本文主要是介绍数字签名标准算法——DSA,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
数字签名标准算法——DSA
- 1. 算法简述
- 2.模型分析
- 3. 代码实现
- 3.1 算法实现
- 3.2 测试代码
- 3.3 运行结果
1. 算法简述
RSA为经典数字签名算法
数字签名标准(Digital Signature Standard, DSS), DSS本质是ElGamal数字签名算法,DSS使用的算法成为数字签名算法(Digital Signature Algorithm, DSA)。
DSA与RSA是数字证书不可或缺的两种算法。DSA算法仅包含数字签名算法,使用DSA算法的数字证书无法进行加密通信,而RSA算法既包含加密/解密算法,同时兼具数字签名算法。
2.模型分析
Alice与Bob作为消息交互双方,签名/验签流程如下
3. 代码实现
Java及Bouncy Castle对RSA实现细节
| 算法 | 密钥长度 | 密钥默认长度 | 签名长度 | 备注 |
|---|---|---|---|---|
| SHA1withDSA | 512~1024位(64倍数) | 1024 | - | Java |
| SHA224withDSA、SHA256withDSA 、SHA384withDSA、SHA512withDSA | 512~1024位(64倍数) | 1024 | - | Bouncy Castle实现 |
3.1 算法实现
下面是Java的DSA算法实现
package com.calvin.android.demo2.secrity;import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;/*** Author:cl* Email:lhzheng@grandstream.cn* Date:20-10-21*/
public class DSACoder {/*** 数字签名密钥算法*/public static final String KEY_ALGORITHM = "DSA";/*** 数字签名* 签名/验证算法*/public static final String SIGNATURE_ALGORITHM = "SHA1withDSA";//公钥 Map Keyprivate static final String PUBLIC_KEY = "DSAPublicKey";//私钥Map keyprivate static final String PRIVATE_KEY = "DSAPrivateKey";/*** DSA密钥长度,默认1024位,密钥长度必须是64的倍数,范围512~1024位之间*/private static final int KEY_SIZE = 1024;/*** 签名* @param data 待签名数据* @param privateKey 私钥* @return byte[] 数字签名* @throws Exception 异常*/public static byte[] sign(byte[] data, byte[] privateKey) throws Exception {//转换私钥材料PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);//实例化密钥工厂KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);//取私钥对象PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);//实例化SignatureSignature signature = Signature.getInstance(SIGNATURE_ALGORITHM);//初始化Signaturesignature.initSign(priKey);//更新signature.update(data);//签名return signature.sign();}/*** 校验* @param data 待校验数据* @param publicKey 公钥* @param sign 数字签名* @return boolean 校验成功返回true,校验失败返回false* @throws Exception*/public static boolean verity(byte[] data, byte[] publicKey, byte[] sign) throws Exception{//转换公钥材料X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);//实例化密钥工厂KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);//生成公钥PublicKey pubKey = keyFactory.generatePublic(keySpec);//实例化SignatureSignature signature = Signature.getInstance(SIGNATURE_ALGORITHM);//初始化Signaturesignature.initVerify(pubKey);//更新signature.update(data);//校验证return signature.verify(sign);}public static Map<String, Object> initKey() throws Exception {//实例化密钥对生成器KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(KEY_ALGORITHM);//初始化密钥对生成器keyPairGen.initialize(KEY_SIZE, new SecureRandom());//生成密钥对KeyPair keyPair = keyPairGen.generateKeyPair();//公钥DSAPublicKey publicKey = (DSAPublicKey)keyPair.getPublic();//私钥DSAPrivateKey privateKey = (DSAPrivateKey)keyPair.getPrivate();//封装密钥Map<String, Object> keyMap = new HashMap<>(2);keyMap.put(PUBLIC_KEY, publicKey);keyMap.put(PRIVATE_KEY, privateKey);return keyMap;}public static byte[] getPublicKey(Map<String, Object> keyMap){return ((Key)keyMap.get(PUBLIC_KEY)).getEncoded();}public static byte[] getPrivateKey(Map<String, Object> keyMap){return ((Key)keyMap.get(PRIVATE_KEY)).getEncoded();}
}3.2 测试代码
@Testpublic void dsaSignTest() throws Exception {//初始化密钥Map<String, Object> keyMap = DSACoder.initKey();byte[] publicKey = DSACoder.getPublicKey(keyMap);byte[] privateKey = DSACoder.getPrivateKey(keyMap);System.out.println("公钥:\t"+Base64.encodeToString(publicKey, Base64.DEFAULT));System.out.println("私钥:\t"+Base64.encodeToString(privateKey, Base64.DEFAULT));String inputStr = "DSA数字签名";byte[] data = inputStr.getBytes();//产生签名byte[] sign = DSACoder.sign(data, privateKey);System.out.println("签名:\t"+ Hex.toHexString(sign));//验证签名boolean status = DSACoder.verity(data, publicKey, sign);System.out.println("验签状态:\t"+ status);assertTrue(status);}
3.3 运行结果
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: 公钥: MIIBtjCCASsGByqGSM44BAEwggEeAoGBALp0XqBwHX0xv8pzTPn1vYI9xC5eshO2gPWPXOhjNSWY
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: El4u3aLJcOWW9zrvb9Zzm6jjH316keUqnhbd1A007N3sXIW43YVjsPcqQLw5g45PTxK83UPsVGck
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: ucwOx38Z1ByI0HW/Hgt8ym3GZ6YRsBNFoJ6AV7ECbHeg9FQ/XvhTAhUAoCMUYSx3rXCqIs7ykNak
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: JapM0G0CgYBo66ouj4XZz0S3FQaoknrOuSxlYj0UidiXx3NjqEwzSf6gUEVRur+O+xee0pIZ7Ywf
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: wzGfUqjP+Mmn6huQDCRyk5eO9u2NbsRKdBYRGndMbwAO1vyNehtW0TUuxddC1vcdXCUctYAMH49H
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: RIoXg2z+s8KO0BTli2H9Igy69g2ZtwOBhAACgYAsVYqi4LJcuZp8iNKjrPI4jiFxfekwuIx2vmrI
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: v8yL1602hHirLP85/ibNR8ICGTJK3tkt/FO7nk0DOlLTkct5gXOpzGvp/UuPEONZosxgPHHbf0zQ
2020-10-21 15:06:08.630 15896-15911/com.calvin.android.demo2 I/System.out: NFOWkk6UrOUV4BWcDU6u2OFMf3GAQ4JwUgElTXEI/iyV8m6aD8VCasltcA==
2020-10-21 15:06:08.631 15896-15911/com.calvin.android.demo2 I/System.out: 私钥: MIIBSgIBADCCASsGByqGSM44BAEwggEeAoGBALp0XqBwHX0xv8pzTPn1vYI9xC5eshO2gPWPXOhj
2020-10-21 15:06:08.631 15896-15911/com.calvin.android.demo2 I/System.out: NSWYEl4u3aLJcOWW9zrvb9Zzm6jjH316keUqnhbd1A007N3sXIW43YVjsPcqQLw5g45PTxK83UPs
2020-10-21 15:06:08.631 15896-15911/com.calvin.android.demo2 I/System.out: VGckucwOx38Z1ByI0HW/Hgt8ym3GZ6YRsBNFoJ6AV7ECbHeg9FQ/XvhTAhUAoCMUYSx3rXCqIs7y
2020-10-21 15:06:08.631 15896-15911/com.calvin.android.demo2 I/System.out: kNakJapM0G0CgYBo66ouj4XZz0S3FQaoknrOuSxlYj0UidiXx3NjqEwzSf6gUEVRur+O+xee0pIZ
2020-10-21 15:06:08.631 15896-15911/com.calvin.android.demo2 I/System.out: 7YwfwzGfUqjP+Mmn6huQDCRyk5eO9u2NbsRKdBYRGndMbwAO1vyNehtW0TUuxddC1vcdXCUctYAM
2020-10-21 15:06:08.631 15896-15911/com.calvin.android.demo2 I/System.out: H49HRIoXg2z+s8KO0BTli2H9Igy69g2ZtwQWAhQg4fIBUelmYm8aJvyPOqLadXBAtg==
2020-10-21 15:06:08.636 15896-15911/com.calvin.android.demo2 I/System.out: 签名: 302c0214404e14880800664e6cd8cb1f8d7c9cfb692c789702144c7ecdfe4128001f838042a913ea714eeced0d12
2020-10-21 15:06:08.640 15896-15911/com.calvin.android.demo2 I/System.out: 验签状态: true
这篇关于数字签名标准算法——DSA的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
