注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

民主与科学

独立之人格,自由之思想

 
 
 

日志

 
 

在加密和签名中使用数字证书(上)  

2011-09-20 15:20:56|  分类: 数字签名 |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
如果你对数字签名还不熟悉,请先阅读《数字签名简介》,《Java的数字签名和数字证书
本示例程序使用的keystore文件robin.keystore和数字证书文件robin.crt都是《数字证书》中相应的命令生成的。
如果你对如何生成keystore文件或数字证书文件请先阅读该文。
SignatureDemo文件
package com.robin.Signature;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

public class SignatureDemo{
public SignatureDemo()
{
init();
Sender sender=new Sender();
sender.doWork();
Receiver receiver=new Receiver();
receiver.doWork();
}
void init() {
}
Message sendingMsg;
void sendMsg(Message sendMsg)
{
sendingMsg=sendMsg;
System.out.println("sending Message");
}
Message getReceivedMsg()
{
System.out.println("receiving Message");
return sendingMsg;
}
class Sender {
private final static String keyStorePath = "robin.keystore";
private final static String keyStorePassword = "GL2009";
private final static String privateKeyPassword = "gl2009";
private final static String keyStoreAlias = "robin";
// belong to sender,it is only visible to sender
private PrivateKey privateKey;
Signature sign;
Sender()
{
init();
}
private void init() {
KeyStore keyStore = null;
try {
keyStore = KeyStore.getInstance("JKS");
} catch (KeyStoreException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
FileInputStream is = null;
try {
is = new FileInputStream(keyStorePath);
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
BufferedInputStream  bis= new BufferedInputStream(is);
try {
//读取KeyStore文件
keyStore.load(bis, keyStorePassword.toCharArray());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
//读取私钥
privateKey = (PrivateKey) keyStore.getKey(keyStoreAlias, privateKeyPassword.toCharArray());
} catch (UnrecoverableKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
X509Certificate cert=null;
try {
cert = (X509Certificate)keyStore.getCertificate("robin");
} catch (KeyStoreException e) {
// TODO Auto-generated catch block
e.printStackTrace();
return;
}
try {
//从数字证书中取得签名算法
sign = Signature.getInstance(cert.getSigAlgName());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
void doWork() {
String words = "This is robin.How are you?";
SecretMessage msg = new SecretMessage(words.getBytes());
//对消息体进行加密
msg.crypt(privateKey);
try {
// 设置加密散列码用的私钥
sign.initSign(privateKey);
} catch (InvalidKeyException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
// 设置散列算法的输入
sign.update(msg.getBody());
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
byte data[] = null;
try {
// 进行散列,对产生的散列码进行加密并返回
data = sign.sign();
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
// 把加密后散列码(即签名)加到消息中
msg.setSignature(data);
// 发送消息
sendMsg(msg);
}
}//end Sender
class Receiver {
public PublicKey publicKey;
Signature sign;
public X509Certificate certificate;
final static String certName = "robin.crt";
Receiver()
{
init();
}
private void init()
{
CertificateFactory certificatefactory = null;
try {
certificatefactory = CertificateFactory.getInstance("X.509");
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
FileInputStream fin = null;
try {
fin = new FileInputStream(certName);
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
certificate = (X509Certificate) certificatefactory
.generateCertificate(fin);
} catch (CertificateException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
publicKey=certificate.getPublicKey();
try {
//从证书中取得签名算法
sign = Signature.getInstance(certificate.getSigAlgName());
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
void doWork() {
// 收到消息
SecretMessage msg = (SecretMessage)getReceivedMsg();
try {
// 设置解密散列码用的公钥。
sign.initVerify(publicKey);
} catch (InvalidKeyException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
try {
// 设置散列算法的输入
sign.update(msg.getBody());
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
/*
* 进行散列计算,比较计算所得散列码是否和解密的散列码是否一致。 一致则验证成功,否则失败
*/
if (sign.verify(msg.getSignature())) {
System.out.println("数字签名验证成功!");
} else {
System.out.println("数字签名验证失败!");
}
} catch (SignatureException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
//对消息体进行解密
msg.decrypt(publicKey);
System.out.println("I just get a message:"+new String(msg.getBody()));
}
}// end Receiver
}
  评论这张
 
阅读(797)| 评论(1)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2017