第四十八篇：JAVA加密解密之DSA（Digital Signature Algorithm）算法

DSA算法简介

DSA-Digital Signature Algorithm是Schnorr和ElGamal签名算法的变种，被美国NIST作为DSS(DigitalSignature Standard)。简单的说，这是一种更高级的验证方式，用作数字签名。不单单只有公钥、私钥，还有数字签名。私钥加密生成数字签名，公钥验证数据及签名。如果数据和签名不匹配则认为验证失败！数字签名的作用就是校验数据在传输过程中不被修改。数字签名，是单向加密的升级！

DSA算法实现

package com.jianggujin.codec;import java.security.KeyFactory;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.PrivateKey;import java.security.PublicKey;import java.security.Signature;import java.security.spec.PKCS8EncodedKeySpec;import java.security.spec.X509EncodedKeySpec;/** * DSA *  * @author jianggujin * */public class HQDSA{   private static HQDSA dsa = new HQDSA();   public static HQDSA getInstance()   {      return dsa;   }   private HQDSA()   {   }   /**    * DSA签名算法    *     * @author jianggujin    *    */   public static enum HQDSASignatureAlgorithm   {      DSA("DSA"), SHA1withDSA("SHA1withDSA"), SHA224withDSA("SHA224withDSA"), SHA256withDSA("SHA256withDSA");      private String name;      private HQDSASignatureAlgorithm(String name)      {         this.name = name;      }      public String getName()      {         return this.name;      }   }   public static final String ALGORITHM = "DSA";   public byte[] sign(byte[] data, byte[] privateKey, HQDSASignatureAlgorithm signatureAlgorithm) throws Exception   {      return sign(data, privateKey, signatureAlgorithm.getName());   }   public byte[] sign(byte[] data, byte[] privateKey, String signatureAlgorithm) throws Exception   {      PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);      KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);      PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);      Signature signature = Signature.getInstance(signatureAlgorithm);      signature.initSign(priKey);      signature.update(data);      return signature.sign();   }   public boolean verify(byte[] data, byte[] publicKey, byte[] sign, HQDSASignatureAlgorithm signatureAlgorithm)         throws Exception   {      return verify(data, publicKey, sign, signatureAlgorithm.getName());   }   public boolean verify(byte[] data, byte[] publicKey, byte[] sign, String signatureAlgorithm) throws Exception   {      X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);      KeyFactory keyFactory = KeyFactory.getInstance(ALGORITHM);      PublicKey pubKey = keyFactory.generatePublic(keySpec);      Signature signature = Signature.getInstance(signatureAlgorithm);      signature.initVerify(pubKey);      signature.update(data);      return signature.verify(sign);   }   /**    * 初始化密钥    *     * @return    */   public HQKeyPair initKey() throws Exception   {      return initKey(1024);   }   /**    * 初始化密钥    *     * @param keySize    * @return    */   public HQKeyPair initKey(int keySize) throws Exception   {      KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(ALGORITHM);      keyPairGen.initialize(1024);      KeyPair keyPair = keyPairGen.generateKeyPair();      return new HQKeyPair(keyPair);   }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

测试代码：

import org.junit.Test;import com.jianggujin.codec.HQBase64;import com.jianggujin.codec.HQDSA;import com.jianggujin.codec.HQDSA.HQDSASignatureAlgorithm;import com.jianggujin.codec.HQKeyPair;public class DSATest{   HQDSA dsa = HQDSA.getInstance();   HQBase64 base64 = HQBase64.getInstance();   @Test   public void encode() throws Exception   {      byte[] data = "jianggujin".getBytes();      HQKeyPair keyPair = dsa.initKey();      HQDSASignatureAlgorithm[] algorithms = HQDSASignatureAlgorithm.values();      for (HQDSASignatureAlgorithm algorithm : algorithms)      {         System.err.println("=========================================");         System.err.println(algorithm);         byte[] sign = dsa.sign(data, keyPair.getPrivateKey(), algorithm);         System.err.println("签名:" + base64.encodeToString(sign));         System.err.println("验签:" + dsa.verify(data, keyPair.getPublicKey(), sign, algorithm));      }   }}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

测试结果： 
========================================= 
DSA 
签名:MC0CFQCRt2xFSIBJ/XSPHGYmSHhTOCjkwAIUSn8r6egiLg/d+Puq/AjE+IPGEvE= 
验签:true 
========================================= 
SHA1withDSA 
签名:MCwCFGOsJKBaGWXR5QA+YK3Z/QQ2li/LAhRQLQM3BFmM9B2jjyxrBUaO11xqVA== 
验签:true 
========================================= 
SHA224withDSA 
签名:MCwCFANthkgvsQ/zMFDUlkfMiv386bszAhRJCOvQI5LKRuvZdoyOOomNy2R7RA== 
验签:true 
========================================= 
SHA256withDSA 
签名:MCwCFH/IFt1WfO/y6cRAX2GHaA0PkqoSAhRVHgecDEVkXmuZwePvfeLuU/3lqA== 
验签:true