第一段代碼:生成公開/私有密鑰對並在命令行中指定文件,把密鑰對寫入該文件.
import java.security.*;
import java.io.*;
public class KeyPairGen
{
public static void main(String[] args)
{
if(args.length!=1)
{
System.out.println("Usage: java KeyPairGen KeyFile");
System.exit(1);
}
KeyPairGen obj=new KeyPairGen();
try{
obj.gen(args[0]);
}catch(NoSuchAlgorithmException ex)
{
System.out.println("NoSuchAlgorithmException");
}
catch(FileNotFoundException ex)
{
System.out.println("FileNotFoundException");
}
catch(IOException ex)
{
System.out.println("IOException");
}
}
public void gen(String source) throws NoSuchAlgorithmException,
FileNotFoundException,IOException
{
KeyPairGenerator kpGen=KeyPairGenerator.getInstance("DSA");
kpGen.initialize(512);
KeyPair kPair=kpGen.genKeyPair();
FileOutputStream fos=new FileOutputStream(source);
ObjectOutputStream oos=new ObjectOutputStream(fos);
oos.writeObject(kPair);
fos.close();
oos.close();
}
}
第二段代碼,命令行中指定存放密鑰的文件,用於簽名的字符串(這裡使用字符串只是為了簡單,其實在真正實際使用中應該換成用MD5或SHA1算法計算某一文件流的消息摘要值)和簽名所存放的文件.功能是計算出簽名並把該簽名存放在文件中.
import java.security.*;
import java.io.*;
public class SignGen
{
public static void main(String[] args)
{
if(args.length!=3)
{
System.out.println("Usage: java SignGen KeyFile String SigFile");
System.exit(1);
}
SignGen obj=new SignGen();
try{
obj.genSignature(args[0],args[1],args[2]);
}catch(NoSuchAlgorithmException ex)
{
System.out.println("NoSuchAlgorithmException");
}
catch(InvalidKeyException ex)
{
System.out.println("InvalidKeyException");
}
catch(SignatureException ex)
{
System.out.println("SignatureException");
}
catch(ClassNotFoundException ex)
{
System.out.println("ClassNotFoundException");
}
catch(FileNotFoundException ex)
{
System.out.println("FileNotFoundException");
}
catch(IOException ex)
{
System.out.println("IOException");
}
}
public void genSignature(String keyFile,String str,String sigFile)
throws NoSuchAlgorithmException,InvalidKeyException,SignatureException,
ClassNotFoundException,FileNotFoundException,IOException
{
FileInputStream fis=new FileInputStream(keyFile);
ObjectInputStream ois=new ObjectInputStream(fis);
KeyPair kp=(KeyPair)ois.readObject();
PublicKey pubKey=kp.getPublic();
PrivateKey priKey=kp.getPrivate();
fis.close();
ois.close();
Signature sig=Signature.getInstance("SHA1WithDSA");
sig.initSign(priKey);
sig.update(str.getBytes());
byte[] b=sig.sign();
FileOutputStream fos=new FileOutputStream(sigFile);
ObjectOutputStream oos=new ObjectOutputStream(fos);
oos.writeObject(b);
fos.close();
oos.close();
}
}
第三段代碼當然是用於驗證簽名了.命令行中指定三個參數.密鑰文件,更新驗證的字符串和簽名文件.
import java.security.*;
import java.io.*;
public class SignVerify
{
public static void main(String[] args)
{
if(args.length!=3)
{
System.out.println("Usage: java SignVerify KeyFile String SigFile");
System.exit(1);
}
SignVerify obj=new SignVerify();
try{
obj.verify(args[0],args[1],args[2]);
}catch(NoSuchAlgorithmException ex)
{
System.out.println("NoSuchAlgorithmException");
}
catch(InvalidKeyException ex)
{
System.out.println("InvalidKeyException");
}
catch(SignatureException ex)
{
System.out.println("SignatureException");
}
catch(ClassNotFoundException ex)
{
System.out.println("ClassNotFoundException");
}
catch(FileNotFoundException ex)
{
System.out.println("FileNotFoundException");
}
catch(IOException ex)
{
System.out.println("IOException");
}
}
public void verify(String keyFile,String str,String sigFile) throws
NoSuchAlgorithmException,InvalidKeyException,SignatureException,
ClassNotFoundException,FileNotFoundException,IOException
{
FileInputStream fis=new FileInputStream(keyFile);
ObjectInputStream ois=new ObjectInputStream(fis);
KeyPair kp=(KeyPair)ois.readObject();
PublicKey pubKey=kp.getPublic();
PrivateKey priKey=kp.getPrivate();
fis.close();
ois.close();
FileInputStream fis1=new FileInputStream(sigFile);
ObjectInputStream ois1=new ObjectInputStream(fis1);
byte[] b=(byte[])ois1.readObject();
fis1.close();
ois1.close();
Signature sig=Signature.getInstance("SHA1WithDSA");
sig.initVerify(pubKey);
sig.update(str.getBytes());
if(sig.verify(b))
{
System.out.println("Verify OK!");
}
else
{
System.out.println("Verify Error!");
}
}
}
在驗證過程中,密鑰對,字符串和簽名一個都不能錯,否則無法通過驗證.
