数字签名
数字签名是非对称加密与音讯摘要的组合运用
运用场景
1.校验用户身份(运用私钥签名,公钥校验,只要用公钥能校验通过,则该信息一定是私钥持有者发布的)
2.校验数据的完整性(用解密后的音讯摘要跟原文的音讯摘要进行比照)
Api文档搜索Signature
RSACrypt封装一个回来privatekey和publickey的方法
fun getPrivateKey():PrivateKey{
//保存密钥对
val privateKeyString = "MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCcEBoTuOL3OpJ+GBqsz0gqqm8v/X8RcQsFJ/qS7gbjAbCIVb0i2kxUrPQtOX9a4jH0diS/9ngAOONQLF4obBitzzLefGGdmGqD0Nmf9C3fyUaYUSZVBeqdYjIOLTYEIpTTPzIoBWcKT7rvSNkmvEQOpWdSrViADKnQZcST+PxVGv/0vg1FcfNK8tcL7SDMvmgHIe8mS6zddBGmEUwlj14FDcVABW/sXc/mlfRB345O07cLxcg/yD7kHmr9ZwHytWb9mNUPM2Q80QYl9Kn7AqSbwaTcERx3kAiUMQMp1CeSGK0GkoRSg9G4A0e9G7UoXZ38LUMjAVBIDKn+t0kHZ39VAgMBAAECggEAKr3qNm6Tkrxy9J/rZlra2/yTuSQHUiKQrxfU87rHHhMPYzeANnRtJV+8/EncDGsY3WgiBoUdNopeD04nd5Crbabquq58Gaptua5QfBNnIPxCHmNTSUP2jqYfKWzOd3F1KyoKtZVNNDDD9NcRyh8T0KMSWj1pmKBfPdkxbolpqnDswmDL77KjCTnHTJRjQQux3SihHuOJ4MvgHnHjqjSLZL+6qnUJw838AnhZiIGLlIhaSPbEtuZH7Nk37zodjq+7nBvH0cCvX/XqGRQC2oZeCIWyDv3J5HE4V9PEjiktQVY32f+YZGm3C2EAWqhFZYXDdStYEBCM/UM7EJiGep6OoQKBgQDp9kqJfATLBqnTHzK5SywVPXU0w/fZD4Z9KnvTKhwpivjp8zdcSuiG7F3P8mXIenjbxUyaL2x/9PFgBD878Cj9tXkLnaGb9qwJKgHBCoNwqngg7Z4HTmeDklLfnuUACyf+XX+5V7XHDpoA9tkZflQp267/I+ZLfDAPqSmdJl7l/QKBgQCqw14S1X+o452gx7FK+YVjctndhRN6SY9gZBuC4Q+oU/v2YdFs3CcHVZSijRMqiW8rTGQ/OgFdtD2ef+TMmiRRfnHpgz94iWOAIRKsfJwem3G6SnIZpnQzPSuQshbFIto+lOKqSiV3DnJzfiAI4Eop2RyQMigyVu77lEzyTkySOQKBgQDKfyxGULwJSUwlegQ6EhEmlRnjwJW9Hk3l+aZQv0q+vhTw0FyjGgal+OC9geyMl0wR03OYo+FB4qwj0ak1ZIjmBnKtFhLxXY/LIrt/7GyVUEZHIcK8SiUX4Mav2+QSpJVJ+Hz62ypvDnlGymBfS1LnI8gT9mt1/BfRBjYJWVObtQKBgC3dHy0rzofL6pA+Ui3y6pKVTFKk5WBY1XtsJ791N0FcnTXFe/wi/RCJOcyW22j3VLZqZBpfN/K08D/b1dXmKI8CyRGQwMFdFS5as6tEJKJL2bXRPOgKvvbsHQFV86uq+rcIQgC+vWVGqhK+81eu9fxbZcKM1iL/GlzTrf7+bK5xAoGAU+am9p4hK5VUwgEOLlLeXTi/UZCoql9OnQC0yCjR2Uouq0ip3l+6kK2219FCuC1DGE0zukAv4Th81wzOGNm4uTVyXy81a7IxT5q5+ZiFttERrMCohTfJesOTkfM18WP33pqG1sv9TITRO/DaqK39s7dMVQH4qKVctQuC1/aD4yA="
//转成密钥对目标
val kf = KeyFactory.getInstance("RSA")
val privateKey:PrivateKey = kf.generatePrivate(PKCS8EncodedKeySpec(Base64.decode(privateKeyString)))
return privateKey;
}
fun getPublicKey():PublicKey{
//保存密钥对
val publicKeyString = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBAaE7ji9zqSfhgarM9IKqpvL/1/EXELBSf6ku4G4wGwiFW9ItpMVKz0LTl/WuIx9HYkv/Z4ADjjUCxeKGwYrc8y3nxhnZhqg9DZn/Qt38lGmFEmVQXqnWIyDi02BCKU0z8yKAVnCk+670jZJrxEDqVnUq1YgAyp0GXEk/j8VRr/9L4NRXHzSvLXC+0gzL5oByHvJkus3XQRphFMJY9eBQ3FQAVv7F3P5pX0Qd+OTtO3C8XIP8g+5B5q/WcB8rVm/ZjVDzNkPNEGJfSp+wKkm8Gk3BEcd5AIlDEDKdQnkhitBpKEUoPRuANHvRu1KF2d/C1DIwFQSAyp/rdJB2d/VQIDAQAB"
//转成密钥对目标
val kf = KeyFactory.getInstance("RSA")
val publicKey:PublicKey = kf.generatePublic(X509EncodedKeySpec(Base64.decode(publicKeyString)))
return publicKey
}
//数字签名
object SignatureDedmo {
fun sign(input:String,privateKey:PrivateKey):String{
//获取数字签名目标实例
val signature = Signature.getInstance("SHA256withRSA")
//初始化签名
signature.initSign(privateKey)
//设置数据源
signature.update(input.toByteArray())
//签名
val sign = signature.sign()
return Base64.encode(sign)
}
fun verify(input: String,publicKey:PublicKey,sign:String):Boolean{
val signature = Signature.getInstance("SHA256withRSA")
//初始化签名
signature.initVerify(publicKey)
//传入数据源
signature.update(input.toByteArray())
//校验签名信息
val verify = signature.verify(Base64.decode(sign))
return verify
}
}
fun main(args:Array<String>){
val privateKey = RSACrypt.getPrivateKey()
val publicKey = RSACrypt.getPublicKey()
val input = "name=iPhone&price=7888"
val sign = SignatureDedmo.sign(input,privateKey)
//******************** 校验 ********************
println("校验:"+SignatureDedmo.verify(input,publicKey,sign))
}
如果咱们校验的时候把价格改为7
println("校验:"+SignatureDedmo.verify("name=iPhone&price=7",publicKey,sign))
数字签名流程
有一段文字,进行单项Hash函数(md5/sha1/sha256),假定咱们用md5加密,生成了一串密文“011010111100”,对密文再次加密,这里用到了私钥,也便是RSA加密。加密完生成一串密文“xxxxxxxxxxxx”
到这里为止便是咱们说的签名
当咱们把明文和签名传给收件人,签名是一串乱乱的字符串,收件人用公钥对签名进行解密,解密出来的成果便是“011010111100”,也便是上面第一次对文字加密后的成果 收件人再对接收的明文进行一次MD5,如果成果不一致,说明被他人改了
收件人有咱们的公钥由于进行了公钥交换
加密算法总结
到目前为止,加密算法就学完了
- 对称加密
- 非对称加密
- 音讯摘要
- 数字签名
对称加密总结
- 算法:DES、AES
- 特点:可逆,加密速度快,能够加密大文件
- 运用场景:QQ本地缓存用户信
非对称加密总结
- 算法:RSA 特点:
- 可逆,加密速度慢
- 公钥加密、私钥解密;私钥加密、公钥解密。
- 公钥交换 运用场景:数字签名(结合音讯摘要完成),校验数据完整性
音讯摘要总结
算法:MD5、SHA-1、SHA-256 特点:
- 不可逆,加密后不可破解
- 加密后密文长度固定,和原始数据巨细无关
- 运用场景:用户登录、注册,用户密码
数字签名总结
算法:SHA256withRSA,音讯摘要+非对称加密 特点:
- 私钥签名
- 公钥校验
运用场景:校验数据完整性(付出参数被篡改)