devbox
从前慢现在也慢
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

【Java加解密系列】- SM2加解密_sm2engine

作者:从前慢现在也慢 | 2024-05-18 18:09:22

sm2engine

上一篇博客介绍了SM2算法生成密钥的过程,详见-SM2生成密钥。这篇博客接着介绍SM2算法如何用上篇博客生成的密钥进行加解密操作。

因为密钥都是byte数组,在进行加解密前,我们需要将密钥转换成BC库的CipherParameters。代码如下:

  1. /**
  2.      * 私钥转换为 {@link ECPrivateKeyParameters}
  3.      * @param key key
  4.      * @return
  5.      * @throws InvalidKeyException
  6.      */
  7.     public static ECPrivateKeyParameters privateKeyToParams(String algorithm, byte[] key) throws InvalidKeyException, InvalidKeySpecException, NoSuchAlgorithmException {
  8.         Preconditions.checkNotNull(key, "key must be not null !");
  9.         PrivateKey privateKey = generatePrivateKey(algorithm, key);
  10.         return (ECPrivateKeyParameters) ECUtil.generatePrivateKeyParameter(privateKey);
  11.     }
  12.  
  13.     /**
  14.      * 生成私钥
  15.      * @param algorithm 算法
  16.      * @param key       key
  17.      * @return
  18.      */
  19.     public static PrivateKey generatePrivateKey(String algorithm, byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException {
  20.         Preconditions.checkNotNull(algorithm, "algorithm must be not null !");
  21.         Preconditions.checkNotNull(key, "key must be not null !");
  22.         KeySpec keySpec = new PKCS8EncodedKeySpec(key);
  23.         algorithm = getAlgorithmAfterWith(algorithm);
  24.         return getKeyFactory(algorithm).generatePrivate(keySpec);
  25.     }
  26.  
  27.     /**
  28.      * 公钥转换为 {@link ECPublicKeyParameters}
  29.      * @param key key
  30.      * @return
  31.      * @throws InvalidKeyException
  32.      */
  33.     public static ECPublicKeyParameters publicKeyToParams(String algorithm, byte[] key) throws InvalidKeyException, InvalidKeySpecException, NoSuchAlgorithmException {
  34.         Preconditions.checkNotNull(key, "key must be not null !");
  35.         PublicKey publicKey = generatePublicKey(algorithm, key);
  36.         return (ECPublicKeyParameters) ECUtil.generatePublicKeyParameter(publicKey);
  37.     }
  38.  
  39.     /**
  40.      * 生成公钥
  41.      * @param algorithm 算法
  42.      * @param key       key
  43.      * @return
  44.      */
  45.     public static PublicKey generatePublicKey(String algorithm, byte[] key) throws NoSuchAlgorithmException, InvalidKeySpecException {
  46.         Preconditions.checkNotNull(algorithm, "algorithm must be not null !");
  47.         Preconditions.checkNotNull(key, "key must be not null !");
  48.         KeySpec keySpec = new X509EncodedKeySpec(key);
  49.         algorithm = getAlgorithmAfterWith(algorithm);
  50.         return getKeyFactory(algorithm).generatePublic(keySpec);
  51.     }
  52.  
  53.     /**
  54.      * 获取用于密钥生成的算法<br>
  55.      * 获取XXXwithXXX算法的后半部分算法,如果为ECDSA或SM2,返回算法为EC
  56.      * @param algorithm XXXwithXXX算法
  57.      * @return 算法
  58.      */
  59.     private static String getAlgorithmAfterWith(String algorithm) {
  60.         Preconditions.checkNotNull(algorithm, "algorithm must be not null !");
  61.         int indexOfWith = StringUtils.lastIndexOfIgnoreCase(algorithm, "with");
  62.         if (indexOfWith > 0) {
  63.             algorithm = StringUtils.substring(algorithm, indexOfWith + "with".length());
  64.         }
  65.         if ("ECDSA".equalsIgnoreCase(algorithm) || "SM2".equalsIgnoreCase(algorithm)) {
  66.             algorithm = "EC";
  67.         }
  68.         return algorithm;
  69.     }
  70.  
  71.     /**
  72.      * 获取{@link KeyFactory}
  73.      * @param algorithm 非对称加密算法
  74.      * @return {@link KeyFactory}
  75.      */
  76.     private static KeyFactory getKeyFactory(String algorithm) throws NoSuchAlgorithmException {
  77.         final Provider provider = new BouncyCastleProvider();
  78.         return KeyFactory.getInstance(algorithm, provider);
  79.     }

SM2操作主要有四类:加密、解密、签名和验签。代码如下:

  1. /**
  2.      * 加密
  3.      * @param data      数据
  4.      * @param publicKey 公钥
  5.      * @return 加密之后的数据
  6.      */
  7.     public static byte[] encrypt(byte[] data, byte[] publicKey) throws Exception {
  8.         CipherParameters pubKeyParameters = new ParametersWithRandom(publicKeyToParams("SM2", publicKey));
  9.         SM2Engine engine = new SM2Engine(DIGEST);
  10.         engine.init(true, pubKeyParameters);
  11.         return engine.processBlock(data, 0, data.length);
  12.     }
  13.  
  14.     /**
  15.      * 解密
  16.      * @param data       数据
  17.      * @param privateKey 私钥
  18.      * @return 解密之后的数据
  19.      */
  20.     public static byte[] decrypt(byte[] data, byte[] privateKey) throws Exception {
  21.         CipherParameters privateKeyParameters = privateKeyToParams("SM2", privateKey);
  22.         SM2Engine engine = new SM2Engine(DIGEST);
  23.         engine.init(false, privateKeyParameters);
  24.         byte[] byteDate = engine.processBlock(data, 0, data.length);
  25.         return byteDate;
  26.     }
  27.  
  28.     /**
  29.      * 签名
  30.      * @param data 数据
  31.      * @return 签名
  32.      */
  33.     public static byte[] sign(byte[] data, byte[] privateKey) throws Exception {
  34.         SM2Signer signer = new SM2Signer();
  35.         CipherParameters param = new ParametersWithRandom(privateKeyToParams("SM2", privateKey));
  36.         signer.init(true, param);
  37.         signer.update(data, 0, data.length);
  38.         return signer.generateSignature();
  39.     }
  40.  
  41.     /**
  42.      * 用公钥检验数字签名的合法性
  43.      * @param data      数据
  44.      * @param sign      签名
  45.      * @param publicKey 公钥
  46.      * @return 是否验证通过
  47.      */
  48.     public static boolean verify(byte[] data, byte[] sign, byte[] publicKey) throws Exception {
  49.         SM2Signer signer = new SM2Signer();
  50.         CipherParameters param = publicKeyToParams("SM2", publicKey);
  51.         signer.init(false, param);
  52.         signer.update(data, 0, data.length);
  53.         return signer.verifySignature(sign);
  54.     }

跑个测试用例试下:

  1. public static void main(String[] args) throws Exception {
  2.         KeyPair keyPair = generateSm2KeyPair();
  3.         //明文
  4.         String plaintext = "test";
  5.         //加密
  6.         String ciphertext = Base64Utils.encode(encrypt(plaintext.getBytes("utf-8"), keyPair.getPublic().getEncoded()));
  7.         //生成签名
  8.         String signature = Base64Utils.encode(sign(plaintext.getBytes("utf-8"),keyPair.getPrivate().getEncoded()));
  9.         System.out.println("ciphertext: " + ciphertext);
  10.         System.out.println("signature: " + signature);
  11.         //解密
  12.         plaintext = new String(decrypt(Base64Utils.decode(ciphertext),keyPair.getPrivate().getEncoded()),"utf-8");
  13.         //验签
  14.         boolean result = verify(plaintext.getBytes("utf-8"),Base64Utils.decode(signature),keyPair.getPublic().getEncoded());
  15.         System.out.println("plaintext: " + plaintext);
  16.         System.out.println("verify result: " + result);
  17.     }

输出结果如下:

  1. ciphertext: BFH0SXC1bX7OL1i5I4GO/Ck8Lak6gfzrsEzhrk4GY2cKZOug73ThLBYSjbtnpC5z30CJuKmaAf/W+jlviRr9PT1dcBWyrO599UUC4XWW8as4XHej8nE/Rlr9TP5+wP+4AWaub6o=
  2. signature: MEYCIQC7OldJ7B8JvP51zw8P2DfieG5iAj5rWEybqZ3bPG8D5wIhAIVXlOmMxk0t4cNm0oQ0HYIzJZ5JShGIWuVwZLZ/t9mQ
  3. plaintext: test
  4. verify result: true

从结果可以看出,可以进行正常的加解密、生成签名以及验签操作。

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/从前慢现在也慢/article/detail/589354
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号