热门标签
热门文章
- 1Unity学习之常用事件函数Update深度解析_unity update
- 2Unity中如何使一个物体跟随另一个物体运动(物体跟随呀,相机跟随呀,XX跟随呀~)_unity物体跟随另一个物体
- 3Spring Boot利用AOP切面实现接口监控_使用aop实现api监控的一个spring boot starter
- 4【计算机视觉】深度学习框架-Keras_keras深度学习
- 5YOLOv8性能评估指标->mAP、Precision、Recall、FPS、IoU_fps指标
- 6this.$set()用法,强制刷新,新删改查
- 7算法1 一维数组的动态和_具体的一维数组动态和
- 8python+gamere实现最强大脑2D版立方骑士
- 9云计算:从基础架构原理到最佳实践之——运维自动化和工具集成
- 10SpringBoot配置druid数据源_spring.datasource.type=druid
当前位置: article > 正文
国密:生成SM2秘钥、加解密及加验签_sm2加密
作者:代码艺术家 | 2024-01-31 08:46:00
赞
踩
sm2加密
国密改造已经持续了很长时间了,相信很多从事金融科技类的程序猿都遇到过这个需求。这篇文章就为大家带来笔者对于国密改造的一些经验,主要是代码层面,有兴趣的同学可以研究下国密的算法模型!
注:本文所用到的工具类并非笔者所写!
目录
一、国密简述
国密——国家密码局制定的国家密码算法。主要包含SM1、SM2、SM3、SM4几种方式。
SM1:对称加密,且算法不公开,使用硬件加密,本文不做叙述;
SM2:非对称加密,签名以及生成秘钥速度优于RSA,基于ECC算法,运算效率更高,且更安全;
SM3:摘要,国产杂凑算法,生成长度为256比特,优于MD5以及SHA-1算法;
SM4: 无线局域网标准的分组数据算法。对称加密,密钥长度和分组长度均为128位;
注意
生成SM2 公钥是130 位 前面多了04两个标识符,注意区分!
二、依赖准备
国密主要用到下面的包
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcpkix-jdk15on</artifactId>
- <version>1.57</version>
- </dependency>
一定注意版本。实际项目中笔者发现项目其他子工程用到1.56版本的包,所以选择了低版本。
三、SM2算法应用
1、生成SM2公私钥
工具类
- package cn.test.encrypt.utils.sm2;
-
- import cn.test.encrypt.utils.Util;
- import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
- import org.bouncycastle.crypto.digests.SM3Digest;
- import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
- import org.bouncycastle.crypto.params.ECPublicKeyParameters;
- import org.bouncycastle.math.ec.ECPoint;
-
- import java.math.BigInteger;
-
- public class Cipher {
- private int ct;
- private ECPoint p2;
- private SM3Digest sm3keybase;
- private SM3Digest sm3c3;
- private byte key[];
- private byte keyOff;
-
- public Cipher()
- {
- this.ct = 1;
- this.key = new byte[32];
- this.keyOff = 0;
- }
-
- private void Reset()
- {
- this.sm3keybase = new SM3Digest();
- this.sm3c3 = new SM3Digest();
-
- byte p[] = Util.byteConvert32Bytes(p2.getX().toBigInteger());
- this.sm3keybase.update(p, 0, p.length);
- this.sm3c3.update(p, 0, p.length);
-
- p = Util.byteConvert32Bytes(p2.getY().toBigInteger());
- this.sm3keybase.update(p, 0, p.length);
- this.ct = 1;
- NextKey();
- }
-
- private void NextKey()
- {
- SM3Digest sm3keycur = new SM3Digest(this.sm3keybase);
- sm3keycur.update((byte) (ct >> 24 & 0xff));
- sm3keycur.update((byte) (ct >> 16 & 0xff));
- sm3keycur.update((byte) (ct >> 8 & 0xff));
- sm3keycur.update((byte) (ct & 0xff));
- sm3keycur.doFinal(key, 0);
- this.keyOff = 0;
- this.ct++;
- }
-
- public ECPoint Init_enc(SM2 sm2, ECPoint userKey)
- {
- AsymmetricCipherKeyPair key = sm2.ecc_key_pair_generator.generateKeyPair();
- ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters) key.getPrivate();
- ECPublicKeyParameters ecpub = (ECPublicKeyParameters) key.getPublic();
- BigInteger k = ecpriv.getD();
- ECPoint c1 = ecpub.getQ();
- this.p2 = userKey.multiply(k);
- Reset();
- return c1;
- }
-
- public void Encrypt(byte data[])
- {
- this.sm3c3.update(data, 0, data.length);
- for (int i = 0; i < data.length; i++)
- {
- if (keyOff == key.length)
- {
- NextKey();
- }
- data[i] ^= key[keyOff++];
- }
- }
-
- public void Init_dec(BigInteger userD, ECPoint c1)
- {
- this.p2 = c1.multiply(userD);
- Reset();
- }
-
- public void Decrypt(byte data[])
- {
- for (int i = 0; i < data.length; i++)
- {
- if (keyOff == key.length)
- {
- NextKey();
- }
- data[i] ^= key[keyOff++];
- }
-
- this.sm3c3.update(data, 0, data.length);
- }
-
- public void Dofinal(byte c3[])
- {
- byte p[] = Util.byteConvert32Bytes(p2.getY().toBigInteger());
- this.sm3c3.update(p, 0, p.length);
- this.sm3c3.doFinal(c3, 0);
- Reset();
- }
- }
- package cn.test.encrypt.utils.sm2;
-
-
- import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
- import org.bouncycastle.crypto.params.ECDomainParameters;
- import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
- import org.bouncycastle.math.ec.ECCurve;
- import org.bouncycastle.math.ec.ECFieldElement;
- import org.bouncycastle.math.ec.ECFieldElement.Fp;
- import org.bouncycastle.math.ec.ECPoint;
-
- import java.math.BigInteger;
- import java.security.SecureRandom;
-
- public class SM2 {
-
- //国密参数
- public static String[] ecc_param = {
- "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFF",
- "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00000000FFFFFFFFFFFFFFFC",
- "28E9FA9E9D9F5E344D5A9E4BCF6509A7F39789F515AB8F92DDBCBD414D940E93",
- "FFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFF7203DF6B21C6052B53BBF40939D54123",
- "32C4AE2C1F1981195F9904466A39C9948FE30BBFF2660BE1715A4589334C74C7",
- "BC3736A2F4F6779C59BDCEE36B692153D0A9877CC62A474002DF32E52139F0A0"
- };
-
- public static SM2 Instance()
- {
- return new SM2();
- }
-
- public final BigInteger ecc_p;
- public final BigInteger ecc_a;
- public final BigInteger ecc_b;
- public final BigInteger ecc_n;
- public final BigInteger ecc_gx;
- public final BigInteger ecc_gy;
- public final ECCurve ecc_curve;
- public final ECPoint ecc_point_g;
- public final ECDomainParameters ecc_bc_spec;
- public final ECKeyPairGenerator ecc_key_pair_generator;
- public final ECFieldElement ecc_gx_fieldelement;
- public final ECFieldElement ecc_gy_fieldelement;
-
- public SM2()
- {
- this.ecc_p = new BigInteger(ecc_param[0], 16);
- this.ecc_a = new BigInteger(ecc_param[1], 16);
- this.ecc_b = new BigInteger(ecc_param[2], 16);
- this.ecc_n = new BigInteger(ecc_param[3], 16);
- this.ecc_gx = new BigInteger(ecc_param[4], 16);
- this.ecc_gy = new BigInteger(ecc_param[5], 16);
-
- this.ecc_gx_fieldelement = new Fp(this.ecc_p, this.ecc_gx);
- this.ecc_gy_fieldelement = new Fp(this.ecc_p, this.ecc_gy);
-
- this.ecc_curve = new ECCurve.Fp(this.ecc_p, this.ecc_a, this.ecc_b);
- this.ecc_point_g = new ECPoint.Fp(this.ecc_curve, this.ecc_gx_fieldelement, this.ecc_gy_fieldelement);
-
- this.ecc_bc_spec = new ECDomainParameters(this.ecc_curve, this.ecc_point_g, this.ecc_n);
-
- ECKeyGenerationParameters ecc_ecgenparam;
- ecc_ecgenparam = new ECKeyGenerationParameters(this.ecc_bc_spec, new SecureRandom());
-
- this.ecc_key_pair_generator = new ECKeyPairGenerator();
- this.ecc_key_pair_generator.init(ecc_ecgenparam);
- }
- }
生成随机秘钥工具类
- package cn.test.encrypt.utils.sm2;
-
-
- import cn.test.encrypt.utils.Util;
- import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
- import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
- import org.bouncycastle.crypto.params.ECPublicKeyParameters;
- import org.bouncycastle.math.ec.ECPoint;
-
- import java.io.IOException;
- import java.math.BigInteger;
-
- public class SM2EncDecUtils {
- //生成随机秘钥对
- public static SM2KeyVO generateKeyPair(){
- SM2 sm2 = SM2.Instance();
- AsymmetricCipherKeyPair key = null;
- while (true){
- key=sm2.ecc_key_pair_generator.generateKeyPair();
- if(((ECPrivateKeyParameters) key.getPrivate()).getD().toByteArray().length==32){
- break;
- }
- }
- ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters) key.getPrivate();
- ECPublicKeyParameters ecpub = (ECPublicKeyParameters) key.getPublic();
- BigInteger privateKey = ecpriv.getD();
- ECPoint publicKey = ecpub.getQ();
- SM2KeyVO sm2KeyVO = new SM2KeyVO();
- sm2KeyVO.setPublicKey(publicKey);
- sm2KeyVO.setPrivateKey(privateKey);
- //System.out.println("公钥: " + Util.byteToHex(publicKey.getEncoded()));
- //System.out.println("私钥: " + Util.byteToHex(privateKey.toByteArray()));
- return sm2KeyVO;
- }
-
- //数据加密
- public static String encrypt(byte[] publicKey, byte[] data) throws IOException
- {
- if (publicKey == null || publicKey.length == 0)
- {
- return null;
- }
-
- if (data == null || data.length == 0)
- {
- return null;
- }
-
- byte[] source = new byte[data.length];
- //将数组data复制到source
- System.arraycopy(data, 0, source, 0, data.length);
-
- Cipher cipher = new Cipher();
- SM2 sm2 = SM2.Instance();//new自建类,, SM2 sm2 = new SM2();
- ECPoint userKey = sm2.ecc_curve.decodePoint(publicKey);
-
- ECPoint c1 = cipher.Init_enc(sm2, userKey);
- cipher.Encrypt(source);
- byte[] c3 = new byte[32];
- cipher.Dofinal(c3);
-
- // System.out.println("C1 " + Util.byteToHex(c1.getEncoded()));
- // System.out.println("C2 " + Util.byteToHex(source));
- //System.out.println("C3 " + Util.byteToHex(c3));
- //C1 C2 C3拼装成加密字串
- // C1 | C2 | C3
- //return Util.byteToHex(c1.getEncoded()) + Util.byteToHex(source) + Util.byteToHex(c3);
- // C1 | C3 | C2
- return Util.byteToHex(c1.getEncoded()) + Util.byteToHex(c3) + Util.byteToHex(source);
- }
-
- //数据解密
- public static byte[] decrypt(byte[] privateKey, byte[] encryptedData) throws IOException
- {
- if (privateKey == null || privateKey.length == 0)
- {
- return null;
- }
-
- if (encryptedData == null || encryptedData.length == 0)
- {
- return null;
- }
- //加密字节数组转换为十六进制的字符串 长度变为encryptedData.length * 2
- String data = Util.byteToHex(encryptedData);
- /***分解加密字串 C1 | C2 | C3
- * (C1 = C1标志位2位 + C1实体部分128位 = 130)
- * (C3 = C3实体部分64位 = 64)
- * (C2 = encryptedData.length * 2 - C1长度 - C2长度)
- byte[] c1Bytes = Util.hexToByte(data.substring(0,130));
- int c2Len = encryptedData.length - 97;
- byte[] c2 = Util.hexToByte(data.substring(130,130 + 2 * c2Len));
- byte[] c3 = Util.hexToByte(data.substring(130 + 2 * c2Len,194 + 2 * c2Len));
- */
- /***分解加密字串 C1 | C3 | C2
- * (C1 = C1标志位2位 + C1实体部分128位 = 130)
- * (C3 = C3实体部分64位 = 64)
- * (C2 = encryptedData.length * 2 - C1长度 - C2长度)
- */
- byte[] c1Bytes = Util.hexToByte(data.substring(0,130));
- int c2Len = encryptedData.length - 97;
- byte[] c3 = Util.hexToByte(data.substring(130,130 + 64));
- byte[] c2 = Util.hexToByte(data.substring(194,194 + 2 * c2Len));
-
- SM2 sm2 = SM2.Instance();
- BigInteger userD = new BigInteger(1, privateKey);
-
- //通过C1实体字节来生成ECPoint
- ECPoint c1 = sm2.ecc_curve.decodePoint(c1Bytes);
- Cipher cipher = new Cipher();
- cipher.Init_dec(userD, c1);
- cipher.Decrypt(c2);
- cipher.Dofinal(c3);
-
- //返回解密结果
- return c2;
- }
-
- }
SM2曲线算法工具类
- package cn.test.encrypt.utils.sm2;
-
- import cn.test.encrypt.utils.Util;
- import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
- import org.bouncycastle.crypto.digests.SM3Digest;
- import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
- import org.bouncycastle.crypto.params.ECDomainParameters;
- import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
- import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
- import org.bouncycastle.crypto.params.ECPublicKeyParameters;
- import org.bouncycastle.math.ec.ECCurve;
- import org.bouncycastle.math.ec.ECFieldElement;
- import org.bouncycastle.math.ec.ECFieldElement.Fp;
- import org.bouncycastle.math.ec.ECPoint;
-
- import java.math.BigInteger;
- import java.security.SecureRandom;
-
-
- public class SM2Factory {
- /*-----------------------国密算法相关参数begin-----------
- * ------------------*/
- //A 第一系数
- private static final BigInteger a = new BigInteger("fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc",16);
- //B 第二系数
- private static final BigInteger b = new BigInteger("28e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e93",16);
- //曲线X系数
- private static final BigInteger gx = new BigInteger("32c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7",16);
- //曲线Y系数
- private static final BigInteger gy = new BigInteger("bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0",16);
- //生产者顺序系数
- private static final BigInteger n = new BigInteger("fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123",16);
- //素数
- private static final BigInteger p = new BigInteger("fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff",16);
- //因子系数 1
- private static final int h = 1;
- /*-----------------------国密算法相关参数end-----------------------------*/
- //一些必要类
- public final ECFieldElement ecc_gx_fieldelement;
- public final ECFieldElement ecc_gy_fieldelement;
- public final ECCurve ecc_curve;
- public final ECPoint ecc_point_g;
- public final ECDomainParameters ecc_bc_spec;
- public final ECKeyPairGenerator ecc_key_pair_generator;
- /**
- * 初始化方法
- * @return
- */
- public static SM2Factory getInstance(){
- return new SM2Factory();
- }
- public SM2Factory() {
-
- this.ecc_gx_fieldelement = new Fp(this.p,this.gx);
- this.ecc_gy_fieldelement = new Fp(this.p, this.gy);
-
- this.ecc_curve = new ECCurve.Fp(this.p, this.a, this.b);
-
- this.ecc_point_g = new ECPoint.Fp(this.ecc_curve, this.ecc_gx_fieldelement,this.ecc_gy_fieldelement);
- this.ecc_bc_spec = new ECDomainParameters(this.ecc_curve, this.ecc_point_g, this.n);
-
- ECKeyGenerationParameters ecc_ecgenparam;
- ecc_ecgenparam = new ECKeyGenerationParameters(this.ecc_bc_spec, new SecureRandom());
-
- this.ecc_key_pair_generator = new ECKeyPairGenerator();
- this.ecc_key_pair_generator.init(ecc_ecgenparam);
- }
- /**
- * 根据私钥、曲线参数计算Z
- * @param userId
- * @param userKey
- * @return
- */
- public byte[] sm2GetZ(byte[] userId, ECPoint userKey){
- SM3Digest sm3 = new SM3Digest();
-
- int len = userId.length * 8;
- sm3.update((byte) (len >> 8 & 0xFF));
- sm3.update((byte) (len & 0xFF));
- sm3.update(userId, 0, userId.length);
-
- byte[] p = Util.byteConvert32Bytes(this.a);
- sm3.update(p, 0, p.length);
-
- p = Util.byteConvert32Bytes(this.b);
- sm3.update(p, 0, p.length);
-
- p = Util.byteConvert32Bytes(this.gx);
- sm3.update(p, 0, p.length);
-
- p = Util.byteConvert32Bytes(this.gy);
- sm3.update(p, 0, p.length);
-
- p = Util.byteConvert32Bytes(userKey.normalize().getXCoord().toBigInteger());
- sm3.update(p, 0, p.length);
-
- p = Util.byteConvert32Bytes(userKey.normalize().getYCoord().toBigInteger());
- sm3.update(p, 0, p.length);
-
- byte[] md = new byte[sm3.getDigestSize()];
- sm3.doFinal(md, 0);
- return md;
- }
- /**
- * 签名相关值计算
- * @param md
- * @param userD
- * @param userKey
- * @param sm2Result
- */
- public void sm2Sign(byte[] md, BigInteger userD, ECPoint userKey, SM2Result sm2Result) {
- BigInteger e = new BigInteger(1, md);
- BigInteger k = null;
- ECPoint kp = null;
- BigInteger r = null;
- BigInteger s = null;
- do {
- do {
- // 正式环境
- AsymmetricCipherKeyPair keypair = ecc_key_pair_generator.generateKeyPair();
- ECPrivateKeyParameters ecpriv = (ECPrivateKeyParameters) keypair.getPrivate();
- ECPublicKeyParameters ecpub = (ECPublicKeyParameters) keypair.getPublic();
- k = ecpriv.getD();
- kp = ecpub.getQ();
- //System.out.println("BigInteger:" + k + "\nECPoint:" + kp);
-
- //System.out.println("计算曲线点X1: "+ kp.getXCoord().toBigInteger().toString(16));
- //System.out.println("计算曲线点Y1: "+ kp.getYCoord().toBigInteger().toString(16));
- //System.out.println("");
- // r
- r = e.add(kp.getXCoord().toBigInteger());
- r = r.mod(this.n);
- } while (r.equals(BigInteger.ZERO) || r.add(k).equals(this.n)||r.toString(16).length()!=64);
-
- // (1 + dA)~-1
- BigInteger da_1 = userD.add(BigInteger.ONE);
- da_1 = da_1.modInverse(this.n);
- // s
- s = r.multiply(userD);
- s = k.subtract(s).mod(this.n);
- s = da_1.multiply(s).mod(this.n);
- } while (s.equals(BigInteger.ZERO)||(s.toString(16).length()!=64));
-
- sm2Result.r = r;
- sm2Result.s = s;
- }
- /**
- * 验签
- * @param md sm3摘要
- * @param userKey 根据公钥decode一个ecpoint对象
- * @param r 没有特殊含义
- * @param s 没有特殊含义
- * @param sm2Result 接收参数的对象
- */
- public void sm2Verify(byte md[], ECPoint userKey, BigInteger r,
- BigInteger s, SM2Result sm2Result) {
- sm2Result.R = null;
- BigInteger e = new BigInteger(1, md);
- BigInteger t = r.add(s).mod(this.n);
- if (t.equals(BigInteger.ZERO)) {
- return;
- } else {
- ECPoint x1y1 = ecc_point_g.multiply(sm2Result.s);
- //System.out.println("计算曲线点X0: "+ x1y1.normalize().getXCoord().toBigInteger().toString(16));
- //System.out.println("计算曲线点Y0: "+ x1y1.normalize().getYCoord().toBigInteger().toString(16));
- //System.out.println("");
-
- x1y1 = x1y1.add(userKey.multiply(t));
- //System.out.println("计算曲线点X1: "+ x1y1.normalize().getXCoord().toBigInteger().toString(16));
- //System.out.println("计算曲线点Y1: "+ x1y1.normalize().getYCoord().toBigInteger().toString(16));
- //System.out.println("");
- sm2Result.R = e.add(x1y1.normalize().getXCoord().toBigInteger()).mod(this.n);
- //System.out.println("R: " + sm2Result.R.toString(16));
- return;
- }
- }
-
- }
工具类
- package cn.test.encrypt.utils;
-
- import java.math.BigInteger;
-
- public class Util {
- /**
- * 整形转换成网络传输的字节流(字节数组)型数据
- *
- * @param num 一个整型数据
- * @return 4个字节的自己数组
- */
- public static byte[] intToBytes(int num) {
- byte[] bytes = new byte[4];
- bytes[0] = (byte) (0xff & (num >> 0));
- bytes[1] = (byte) (0xff & (num >> 8));
- bytes[2] = (byte) (0xff & (num >> 16));
- bytes[3] = (byte) (0xff & (num >> 24));
- return bytes;
- }
-
- /**
- * 四个字节的字节数据转换成一个整形数据
- *
- * @param bytes 4个字节的字节数组
- * @return 一个整型数据
- */
- public static int byteToInt(byte[] bytes) {
- int num = 0;
- int temp;
- temp = (0x000000ff & (bytes[0])) << 0;
- num = num | temp;
- temp = (0x000000ff & (bytes[1])) << 8;
- num = num | temp;
- temp = (0x000000ff & (bytes[2])) << 16;
- num = num | temp;
- temp = (0x000000ff & (bytes[3])) << 24;
- num = num | temp;
- return num;
- }
-
- /**
- * 长整形转换成网络传输的字节流(字节数组)型数据
- *
- * @param num 一个长整型数据
- * @return 4个字节的自己数组
- */
- public static byte[] longToBytes(long num) {
- byte[] bytes = new byte[8];
- for (int i = 0; i < 8; i++) {
- bytes[i] = (byte) (0xff & (num >> (i * 8)));
- }
-
- return bytes;
- }
-
- /**
- * 大数字转换字节流(字节数组)型数据
- *
- * @param n
- * @return
- */
- public static byte[] byteConvert32Bytes(BigInteger n) {
- byte tmpd[] = (byte[]) null;
- if (n == null) {
- return null;
- }
-
- if (n.toByteArray().length == 33) {
- tmpd = new byte[32];
- System.arraycopy(n.toByteArray(), 1, tmpd, 0, 32);
- } else if (n.toByteArray().length == 32) {
- tmpd = n.toByteArray();
- } else {
- tmpd = new byte[32];
- for (int i = 0; i < 32 - n.toByteArray().length; i++) {
- tmpd[i] = 0;
- }
- System.arraycopy(n.toByteArray(), 0, tmpd, 32 - n.toByteArray().length, n.toByteArray().length);
- }
- return tmpd;
- }
-
- /**
- * 换字节流(字节数组)型数据转大数字
- *
- * @param b
- * @return
- */
- public static BigInteger byteConvertInteger(byte[] b) {
- if (b[0] < 0) {
- byte[] temp = new byte[b.length + 1];
- temp[0] = 0;
- System.arraycopy(b, 0, temp, 1, b.length);
- return new BigInteger(temp);
- }
- return new BigInteger(b);
- }
-
- /**
- * 根据字节数组获得值(十六进制数字)
- *
- * @param bytes
- * @return
- */
- public static String getHexString(byte[] bytes) {
- return getHexString(bytes, true);
- }
-
- /**
- * 根据字节数组获得值(十六进制数字)
- *
- * @param bytes
- * @param upperCase
- * @return
- */
- public static String getHexString(byte[] bytes, boolean upperCase) {
- String ret = "";
- for (int i = 0; i < bytes.length; i++) {
- ret += Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1);
- }
- return upperCase ? ret.toUpperCase() : ret;
- }
-
- /**
- * 打印十六进制字符串
- *
- * @param bytes
- */
- public static void printHexString(byte[] bytes) {
- for (int i = 0; i < bytes.length; i++) {
- String hex = Integer.toHexString(bytes[i] & 0xFF);
- if (hex.length() == 1) {
- hex = '0' + hex;
- }
- System.out.print("0x" + hex.toUpperCase() + ",");
- }
- System.out.println("");
- }
-
- /**
- * Convert hex string to byte[]
- *
- * @param hexString the hex string
- * @return byte[]
- */
- public static byte[] hexStringToBytes(String hexString) {
- if (hexString == null || hexString.equals("")) {
- return null;
- }
-
- hexString = hexString.toUpperCase();
- int length = hexString.length() / 2;
- char[] hexChars = hexString.toCharArray();
- byte[] d = new byte[length];
- for (int i = 0; i < length; i++) {
- int pos = i * 2;
- d[i] = (byte) (charToByte(hexChars[pos]) << 4 | charToByte(hexChars[pos + 1]));
- }
- return d;
- }
-
- /**
- * Convert char to byte
- *
- * @param c char
- * @return byte
- */
- public static byte charToByte(char c) {
- return (byte) "0123456789ABCDEF".indexOf(c);
- }
-
- /**
- * 用于建立十六进制字符的输出的小写字符数组
- */
- private static final char[] DIGITS_LOWER = {'0', '1', '2', '3', '4', '5',
- '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'};
-
- /**
- * 用于建立十六进制字符的输出的大写字符数组
- */
- private static final char[] DIGITS_UPPER = {'0', '1', '2', '3', '4', '5',
- '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'};
-
- /**
- * 将字节数组转换为十六进制字符数组
- *
- * @param data byte[]
- * @return 十六进制char[]
- */
- public static char[] encodeHex(byte[] data) {
- return encodeHex(data, true);
- }
-
- /**
- * 将字节数组转换为十六进制字符数组
- *
- * @param data byte[]
- * @param toLowerCase <code>true</code> 传换成小写格式 , <code>false</code> 传换成大写格式
- * @return 十六进制char[]
- */
- public static char[] encodeHex(byte[] data, boolean toLowerCase) {
- return encodeHex(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER);
- }
-
- /**
- * 将字节数组转换为十六进制字符数组
- *
- * @param data byte[]
- * @param toDigits 用于控制输出的char[]
- * @return 十六进制char[]
- */
- protected static char[] encodeHex(byte[] data, char[] toDigits) {
- int l = data.length;
- char[] out = new char[l << 1];
- // two characters form the hex value.
- for (int i = 0, j = 0; i < l; i++) {
- out[j++] = toDigits[(0xF0 & data[i]) >>> 4];
- out[j++] = toDigits[0x0F & data[i]];
- }
- return out;
- }
-
- /**
- * 将字节数组转换为十六进制字符串
- *
- * @param data byte[]
- * @return 十六进制String
- */
- public static String encodeHexString(byte[] data) {
- return encodeHexString(data, true);
- }
-
- /**
- * 将字节数组转换为十六进制字符串
- *
- * @param data byte[]
- * @param toLowerCase <code>true</code> 传换成小写格式 , <code>false</code> 传换成大写格式
- * @return 十六进制String
- */
- public static String encodeHexString(byte[] data, boolean toLowerCase) {
- return encodeHexString(data, toLowerCase ? DIGITS_LOWER : DIGITS_UPPER);
- }
-
- /**
- * 将字节数组转换为十六进制字符串
- *
- * @param data byte[]
- * @param toDigits 用于控制输出的char[]
- * @return 十六进制String
- */
- protected static String encodeHexString(byte[] data, char[] toDigits) {
- return new String(encodeHex(data, toDigits));
- }
-
- /**
- * 将十六进制字符数组转换为字节数组
- *
- * @param data 十六进制char[]
- * @return byte[]
- * @throws RuntimeException 如果源十六进制字符数组是一个奇怪的长度,将抛出运行时异常
- */
- public static byte[] decodeHex(char[] data) {
- int len = data.length;
-
- if ((len & 0x01) != 0) {
- throw new RuntimeException("Odd number of characters.");
- }
-
- byte[] out = new byte[len >> 1];
-
- // two characters form the hex value.
- for (int i = 0, j = 0; j < len; i++) {
- int f = toDigit(data[j], j) << 4;
- j++;
- f = f | toDigit(data[j], j);
- j++;
- out[i] = (byte) (f & 0xFF);
- }
-
- return out;
- }
-
- /**
- * 将十六进制字符转换成一个整数
- *
- * @param ch 十六进制char
- * @param index 十六进制字符在字符数组中的位置
- * @return 一个整数
- * @throws RuntimeException 当ch不是一个合法的十六进制字符时,抛出运行时异常
- */
- protected static int toDigit(char ch, int index) {
- int digit = Character.digit(ch, 16);
- if (digit == -1) {
- throw new RuntimeException("Illegal hexadecimal character " + ch
- + " at index " + index);
- }
- return digit;
- }
-
- /**
- * 数字字符串转ASCII码字符串
- *
- * @param String 字符串
- * @return ASCII字符串
- */
- public static String StringToAsciiString(String content) {
- String result = "";
- int max = content.length();
- for (int i = 0; i < max; i++) {
- char c = content.charAt(i);
- String b = Integer.toHexString(c);
- result = result + b;
- }
- return result;
- }
-
- /**
- * 十六进制转字符串
- *
- * @param hexString 十六进制字符串
- * @param encodeType 编码类型4:Unicode,2:普通编码
- * @return 字符串
- */
- public static String hexStringToString(String hexString, int encodeType) {
- String result = "";
- int max = hexString.length() / encodeType;
- for (int i = 0; i < max; i++) {
- char c = (char) hexStringToAlgorism(hexString
- .substring(i * encodeType, (i + 1) * encodeType));
- result += c;
- }
- return result;
- }
-
- /**
- * 十六进制字符串装十进制
- *
- * @param hex 十六进制字符串
- * @return 十进制数值
- */
- public static int hexStringToAlgorism(String hex) {
- hex = hex.toUpperCase();
- int max = hex.length();
- int result = 0;
- for (int i = max; i > 0; i--) {
- char c = hex.charAt(i - 1);
- int algorism = 0;
- if (c >= '0' && c <= '9') {
- algorism = c - '0';
- } else {
- algorism = c - 55;
- }
- result += Math.pow(16, max - i) * algorism;
- }
- return result;
- }
-
- /**
- * 十六转二进制
- *
- * @param hex 十六进制字符串
- * @return 二进制字符串
- */
- public static String hexStringToBinary(String hex) {
- hex = hex.toUpperCase();
- String result = "";
- int max = hex.length();
- for (int i = 0; i < max; i++) {
- char c = hex.charAt(i);
- switch (c) {
- case '0':
- result += "0000";
- break;
- case '1':
- result += "0001";
- break;
- case '2':
- result += "0010";
- break;
- case '3':
- result += "0011";
- break;
- case '4':
- result += "0100";
- break;
- case '5':
- result += "0101";
- break;
- case '6':
- result += "0110";
- break;
- case '7':
- result += "0111";
- break;
- case '8':
- result += "1000";
- break;
- case '9':
- result += "1001";
- break;
- case 'A':
- result += "1010";
- break;
- case 'B':
- result += "1011";
- break;
- case 'C':
- result += "1100";
- break;
- case 'D':
- result += "1101";
- break;
- case 'E':
- result += "1110";
- break;
- case 'F':
- result += "1111";
- break;
- }
- }
- return result;
- }
-
- /**
- * ASCII码字符串转数字字符串
- *
- * @param String ASCII字符串
- * @return 字符串
- */
- public static String AsciiStringToString(String content) {
- String result = "";
- int length = content.length() / 2;
- for (int i = 0; i < length; i++) {
- String c = content.substring(i * 2, i * 2 + 2);
- int a = hexStringToAlgorism(c);
- char b = (char) a;
- String d = String.valueOf(b);
- result += d;
- }
- return result;
- }
-
- /**
- * 将十进制转换为指定长度的十六进制字符串
- *
- * @param algorism int 十进制数字
- * @param maxLength int 转换后的十六进制字符串长度
- * @return String 转换后的十六进制字符串
- */
- public static String algorismToHexString(int algorism, int maxLength) {
- String result = "";
- result = Integer.toHexString(algorism);
-
- if (result.length() % 2 == 1) {
- result = "0" + result;
- }
- return patchHexString(result.toUpperCase(), maxLength);
- }
-
- /**
- * 字节数组转为普通字符串(ASCII对应的字符)
- *
- * @param bytearray byte[]
- * @return String
- */
- public static String byteToString(byte[] bytearray) {
- String result = "";
- char temp;
-
- int length = bytearray.length;
- for (int i = 0; i < length; i++) {
- temp = (char) bytearray[i];
- result += temp;
- }
- return result;
- }
-
- /**
- * 二进制字符串转十进制
- *
- * @param binary 二进制字符串
- * @return 十进制数值
- */
- public static int binaryToAlgorism(String binary) {
- int max = binary.length();
- int result = 0;
- for (int i = max; i > 0; i--) {
- char c = binary.charAt(i - 1);
- int algorism = c - '0';
- result += Math.pow(2, max - i) * algorism;
- }
- return result;
- }
-
- /**
- * 十进制转换为十六进制字符串
- *
- * @param algorism int 十进制的数字
- * @return String 对应的十六进制字符串
- */
- public static String algorismToHEXString(int algorism) {
- String result = "";
- result = Integer.toHexString(algorism);
-
- if (result.length() % 2 == 1) {
- result = "0" + result;
-
- }
- result = result.toUpperCase();
-
- return result;
- }
-
- /**
- * HEX字符串前补0,主要用于长度位数不足。
- *
- * @param str String 需要补充长度的十六进制字符串
- * @param maxLength int 补充后十六进制字符串的长度
- * @return 补充结果
- */
- static public String patchHexString(String str, int maxLength) {
- String temp = "";
- for (int i = 0; i < maxLength - str.length(); i++) {
- temp = "0" + temp;
- }
- str = (temp + str).substring(0, maxLength);
- return str;
- }
-
- /**
- * 将一个字符串转换为int
- *
- * @param s String 要转换的字符串
- * @param defaultInt int 如果出现异常,默认返回的数字
- * @param radix int 要转换的字符串是什么进制的,如16 8 10.
- * @return int 转换后的数字
- */
- public static int parseToInt(String s, int defaultInt, int radix) {
- int i = 0;
- try {
- i = Integer.parseInt(s, radix);
- } catch (NumberFormatException ex) {
- i = defaultInt;
- }
- return i;
- }
-
- /**
- * 将一个十进制形式的数字字符串转换为int
- *
- * @param s String 要转换的字符串
- * @param defaultInt int 如果出现异常,默认返回的数字
- * @return int 转换后的数字
- */
- public static int parseToInt(String s, int defaultInt) {
- int i = 0;
- try {
- i = Integer.parseInt(s);
- } catch (NumberFormatException ex) {
- i = defaultInt;
- }
- return i;
- }
-
- /**
- * 十六进制串转化为byte数组
- *
- * @return the array of byte
- */
- public static byte[] hexToByte(String hex)
- throws IllegalArgumentException {
- if (hex.length() % 2 != 0) {
- throw new IllegalArgumentException();
- }
- char[] arr = hex.toCharArray();
- byte[] b = new byte[hex.length() / 2];
- for (int i = 0, j = 0, l = hex.length(); i < l; i++, j++) {
- String swap = "" + arr[i++] + arr[i];
- int byteint = Integer.parseInt(swap, 16) & 0xFF;
- b[j] = new Integer(byteint).byteValue();
- }
- return b;
- }
-
- /**
- * 字节数组转换为十六进制字符串
- *
- * @param b byte[] 需要转换的字节数组
- * @return String 十六进制字符串
- */
- public static String byteToHex(byte b[]) {
- if (b == null) {
- throw new IllegalArgumentException(
- "Argument b ( byte array ) is null! ");
- }
- String hs = "";
- String stmp = "";
- for (int n = 0; n < b.length; n++) {
- stmp = Integer.toHexString(b[n] & 0xff);
- if (stmp.length() == 1) {
- hs = hs + "0" + stmp;
- } else {
- hs = hs + stmp;
- }
- }
- return hs.toLowerCase();
- //return hs.toUpperCase();
- }
-
- public static byte[] subByte(byte[] input, int startIndex, int length) {
- byte[] bt = new byte[length];
- for (int i = 0; i < length; i++) {
- bt[i] = input[i + startIndex];
- }
- return bt;
- }
- }
SM2对象
- package cn.test.encrypt.utils.sm2;
-
- import cn.test.encrypt.utils.Util;
- import cn.test.encrypt.test.SecurityTestAll;
- import org.bouncycastle.math.ec.ECPoint;
-
- import java.math.BigInteger;
-
- public class SM2KeyVO {
- BigInteger privateKey ;
- ECPoint publicKey ;
-
- public BigInteger getPrivateKey() {
- return privateKey;
- }
-
- public void setPrivateKey(BigInteger privateKey) {
- this.privateKey = privateKey;
- }
-
- public ECPoint getPublicKey() {
- return publicKey;
- }
-
- public void setPublicKey(ECPoint publicKey) {
- this.publicKey = publicKey;
- }
-
- //HardPubKey:3059301306072A8648CE3D020106082A811CCF5501822D03420004+X+Y
- //SoftPubKey:04+X+Y
- public String getPubHexInSoft(){
- return Util.byteToHex(publicKey.getEncoded(true));
- //System.out.println("公钥: " + );
- }
- public String getPubHexInHard(){
- return SecurityTestAll.SM2PubHardKeyHead +Util.byteToHex(publicKey.getEncoded(true));
- }
- public String getPriHexInSoft(){
- return Util.byteToHex(privateKey.toByteArray());
- }
- }
测试Demo
- public static void main(String[] args) {
- SM2KeyVO initKeyVO = SM2EncDecUtils.generateKeyPair();
- System.out.println("初始公钥为: "+initKeyVO.getPubHexInSoft());
- System.out.println("初始私钥为: "+initKeyVO.getPriHexInSoft());
- }
输出结果:
2、数据加解密
简单业务描述:使用初始公钥加密工作公钥,使用初始私钥解密加密后公钥;
Demo
- public static void main(String[] args) throws IOException {
- //生成初始秘钥
- SM2KeyVO initKeyVO = SM2EncDecUtils.generateKeyPair();
- String initPubKey = initKeyVO.getPubHexInSoft();
- String initPriKey = initKeyVO.getPriHexInSoft();
- System.out.println("初始公钥为: " + initPubKey);
- System.out.println("初始私钥为: " + initPriKey);
- //生成工作秘钥
- SM2KeyVO serverKey = SM2EncDecUtils.generateKeyPair();
- String serverPubKey = serverKey.getPubHexInSoft();
- String serverPriKey = serverKey.getPriHexInSoft();
- System.out.println("服务端公钥为: " + serverPubKey);
- System.out.println("服务端私钥为: " + serverPriKey);
- //使用初始公钥加密服务端公钥 注意格式字节数组
- String encryptServerPubKey = SM2EncDecUtils.encrypt(Convert.hexToBytes(initPubKey), serverPubKey.getBytes());
- System.out.println("加密后公钥:"+encryptServerPubKey);
- //使用初始私钥解密服务端公钥 注意格式
- byte[] decrypt = SM2EncDecUtils.decrypt(Convert.hexToBytes(initPriKey), Convert.hexToBytes(encryptServerPubKey));
- System.out.println("解密后服务端公钥:"+new String(decrypt));
- if (serverPubKey.equals(new String(decrypt)))
- System.out.println("——————————解密成功——————————");
-
- }
结果:
至此,SM2的公私钥生成以及加解密就完成了,下一期内容为生成Sign以及验证。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/article/detail/50048
