如何用Java��d��使用证书

archangel — Wed, 05 Sep 2007 07:18:00 GMT

证书(Certificate�Q�也�U�public-key certificate)是用某种�{�֐��法�Ҏ(gu��)��些内�?比如公钥)�q�行数字�{�֐�后得到的、可以用来当成信��d��p�M��介的数字凭证。证书发行机构通过发行证书告知证书使用者或实体其公�?public-key)以及其它一些辅助信息。证书在�?sh��)子商务安全交易中有着�q�泛的应用，证书发行机构也称CA(Certificate Authority)�?

应用证书

证书在公钥加密应用中的作用是保证公钥在某些可信的机构发布�Q�其在协议SSL、电(sh��)子交易协议SET�{�方面有重要的应用。图1昄��了一个最��单的证书应用�Ҏ(gu��)��Q?

�? 证书应用�Ҏ(gu��)��

证书的应用步骤是�Q?

�Q?�Q?A把自��q��公钥PKA送到CA(Certificate Authority)�Q?

�Q?�Q?CA用自��q��U�钥和A的公钥生成A的证书，证书内包括CA的数字签名。签名对象包括需要在证书中说明的内容�Q�比如A的公钥、时间戳、序列号�{�，��Z��化这里不妨假设证书中只有三项内容�Q�A的公钥PKA、时间戳TIME1、序列号IDA。那么CA发送给A的简单证书凭证可表达为：CertA=Eca[TIME1,IDA,PKA]�Q?

�Q?�Q?B同样把自��q��公钥PKB送到CA�Q?

�Q?�Q?B得到CA发布的证书CertB;

�Q?�Q?A告知B证书CertA�Q?

�Q?�Q?B告知A证书CertB�?

A、B各自得到�Ҏ(gu��)��证书后，利用从CA得到的公�?在CA的自�{�证书中)验证彼此�Ҏ(gu��)��的证书是否有效，如果有效�Q�那么就得到了彼此的公钥。利用对方的公钥�Q�可以加密数据，也可以用来验证对方的数字�{�֐��?

本文��Z��方便说明�Q��ƈ没有使用从CA获得的证书，而是通信双方各自产生自签证书�Q�也��是说图1的A和B�q�没有经�q�CA�Q�不�q�前提是A和B之间是互相拥有对方的证书�?

证书的内容和意义如表1所�C�（�q�里以通用X .509证书格式��Z��Q��?

�? 证书内容和意�?/center>

证书内容	意义
Version	告诉�q�个X.509证书是哪个版本的�Q�目前有v1、V2、v3
Serial Number	��p��书分发机构设�\|�证书的序列�?/td>
Signature Algorithm Identifier	证书采用什么样的签名算�?/td>
Issuer Name	证书发行者名�Q�也��是�l�这个证书签名的机构�?/td>
Validity Period	证书有效旉��范围
Subject Name	被证书发行机构签名后的公钥拥有者或实体的名字，采用X.500协议�Q�在Internet上的标志是惟一的。例如：CN=Java,OU=Infosec,O=Infosec Lab,C=CN表示一个subject name�?/td>

对证书的详细定义及其应用相关的各�U�协议，�q�里不加详细说明�Q�详�l�细节请查看RFC2450、RFC2510、RFC2511、RFC2527、RFC2528、RFC2559、RFC2560、RFC2585、RFC2587�{�文档�?

生成自签证书

个�h或机构可以从信�Q的证书分发机构申请得到证书，比如��_��可以从http://ca.pku.edu.cn 得到一个属于个人的证书。这里可以利用J2SDK的安全工具keytool手工产生自签证书�Q�所谓自�{�证书是指证书中的“Subject Name”和“Issuer Name”相同的证书�?

下面产生一个自�{�证书。安装完J2SDK�Q�这里用的是J2SDK1.4�Q�后�Q�在J2SDK安装目录的bin目录下，有一个keytool的可执行�E�序。利用keytool产生自签证书的步骤如下：

�W�一步，�?genkey命��o选项�Q��生公�U�密钥对。在控制台界面输入：keytool -genkey -alias testkeypair -keyalg RSA -keysize 1024 -sigalg MD5withRSA。这里的-alias表示使用�q�对公私密钥产生新的keystore入口的别�?keystore是用来存攄��理密钥对和证书链的，�~�省位置是在使用者主目录下，�?keystore为名的隐藏文�Ӟ��当然也可指定某个路径存放.keystore文�g)�Q?keyalg是��生公�U�钥�Ҏ(gu��)��用的��法�Q�这里是RSA�Q?keysize定义密钥的长度；-sigalg是签名算法，选择MD5withRSA�Q�即用RSA�{�֐��Q�然后用MD5哈希��法摘要。接下来�Q�系�l�会提示�q�行一些输入：

输入keystore密码�Q? abc123�(zh��n)�的名字与姓氏是什么？  [Unknown]�Q? Li�(zh��n)�的�l�织单位名称是什么？  [Unknown]�Q? InfosecLab�(zh��n)�的�l�织名称是什么？  [Unknown]�Q? InfosecLab Group�(zh��n)�所在的城市或区域名�U�是什么？  [Unknown]�Q? Beijing�(zh��n)�所在的州或省䆾名称是什么？  [Unknown]�Q? Beijing该单位的两字母国家代码是什�? [Unknown]�Q? CNCN=Li, OU=InfosecLab, O=InfosecLab Group, L=Beijing, ST=Beijing, C=CN 正确吗？[否]�Q? y输入的主密码 (如果�?keystore 密码相同�Q�按回�R�Q�：

�W�二步，产生自签证书�Q�输入以下命令：

keytool -selfcert -alias testkeypair -dname "CN=Li, OU=InfosecLab, O=InfosecLab Group, L=Beijing, ST=Beijing, C=CN" 输入keystore密码�Q? abc123

�W�三步，导出自签证书�Q�由上面两步产生的证书，已经存放在以“testkeypair”�ؓ别名的keystore入口了，如果使用其文�Ӟ��必须导出证书。输�?

keytool -export -rfc -alias testkeypair -file mycert.crt  输入keystore密码�Q? abc123保存在文件中的认�?

�q�样�Q�就得到了一个自�{��证书mycert.crt。注意，选项rfc是把证书输出为RFC1421定义的、用Base64最�l�编码的格式�?

��d��证书

Java为安全应用提供了丰富的API�Q�J2SDK1.4 的JSSE (JavaTM Secure Socket Extension) 包括javax.security.certificate包，�q�且提供对证书的操作�Ҏ(gu��)��。而对证书的读操作�Q�只用java.security.cert. CertificateFactory和java.security.cert.X509Certificate��可以了。下面是��d��证书内容的部分代码：

import javax.swing.*;import java.awt.*;import java.awt.event.*;import javax.swing.table.*;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.io.*;public class CARead extends JPanel { private String CA_Name;  private String CA_ItemData[][] = new String[9][2]; private String[] columnNames = {"证书字段标记","内容" }; public CARead(String CertName) {  CA_Name=CertName;  /* 三个Panel用来昄���证书内容*/  JTabbedPane tabbedPane = new JTabbedPane();  JPanel panelNormal = new JPanel();  tabbedPane.addTab("普通信�?, panelNormal);     JPanel panelAll=new JPanel();  panelAll.setLayout(new BorderLayout());  tabbedPane.addTab("所有信�?,panelAll);  JPanel panelBase64=new JPanel();  panelBase64.setLayout(new BorderLayout());  tabbedPane.addTab("Base64�~�码信息",panelBase64);  /* ��d��证书常规信息 */  Read_Normal(panelNormal);  /* ��d��证书文�g字符串表�C�内�?*/  Read_Bin(panelAll);  /* ��d��证原始Base64�~�码形式的证书文�?*/  Read_Raw(panelBase64);  tabbedPane.setSelectedIndex(0);  setLayout(new GridLayout(1, 1));   add(tabbedPane); }  /*以下是定义的Read_Normal()�Q�Read_Bin(),Read_Raw()以及main()   �q�里省略...   */  }

定义证书信息的读取函数如下：

												
												private int Read_Normal(JPanel panel){ String Field; try{  CertificateFactory certificate_factory=CertificateFactory.getInstance("X.509");  FileInputStream file_inputstream=new FileInputStream(CA_Name);  X509Certificate x509certificate=(X509Certificate)certificate_factory.generateCertificate(file_inputstream);  Field=x509certificate.getType();  CA_ItemData[0][0]="�c�d��";  CA_ItemData[0][1]=Field;  Field=Integer.toString(x509certificate.getVersion());  CA_ItemData[1][0]="版本";  CA_ItemData[1][1]=Field;	  Field=x509certificate.getSubjectDN().getName();  CA_ItemData[2][0]="标题";  CA_ItemData[2][1]=Field;  /* 以下�c�M���Q�这里省�?  Field=x509certificate.getNotBefore().toString();得到开始有效日�? Field=x509certificate. getNotAfter().toString();得到截止日期  Field=x509certificate.getSerialNumber().toString(16);得到序列�? Field=x509certificate.getIssuerDN().getName();得到发行者名  Field=x509certificate.getSigAlgName();得到�{�֐����法  Field=x509certificate.getPublicKey().getAlgorithm();得到公钥���法 */  file_inputstream.close();  final JTable table = new JTable(CA_ItemData, columnNames);  TableColumn tc=null;  tc = table.getColumnModel().getColumn(1);  tc.setPreferredWidth(600);   panel.add(table); }catch(Exception exception){  exception.printStackTrace();  return -1; } return 0;}

如果以字�W�串形式��d��证书�Q�加入下面Read_Bin�q�个函数。其中CertificateFactory.generateCertificate() �q�个函数可以从证书标准编�?RFC1421定义)中解出可��M��息。Read_Bin函数代码如下�Q?

												
												private int Read_Bin(JPanel panel){ try{  FileInputStream file_inputstream=new FileInputStream(CA_Name);  DataInputStream data_inputstream=new DataInputStream(file_inputstream);  CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");  byte[] bytes=new byte[data_inputstream.available()];  data_inputstream.readFully(bytes);  ByteArrayInputStream bais=new ByteArrayInputStream(bytes);  JEditorPane Cert_EditorPane;  Cert_EditorPane=new JEditorPane();  while(bais.available()>0){  X509Certificate Cert=(X509Certificate)certificatefactory.generateCertificate(bais);  Cert_EditorPane.setText(Cert_EditorPane.getText()+Cert.toString()); } Cert_EditorPane.disable(); JScrollPane edit_scroll=new JScrollPane(Cert_EditorPane); panel.add(edit_scroll); file_inputstream.close(); data_inputstream.close(); }catch( Exception exception){  exception.printStackTrace();  return -1; } return 0;	}

如果要得到原始证书编码后的信息，则可用如下代码：

												
												private int Read_Raw(JPanel panel){ try{		  JEditorPane Cert_EditorPane=new JEditorPane();  String CertText=null;  File inputFile = new File(CA_Name);  FileReader in = new FileReader(inputFile);  char[] buf=new char[2000];  int len=in.read(buf,0,2000);  for(int i=1;i

最后用�q�个��程序看一看刚才生成的证书mycert.crt内容�Q�把文�g名写入main()中：

												
												public static void main(String[] args) { JFrame frame = new JFrame("证书阅读�?); frame.addWindowListener(new WindowAdapter() {  public void windowClosing(WindowEvent e) {System.exit(0);} }); frame.getContentPane().add(new CARead("mycert.crt"),BorderLayout.CENTER); frame.setSize(700, 425); frame.setVisible(true);}

证书mycert.crt的内�Ҏ(gu��)��C�如�?所�C�，所有信息和Base64的显�C�内容，�q�里不再列�D�?

现在已经��d��了证书的一些内容，那么怎样使用证书呢？我们可以假设A和B要共享一个绝密的文�gF�Q�B信�Q�q�拥有A的证书，也就是说B拥有A的公钥。那么A通过A和B��q��的加密算�?对称密钥��法�Q�比如DES��法)先加密文件F�Q�然后对加密后的F�q�行�{�֐�和散列摘�?比如MD5��法�Q�目的是保证文�g的完整�?�Q�然后把F发送到B。B收到文�g后，先用A的证书中的公钥验证签名，然后再用通过��q��的加密算法解密，��可以得到原文�g了。这里��用的数字�{�֐��Q�可以保证B得到的文�Ӟ��是A的，A不能否认其不拥有文�gF�Q�因为只有A拥有可以让A的公钥验证其�{�֐�的私钥，同时�q�里使用DES��法加密�Q��得文件有保密性�?

使用DES��法的加密解密函数类��|��q�里不对加密��法做进一步讨论，详细��L��J2SDK的JSE部分内容�Q�加密签名、解密验证文件结构见�?�?

�? 加密�{�֐�、解密验证文件结构图

加密函数中的desKeyData存放DES加密密钥�Q�如果要在程序中指定�Q�可以设�|��ؓ�Q?

static byte[] desKeyData = { (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08 };

加密函数写成�Q?

public static void crypt(byte[] cipherText,String outFileName){		 try{  DESKeySpec desKeySpec = new DESKeySpec(desKeyData);  SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");  SecretKey secretKey = keyFactory.generateSecret(desKeySpec);  Cipher cdes = Cipher.getInstance("DES");  cdes.init(Cipher.ENCRYPT_MODE, secretKey);  byte[] ct = cdes.doFinal(cipherText);  try{   FileOutputStream out=new FileOutputStream(outFileName);   out.write(ct);   out.close();  }catch(IOException e){   e.printStackTrace();  } }catch (Exception e){  e.printStackTrace(); }}

其中ct��是加密后的内容,outFileName保存加密后文件的文�g名。把cdes.init(Cipher.ENCRYPT_MODE, secretKey)换成cdes.init(Cipher.DECRYPT_MODE, secretKey)��是解密文�g了�?

文�g加密后就要对文�g�{�֐��Q�保证A发送到B的文件不可伪造。下面是用存攑֜�.keystore中的�U�钥�q�行�{�֐�的函敎ͼ��{�֐�使用的摘要算法是MD5。其中sigText是被�{�֐�内容的输入数�l�，outFileName是保存签名后输出文�g的名�U�ͼ�KeyPassword是读取Keystore使用的密码，KeyStorePath是存�?keystore文�g的�\径，函数代码如下�Q?

public static void sig(byte[] sigText, String outFileName,String KeyPassword,String KeyStorePath){ char[] kpass; int i; try{  KeyStore ks = KeyStore.getInstance("JKS");  FileInputStream ksfis = new FileInputStream(KeyStorePath);   BufferedInputStream ksbufin = new BufferedInputStream(ksfis);    kpass=new char[KeyPassword.length()];  for(i=0;i

验证�{�֐�需要存攄��名文件和被签名的文�g以及证书�Q�其中，updateData存放被签名文件的内容�Q�sigedText存放得到的签名内容，CertName是证书名。验证签名代码如下：

public static void veriSig(byte[] updateData, byte[] sigedText){    try{          CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");		FileInputStream fin=new FileInputStream(CertName);		X509Certificate certificate=(X509Certificate)certificatefactory.generateCertificate(fin);	    PublicKey pub = certificate.getPublicKey();	    Signature rsa=Signature.getInstance("MD5withRSA");        rsa.initVerify(pub);        rsa.update(updateData);        boolean verifies=rsa.verify(sigedText);        System.out.println("verified "+verifies);        if(verifies){               System.out.println("Verify is done!");          }else{               System.out.println("verify is not successful");        }	    	  }catch(Exception e){                e.printStackTrace();	           		 }}

可以用keytool产生两个自签的签名证书，或者到某个CA�ȝ��请两个证书。用Java�~�写加密和验证程序，上述例子只是一个非常简单的证书应用�Q�实际协议对证书的��?比如SSL)要比�q�个复杂多了�?

�? 加密�{�֐�、解密验证文件结构图

加密函数中的desKeyData存放DES加密密钥�Q�如果要在程序中指定�Q�可以设�|��ؓ�Q?

												
												static byte[] desKeyData = { (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08 };

加密函数写成�Q?

public static void crypt(byte[] cipherText,String outFileName){		 try{  DESKeySpec desKeySpec = new DESKeySpec(desKeyData);  SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");  SecretKey secretKey = keyFactory.generateSecret(desKeySpec);  Cipher cdes = Cipher.getInstance("DES");  cdes.init(Cipher.ENCRYPT_MODE, secretKey);  byte[] ct = cdes.doFinal(cipherText);  try{   FileOutputStream out=new FileOutputStream(outFileName);   out.write(ct);   out.close();  }catch(IOException e){   e.printStackTrace();  } }catch (Exception e){  e.printStackTrace(); }}

public static void sig(byte[] sigText, String outFileName,String KeyPassword,String KeyStorePath){ char[] kpass; int i; try{  KeyStore ks = KeyStore.getInstance("JKS");  FileInputStream ksfis = new FileInputStream(KeyStorePath);   BufferedInputStream ksbufin = new BufferedInputStream(ksfis);    kpass=new char[KeyPassword.length()];  for(i=0;i

public static void veriSig(byte[] updateData, byte[] sigedText){    try{          CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");		FileInputStream fin=new FileInputStream(CertName);		X509Certificate certificate=(X509Certificate)certificatefactory.generateCertificate(fin);	    PublicKey pub = certificate.getPublicKey();	    Signature rsa=Signature.getInstance("MD5withRSA");        rsa.initVerify(pub);        rsa.update(updateData);        boolean verifies=rsa.verify(sigedText);        System.out.println("verified "+verifies);        if(verifies){               System.out.println("Verify is done!");          }else{               System.out.println("verify is not successful");        }	    	  }catch(Exception e){                e.printStackTrace();	           		 }}

��d��证书

import javax.swing.*;import java.awt.*;import java.awt.event.*;import javax.swing.table.*;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.io.*;public class CARead extends JPanel { private String CA_Name;  private String CA_ItemData[][] = new String[9][2]; private String[] columnNames = {"证书字段标记","内容" }; public CARead(String CertName) {  CA_Name=CertName;  /* 三个Panel用来昄���证书内容*/  JTabbedPane tabbedPane = new JTabbedPane();  JPanel panelNormal = new JPanel();  tabbedPane.addTab("普通信�?, panelNormal);     JPanel panelAll=new JPanel();  panelAll.setLayout(new BorderLayout());  tabbedPane.addTab("所有信�?,panelAll);  JPanel panelBase64=new JPanel();  panelBase64.setLayout(new BorderLayout());  tabbedPane.addTab("Base64�~�码信息",panelBase64);  /* ��d��证书常规信息 */  Read_Normal(panelNormal);  /* ��d��证书文�g字符串表�C�内�?*/  Read_Bin(panelAll);  /* ��d��证原始Base64�~�码形式的证书文�?*/  Read_Raw(panelBase64);  tabbedPane.setSelectedIndex(0);  setLayout(new GridLayout(1, 1));   add(tabbedPane); }  /*以下是定义的Read_Normal()�Q�Read_Bin(),Read_Raw()以及main()   �q�里省略...   */  }

定义证书信息的读取函数如下：

private int Read_Normal(JPanel panel){ String Field; try{  CertificateFactory certificate_factory=CertificateFactory.getInstance("X.509");  FileInputStream file_inputstream=new FileInputStream(CA_Name);  X509Certificate x509certificate=(X509Certificate)certificate_factory.generateCertificate(file_inputstream);  Field=x509certificate.getType();  CA_ItemData[0][0]="�c�d��";  CA_ItemData[0][1]=Field;  Field=Integer.toString(x509certificate.getVersion());  CA_ItemData[1][0]="版本";  CA_ItemData[1][1]=Field;	  Field=x509certificate.getSubjectDN().getName();  CA_ItemData[2][0]="标题";  CA_ItemData[2][1]=Field;  /* 以下�c�M���Q�这里省�?  Field=x509certificate.getNotBefore().toString();得到开始有效日�? Field=x509certificate. getNotAfter().toString();得到截止日期  Field=x509certificate.getSerialNumber().toString(16);得到序列�? Field=x509certificate.getIssuerDN().getName();得到发行者名  Field=x509certificate.getSigAlgName();得到�{�֐����法  Field=x509certificate.getPublicKey().getAlgorithm();得到公钥���法 */  file_inputstream.close();  final JTable table = new JTable(CA_ItemData, columnNames);  TableColumn tc=null;  tc = table.getColumnModel().getColumn(1);  tc.setPreferredWidth(600);   panel.add(table); }catch(Exception exception){  exception.printStackTrace();  return -1; } return 0;}

private int Read_Bin(JPanel panel){ try{  FileInputStream file_inputstream=new FileInputStream(CA_Name);  DataInputStream data_inputstream=new DataInputStream(file_inputstream);  CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");  byte[] bytes=new byte[data_inputstream.available()];  data_inputstream.readFully(bytes);  ByteArrayInputStream bais=new ByteArrayInputStream(bytes);  JEditorPane Cert_EditorPane;  Cert_EditorPane=new JEditorPane();  while(bais.available()>0){  X509Certificate Cert=(X509Certificate)certificatefactory.generateCertificate(bais);  Cert_EditorPane.setText(Cert_EditorPane.getText()+Cert.toString()); } Cert_EditorPane.disable(); JScrollPane edit_scroll=new JScrollPane(Cert_EditorPane); panel.add(edit_scroll); file_inputstream.close(); data_inputstream.close(); }catch( Exception exception){  exception.printStackTrace();  return -1; } return 0;	}

如果要得到原始证书编码后的信息，则可用如下代码：

private int Read_Raw(JPanel panel){ try{		  JEditorPane Cert_EditorPane=new JEditorPane();  String CertText=null;  File inputFile = new File(CA_Name);  FileReader in = new FileReader(inputFile);  char[] buf=new char[2000];  int len=in.read(buf,0,2000);  for(int i=1;i

最后用�q�个��程序看一看刚才生成的证书mycert.crt内容�Q�把文�g名写入main()中：

public static void main(String[] args) { JFrame frame = new JFrame("证书阅读�?); frame.addWindowListener(new WindowAdapter() {  public void windowClosing(WindowEvent e) {System.exit(0);} }); frame.getContentPane().add(new CARead("mycert.crt"),BorderLayout.CENTER); frame.setSize(700, 425); frame.setVisible(true);}

证书mycert.crt的内�Ҏ(gu��)��C�如�?所�C�，所有信息和Base64的显�C�内容，�q�里不再列�D�?

�? 加密�{�֐�、解密验证文件结构图

加密函数中的desKeyData存放DES加密密钥�Q�如果要在程序中指定�Q�可以设�|��ؓ�Q?

static byte[] desKeyData = { (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08 };

加密函数写成�Q?

public static void crypt(byte[] cipherText,String outFileName){		 try{  DESKeySpec desKeySpec = new DESKeySpec(desKeyData);  SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");  SecretKey secretKey = keyFactory.generateSecret(desKeySpec);  Cipher cdes = Cipher.getInstance("DES");  cdes.init(Cipher.ENCRYPT_MODE, secretKey);  byte[] ct = cdes.doFinal(cipherText);  try{   FileOutputStream out=new FileOutputStream(outFileName);   out.write(ct);   out.close();  }catch(IOException e){   e.printStackTrace();  } }catch (Exception e){  e.printStackTrace(); }}

public static void sig(byte[] sigText, String outFileName,String KeyPassword,String KeyStorePath){ char[] kpass; int i; try{  KeyStore ks = KeyStore.getInstance("JKS");  FileInputStream ksfis = new FileInputStream(KeyStorePath);   BufferedInputStream ksbufin = new BufferedInputStream(ksfis);    kpass=new char[KeyPassword.length()];  for(i=0;i

public static void veriSig(byte[] updateData, byte[] sigedText){    try{          CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");		FileInputStream fin=new FileInputStream(CertName);		X509Certificate certificate=(X509Certificate)certificatefactory.generateCertificate(fin);	    PublicKey pub = certificate.getPublicKey();	    Signature rsa=Signature.getInstance("MD5withRSA");        rsa.initVerify(pub);        rsa.update(updateData);        boolean verifies=rsa.verify(sigedText);        System.out.println("verified "+verifies);        if(verifies){               System.out.println("Verify is done!");          }else{               System.out.println("verify is not successful");        }	    	  }catch(Exception e){                e.printStackTrace();	           		 }}

�? 加密�{�֐�、解密验证文件结构图

加密函数中的desKeyData存放DES加密密钥�Q�如果要在程序中指定�Q�可以设�|��ؓ�Q?

static byte[] desKeyData = { (byte)0x01, (byte)0x02, (byte)0x03, (byte)0x04, (byte)0x05, (byte)0x06, (byte)0x07, (byte)0x08 };

加密函数写成�Q?

public static void crypt(byte[] cipherText,String outFileName){		 try{  DESKeySpec desKeySpec = new DESKeySpec(desKeyData);  SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");  SecretKey secretKey = keyFactory.generateSecret(desKeySpec);  Cipher cdes = Cipher.getInstance("DES");  cdes.init(Cipher.ENCRYPT_MODE, secretKey);  byte[] ct = cdes.doFinal(cipherText);  try{   FileOutputStream out=new FileOutputStream(outFileName);   out.write(ct);   out.close();  }catch(IOException e){   e.printStackTrace();  } }catch (Exception e){  e.printStackTrace(); }}

public static void sig(byte[] sigText, String outFileName,String KeyPassword,String KeyStorePath){ char[] kpass; int i; try{  KeyStore ks = KeyStore.getInstance("JKS");  FileInputStream ksfis = new FileInputStream(KeyStorePath);   BufferedInputStream ksbufin = new BufferedInputStream(ksfis);    kpass=new char[KeyPassword.length()];  for(i=0;i

public static void veriSig(byte[] updateData, byte[] sigedText){    try{          CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");		FileInputStream fin=new FileInputStream(CertName);		X509Certificate certificate=(X509Certificate)certificatefactory.generateCertificate(fin);	    PublicKey pub = certificate.getPublicKey();	    Signature rsa=Signature.getInstance("MD5withRSA");        rsa.initVerify(pub);        rsa.update(updateData);        boolean verifies=rsa.verify(sigedText);        System.out.println("verified "+verifies);        if(verifies){               System.out.println("Verify is done!");          }else{               System.out.println("verify is not successful");        }	    	  }catch(Exception e){                e.printStackTrace();	           		 }}

archangel 2007-09-05 15:18 发表评论

亚洲精品国产欧美,91精品在线影院,99re66热这里只有精品3直播

如何用Java��d��使用证书

不同格式证书导入keystore�Ҏ(gu��)��

bouncycastle jce

使用eclipse生成文档