java/php/c#版rsa簽名以及java驗籤實現
在開放平臺領域,需要給isv提供sdk,簽名是Sdk
中需要提供的功能之一。由於isv使用的開發語言不是單一的,因此sdk需要提供多種語言的版本。譬如java、php、c#
。另外,在電子商務尤其是支付領域,對安全性的要求比較高,所以會採用非對稱金鑰RSA
本文主要介紹如何基於java、php、c#
在客戶端使用rsa簽名,然後在服務端使用Java
驗籤。
1.基於openssl
生成RSA
公私鑰對
a)從網上下載openssl工具:http://www.slproweb.com/products/Win32OpenSSL.html
b)生成私鑰
進入到openssl
的bin
目錄下,執行以下命令:
openssl genrsa -out rsa_private_key.pem 1024
會在bin
目錄下看到新生成的私鑰檔案rsa_private_key.pem
,檔案內容如下:
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDtd1lKsX6ylsAEWFi7E/ut8krJy9PQ7sGYKhIm9TvIdZiq5xzy
aw8NOLzKZ1k486MePYG4tSuoaxSbwuPLwVUzYFvnUZo7aWCIGKn16UWTM4nxc/+d
wce+bhcKrlLbTWi8l580LTE7GxclTh8z7gHq59ivhaoGbK7FNxlUfB4TSQIDAQAB
AoGBAIgTk0x1J+hI8KHMypPxoJCOPoMi1S9uEewTd7FxaB+4G5Mbuv/Dj62A7NaD
oKI9IyUqE9L3ppvtOLMFXCofkKU0p4j7MEJdZ+CjVvgextkWa80nj/UZiM1oOL6Y
HwH4ZtPtY+pFCTK1rdn3+070qBB9tnVntbN/jq0Ld7f0t7UNAkEA9ryI0kxJL9Pu
pO9NEeWuCUo4xcl9x/M9+mtkfY3VoDDDV1E/eUjmoTfANYwrjcddiQrO0MLyEdoo
tiLpN77qOwJBAPZhtv/+pqMVTrLxWnVKLZ4ZVTPPgJQQkFdhWwYlz7oKzB3VbQRt
/jLFXUyCN2eCP7rglrXnaz7AYBftF0ajHEsCQQDDNfkeQULqN0gpcDdOwKRIL1Pp
kHgWmWlg1lTETVJGEi6Kx/prL/VgeiZ1dzgCTUjAoy9r1cEFxM/PAqH3+/F/AkEA
zsTCp6Q2hLblDRewKq7OCdiIwKpr5dbgy/RQR6CD7EYTdxYeH5GPu1wXKJY/mQae
JV9GG/LS9h7MhkfbONS6cQJAdBEb5vloBDLcSQFDQO/VZ9SKFHCmHLXluhhIizYK
Gzgf3OXEGNDSAC3qy+ZTnLd3N5iYrVbK52UoiLOLhhNMqA==
-----END RSA PRIVATE KEY-----
c)生成公鑰
在bin
目錄下,執行以下命令:
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
會在bin
目錄下看到新生成的公鑰檔案rsa_public_key.pem
,檔案內容如下:
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDtd1lKsX6ylsAEWFi7E/ut8krJ
y9PQ7sGYKhIm9TvIdZiq5xzyaw8NOLzKZ1k486MePYG4tSuoaxSbwuPLwVUzYFvn
UZo7aWCIGKn16UWTM4nxc/+dwce+bhcKrlLbTWi8l580LTE7GxclTh8z7gHq59iv
haoGbK7FNxlUfB4TSQIDAQAB
-----END PUBLIC KEY-----
2. 客戶端簽名
2.1 java版簽名實現
/**
* rsa簽名
*
* @param content
* 待簽名的字串
* @param privateKey
* rsa私鑰字串
* @param charset
* 字元編碼
* @return 簽名結果
* @throws Exception
* 簽名失敗則丟擲異常
*/
public String rsaSign(String content, String privateKey, String charset) throws SignatureException {
try {
PrivateKey priKey = getPrivateKeyFromPKCS8("RSA", new ByteArrayInputStream(privateKey.getBytes()));
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initSign(priKey);
if (StringUtils.isEmpty(charset)) {
signature.update(content.getBytes());
} else {
signature.update(content.getBytes(charset));
}
byte[] signed = signature.sign();
return new String(Base64.encodeBase64(signed));
} catch (Exception e) {
throw new SignatureException("RSAcontent = " + content + "; charset = " + charset, e);
}
}
public PrivateKey getPrivateKeyFromPKCS8(String algorithm, InputStream ins) throws Exception {
if (ins == null || StringUtils.isEmpty(algorithm)) {
return null;
}
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
byte[] encodedKey = StreamUtil.readText(ins).getBytes();
encodedKey = Base64.decodeBase64(encodedKey);
return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
}
注意:引數privateKey
是Pem
私鑰檔案中去除頭(-----BEGIN RSA PRIVATE KEY-----
)和尾(-----END RSA PRIVATE KEY-----
)以及換行符後的字串。
如果簽名報以下錯誤:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
則說明rsa
私鑰的格式不是pksc8
格式,需要使用以下命令轉換一下:
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key.pem -outform PEM -nocrypt
然後再提取去除頭和尾以及換行符後字串作為java
版用的rsa
私鑰。
2.2 php
簽名實現
function sign($content, $rsaPrivateKeyPem) {
$priKey = file_get_contents($rsaPrivateKeyPem);
$res = openssl_get_privatekey($priKey);
openssl_sign($content, $sign, $res);
openssl_free_key($res);
$sign = base64_encode($sign);
return $sign;
}
注意:$rsaPrivateKeyPem
為pem
私鑰檔案路徑
2.3 c#簽名實現(引用了國外某位仁兄的方案)
using System;
using System.Text;
using System.Security.Cryptography;
using System.Web;
using System.IO;
namespace Aop.Api.Util
{
/// <summary>
/// RSA簽名工具類。
/// </summary>
public class RSAUtil
{
public static string RSASign(string data, string privateKeyPem)
{
RSACryptoServiceProvider rsaCsp = LoadCertificateFile(privateKeyPem);
byte[] dataBytes = Encoding.UTF8.GetBytes(data);
byte[] signatureBytes = rsaCsp.SignData(dataBytes, "SHA1");
return Convert.ToBase64String(signatureBytes);
}
private static byte[] GetPem(string type, byte[] data)
{
string pem = Encoding.UTF8.GetString(data);
string header = String.Format("-----BEGIN {0}-----\\n", type);
string footer = String.Format("-----END {0}-----", type);
int start = pem.IndexOf(header) + header.Length;
int end = pem.IndexOf(footer, start);
string base64 = pem.Substring(start, (end - start));
return Convert.FromBase64String(base64);
}
private static RSACryptoServiceProvider LoadCertificateFile(string filename)
{
using (System.IO.FileStream fs = System.IO.File.OpenRead(filename))
{
byte[] data = new byte[fs.Length];
byte[] res = null;
fs.Read(data, 0, data.Length);
if (data[0] != 0x30)
{
res = GetPem("RSA PRIVATE KEY", data);
}
try
{
RSACryptoServiceProvider rsa = DecodeRSAPrivateKey(res);
return rsa;
}
catch (Exception ex)
{
}
return null;
}
}
private static RSACryptoServiceProvider DecodeRSAPrivateKey(byte[] privkey)
{
byte[] MODULUS, E, D, P, Q, DP, DQ, IQ;
// --------- Set up stream to decode the asn.1 encoded RSA private key ------
MemoryStream mem = new MemoryStream(privkey);
BinaryReader binr = new BinaryReader(mem); //wrap Memory Stream with BinaryReader for easy reading
byte bt = 0;
ushort twobytes = 0;
int elems = 0;
try
{
twobytes = binr.ReadUInt16();
if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)
binr.ReadByte(); //advance 1 byte
else if (twobytes == 0x8230)
binr.ReadInt16(); //advance 2 bytes
else
return null;
twobytes = binr.ReadUInt16();
if (twobytes != 0x0102) //version number
return null;
bt = binr.ReadByte();
if (bt != 0x00)
return null;
//------ all private key components are Integer sequences ----
elems = GetIntegerSize(binr);
MODULUS = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
E = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
D = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
P = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
Q = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
DP = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
DQ = binr.ReadBytes(elems);
elems = GetIntegerSize(binr);
IQ = binr.ReadBytes(elems);
// ------- create RSACryptoServiceProvider instance and initialize with public key -----
CspParameters CspParameters = new CspParameters();
CspParameters.Flags = CspProviderFlags.UseMachineKeyStore;
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(1024, CspParameters);
RSAParameters RSAparams = new RSAParameters();
RSAparams.Modulus = MODULUS;
RSAparams.Exponent = E;
RSAparams.D = D;
RSAparams.P = P;
RSAparams.Q = Q;
RSAparams.DP = DP;
RSAparams.DQ = DQ;
RSAparams.InverseQ = IQ;
RSA.ImportParameters(RSAparams);
return RSA;
}
catch (Exception ex)
{
return null;
}
finally
{
binr.Close();
}
}
private static int GetIntegerSize(BinaryReader binr)
{
byte bt = 0;
byte lowbyte = 0x00;
byte highbyte = 0x00;
int count = 0;
bt = binr.ReadByte();
if (bt != 0x02) //expect integer
return 0;
bt = binr.ReadByte();
if (bt == 0x81)
count = binr.ReadByte(); // data size in next byte
else
if (bt == 0x82)
{
highbyte = binr.ReadByte(); // data size in next 2 bytes
lowbyte = binr.ReadByte();
byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };
count = BitConverter.ToInt32(modint, 0);
}
else
{
count = bt; // we already have the data size
}
while (binr.ReadByte() == 0x00)
{ //remove high order zeros in data
count -= 1;
}
binr.BaseStream.Seek(-1, SeekOrigin.Current); //last ReadByte wasn't a removed zero, so back up a byte
return count;
}
}
}
注:privateKeyPem
為私鑰檔案路徑
3. 服務端java驗籤
/**
* rsa驗籤
*
* @param content 被簽名的內容
* @param sign 簽名後的結果
* @param publicKey rsa公鑰
* @param charset 字符集
* @return 驗簽結果
* @throws SignatureException 驗籤失敗,則拋異常
*/
boolean doCheck(String content, String sign, String publicKey, String charset) throws SignatureException {
try {
PublicKey pubKey = getPublicKeyFromX509("RSA", new ByteArrayInputStream(publicKey.getBytes()));
Signature signature = Signature.getInstance("SHA1WithRSA");
signature.initVerify(pubKey);
signature.update(getContentBytes(content, charset));
return signature.verify(Base64.decodeBase64(sign.getBytes()));
} catch (Exception e) {
throw new SignatureException("RSA驗證簽名[content = " + content + "; charset = " + charset
+ "; signature = " + sign + "]發生異常!", e);
}
}
private PublicKey getPublicKeyFromX509(String algorithm, InputStream ins) throws NoSuchAlgorithmException {
try {
KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
StringWriter writer = new StringWriter();
StreamUtil.io(new InputStreamReader(ins), writer);
byte[] encodedKey = writer.toString().getBytes();
// 先base64解碼
encodedKey = Base64.decodeBase64(encodedKey);
return keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));
} catch (IOException ex) {
// 不可能發生
} catch (InvalidKeySpecException ex) {
// 不可能發生
}
return null;
}
private byte[] getContentBytes(String content, String charset) throws UnsupportedEncodingException {
if (StringUtil.isEmpty(charset)) {
return content.getBytes();
}
return content.getBytes(charset);
}
注意:引數publicKey
是Pem
公鑰檔案中去除頭(-----BEGIN RSA PRIVATE KEY-----
)和尾(-----END RSA PRIVATE KEY-----
)以及換行符後的字串。
相關文章
- JAVA/PHP/C#版RSA驗籤JavaPHPC#
- Java RSA (SHA1withRSA)簽名和驗籤Java
- java使用RSA加密方式,實現數字簽名Java加密
- RSA加密解密及數字簽名Java實現加密解密Java
- python實現aes加密解密,RSA簽名和驗籤,RSA加密解密,並呼叫介面Python加密解密
- python RSA簽名和解籤Python
- python (3.x) 實現RSA 加簽 驗籤 以及key的序列化Python
- PHP 做 RSA 簽名 生成訂單PHP
- 前後端java+vue 實現rsa 加解密與摘要簽名演算法後端JavaVue解密演算法
- C# .NET Framework 實現SM2加簽、驗籤C#Framework
- PHP RSA2 簽名演算法PHP演算法
- Java 新增數字簽名到Excel以及檢測、刪除簽名JavaExcel
- [實戰]API防護破解之簽名驗籤API
- 使用SHA256WithRSA來簽名和驗籤(.NET/C#)C#
- sm2簽名和驗籤
- Java 新增、驗證PDF 數字簽名Java
- 一篇搞定RSA加密與SHA簽名|與Java完全同步加密Java
- C#與Java的RSA(3)C#Java
- RSA加密解密(無資料大小限制,php、go、java互通實現)加密解密PHPGoJava
- RSA簽名的PSS模式模式
- java和C#使用證照對引數簽名、加密JavaC#加密
- 數字簽名(java) (轉)Java
- Java實現AES和RSA演算法Java演算法
- 使用MD5WithRSA來簽名和驗籤(.NET)
- iOS證書籤名機制&重簽名&防止重簽名iOS
- atitit.http get post的原理以及框架實現java phpHTTP框架JavaPHP
- iOS逆向 - 應用簽名原理及重簽名 (重籤微信應用實戰)iOS
- restful介面返回JSONObject和父類抽象實現類設計,請求頭獲取sign和支付寶RSA簽名驗籤工具類方法RESTJSONObject抽象
- 左傾堆以及Java實現Java
- Java 操作PPT數字簽名(一):新增、檢測、刪除簽名Java
- 在VUE中使用RSA加密解密加簽解籤Vue加密解密
- java實現驗證碼Java
- 網路安全實驗三 PGP 實現郵件加密和簽名加密
- Java+Ajax實現使用者名稱重複檢驗Java
- iText7使用IExternalSignatureContainer進行簽名和驗籤AI
- java RSA 解密Java解密
- Bytom Java版本離線簽名Java
- RSA的主場-證書籤名&OpenSSL演示