUzwlOEFlhF4GX/dv2o8qcDqbxlGYQBSyBvm9UxrPO\n" +
"1m8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAD6zKXeudVHVtY/tuPjipOSuLTmhU\n" +
"+pbymWelXYVFuvLgm24p+L3w4/NK/51hIMMhzX4DrXbVExAqF5oHA3OdCwn/VoRR\n" +
"V/tdbZhWDUUS/bE9oj1UyQcP9cLHm5YQ6fCKgvqy6yfgp5JaV5u72gVwJrHcZcuh\n" +
"wJshkb+V1OEdgAz05P47yxlTP029dVvI9159SPewMss6D9JvutQFXsAeNIGIKmJy\n" +
"0auCbKKNmngP4UnkIW6lUx9FhJ4tRk3nppIf48qkweIPbtWnNbyW+MeDTmIR3Bst\n" +
"T8/gZoX6ZLdrrLCJd7+BY7/vxHkx91Dn/AtsjskzzH+yOTN3UHqDMam9vw==";
//证书私钥
String workCertPrivateKey = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNeLPGPisvRFkY\n" +
"ZBLMaqjzWhkvhclHSyTEe7/UlGNHx9FKWDFe4WEWQtUhHivCIORsCIT0SENnaLa/\n" +
"KA3ekZDcra2jHeuvPffKPU2rx1YzUD8yrjzQ7QZJQ9EzQdmuaf+GsObAvJFIdVgb\n" +
"QAMs/cmfIGbuRAMUmXdpZv7dQAL9OiTUw1akKh9gtFFHkckOn96yizqkFjI6FcrF\n" +
"qp/oHiHxpSTu9Eft5xequtHqRWPQjv95CdNMVIugqTsNLvfPOmxD5obK9HQHIz0Q\n" +
"jpElo8TAi5W+2kyhEACtcD4kogwIFM8JThBZYReBl/3b9qPKnA6m8ZRmEAUsgb5v\n" +
"VMazztZvAgMBAAECggEASyHDus2oxNPdMEoHha/Kr5FWfEYTX3peq2oErxrDYs/x\n" +
"+5lcFDGdaqJthHqfzZBxdf93fkueOgXULPnceHIJ4mevgmHCeIXUQaNA73soTgMd\n" +
"2M5Vdp/1GH0v1epSSrB/uyScfAV3qmMeIHi7sIvsWb9jY+SCq9miDGyY7RYnAajF\n" +
"J+7pgr+8bwLrV8KV8vXCNZD6zwH6NCUYcpsDCul2uE7n99gEKxJu27DqkaCCjiWE\n" +
"6dkeYfAXhhq3dj2SRrQZ+3ufL3E4QVxrpxAMAx8r7MwxuVka+ADeYZriFdREDYrQ\n" +
"2eb46H+IYk/iokSC1enfmkMdAegbc43dQrDaoMJQAQKBgQDyse8RoZTYC/d/3dao\n" +
"Y6HuBvEVVLbncc4DOHVwZ3ZOtTWASmbIUkTX54KzdCCYEy5n8yMtjDtNX7Y6N0hz\n" +
"Rzpj9PgTTTulIeqiFgjGRo1FWvDyte2LFSZZ4I59uRDDChOwqufVUotiVUJL/FgL\n" +
"yljRy5Kb7i7pEW17aSDtL20qAQKBgQDYvFwuQnPJVNR3OPReWsoYX9liHbXv6gCg\n" +
"XuS0t25Vt4asDG5u3gJ1SBJSI3g0UPf0TF0YPHYfzlJGsKvB48Kp66aXm8zPNa0J\n" +
"L8+kH567xpoC/d68qdNy5hRZId/jvmPt54Y0tUy/BjdNmqlDwLbkyZDjTj9m7lNz\n" +
"sEqGjzmgbwKBgA/sdM8nVujGADs3hvoNb3Z6ph7MLCQLZ4T2k14Iq86GPThpqUzD\n" +
"eRjha8XyfKD9wTG41joK1WlCOmafcfV+WupsDErX6m3vR8HSyEiaIHLIgL6sCSXz\n" +
"AU0sWq0NE3h4lMomrIdmnxaYmXz61ZwQbrt1K+1nN1S7e/946lwlnHgBAoGAY2Cq\n" +
"28M4mB4/dZM16XWzqM16PZTl8WXYd7BLKdnZy4/lPkpM8KT3d5NeYy9EVKizqN7C\n" +
"6PQALcFK1IL5nmOyxHr63hVgKbqw5r93dAfTnsIHqEuDr/omrE53Eg+IO0L3SwSX\n" +
"8t8Wm5hcD0dVSW257tnFh5Q/WhD5TtiMs3pEsB0CgYEA4cFqWFWXrxYmKo8oAIdt\n" +
"KknEQtO92IyRejZNrBwQjAK86ixxdUqybvNSLZdava3wpciwcg48yKlgOFBSOsfz\n" +
"vEFLJDozJj/Yeqoy/hhjqw6pHxf0n2YjlrBq+YWbJF2+U2FG6+01NA8i4v0ASWjz\n" +
"Vx5ffzP6TqAxECuyy+hDxDs=";
String mainKeyHex="74657374616263646566313030303031";
//公钥加密
String hexStr = Base64Util.base64Decode(workCert);
byte[] decode = Forms.hexStringToByte(hexStr);
// //将内容转成流的方式
ByteArrayInputStream bis = new ByteArrayInputStream(decode);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
Certificate certificate = cf.generateCertificate(bis);
//取出公钥--这里的公钥是pkcs8的那种结构型--待核实
PublicKey publicKey = certificate.getPublicKey();
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
//根据转换的名称获取密码对象Cipher(转换的名称:算法/工作模式/填充模式)
Cipher cipher = Cipher.getInstance(keyFactory.getAlgorithm());
//用公钥初始化此Cipher对象(加密模式)
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
//对数据加密
byte[] encrypt = cipher.doFinal(mainKeyHex.getBytes());
//公钥加密然后转Base64
String encMainKeyBase64 = Base64Util.base64Encode(encrypt);
System.out.println("证书公钥加密转base64:" + encMainKeyBase64);
//私钥解密
String encMainKey = Base64Util.base64Decode(encMainKeyBase64);
byte[] privateKeyData = Forms.hexStringToByte(Base64Util.base64Decode(workCertPrivateKey));
//创建PKCS8编码密钥规范
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKeyData);
//根据PKCS8编码密钥规范产生私钥对象
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8KeySpec);
//用私钥初始化此Cipher对象(解密模式)
cipher.init(Cipher.DECRYPT_MODE, privateKey);
//对数据解密
byte[] decrypt = cipher.doFinal(Forms.hexStringToByte(encMainKey));
System.out.println("证书公钥对应的私钥解密:" + new String(decrypt));
Signature signature = Signature.getInstance("SHA256WithRSA");
signature.initSign(privateKey);
signature.update(HexUtil.decodeHex(mainKeyHex));
byte[] signData = signature.sign();
System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 签名: [%s]", Forms.byteToHexString(signData)));
String signBase64 = Base64Util.base64Encode(signData);
System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 签名 Base64: [%s]", signBase64));
signature.initVerify(publicKey);
String signBase64Decode = Base64Util.base64Decode(signBase64);
System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 验签 signBase64Decode: [%s]", signBase64Decode));
//update原待签名数据
signature.update(HexUtil.decodeHex(mainKeyHex));
//verify原签名后数据
boolean result = signature.verify(Forms.hexStringToByte(signBase64Decode));
System.out.println(String.format("签名校验 --- genRsaSign RSAWithSHA256 验签: [%s]", result));
} catch (Exception e) {
e.printStackTrace();
}
}