欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

RSA公钥私钥在在实际应用的具体运用

程序员文章站 2022-05-28 18:43:33
...

  在《在Linux下如何使用openssl生成RSA公钥和私钥对》一文中,讲述了在Linux环境下如何生成RSA公钥和私钥,但在Java中,我们又是如何去很好的用它们呢?下面我来看下两个案例,特别是RSA私钥的生成是有输入密码的(在生产环境上一般都应该是这样用的),即在产生密钥对时有输入密码,如输出了12345678。

RSA公钥私钥在在实际应用的具体运用
            
    
    博客分类: java基础 linuxsftp加签验签 
一.加签验签

import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.Security;
import java.security.Signature;
import java.security.interfaces.RSAPrivateKey;
import java.util.Arrays;

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMReader;
import org.bouncycastle.openssl.PasswordFinder;
import org.bouncycastle.util.encoders.Hex;

public class SignatureExample {

    public static void main(String [] args) throws Exception {
        Security.addProvider(new BouncyCastleProvider());

        String message = "hello world";
        File privateKey = new File("C:/test/key");
        KeyPair keyPair = readKeyPair(privateKey, "12345678".toCharArray());

        Signature signature = Signature.getInstance("SHA256WithRSAEncryption");
        signature.initSign(keyPair.getPrivate());
        signature.update(message.getBytes());
        byte [] signatureBytes = signature.sign();
        System.out.println(new String(Hex.encode(signatureBytes)));

        Signature verifier = Signature.getInstance("SHA256WithRSAEncryption");
        verifier.initVerify(keyPair.getPublic());
        verifier.update(message.getBytes());
        if (verifier.verify(signatureBytes)) {
            System.out.println("Signature is valid");
        } else {
            System.out.println("Signature is invalid");
        }
    }

    private static KeyPair readKeyPair(File privateKey, char [] keyPassword) throws IOException {
        FileReader fileReader = new FileReader(privateKey);
        PEMReader r = new PEMReader(fileReader, new DefaultPasswordFinder(keyPassword));
        try {
            return (KeyPair) r.readObject();
        } catch (IOException ex) {
            throw new IOException("The private key could not be decrypted", ex);
        } finally {
            r.close();
            fileReader.close();
        }
    }

    private static class DefaultPasswordFinder implements PasswordFinder {

        private final char [] password;

        private DefaultPasswordFinder(char [] password) {
            this.password = password;
        }

        @Override
        public char[] getPassword() {
            return Arrays.copyOf(password, password.length);
        }
    } 
}

 

二.通过JSch上传文件到SFTP,并从SFTP服务器上下载

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.util.Date;

import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.google.common.io.Closeables;
import com.jcraft.jsch.Channel;
import com.jcraft.jsch.ChannelSftp;
import com.jcraft.jsch.JSch;
import com.jcraft.jsch.Session;
import com.jcraft.jsch.SftpATTRS;
import com.jcraft.jsch.SftpException;

public class SftpUtil {
    
    private final static Logger logger = LoggerFactory.getLogger(SftpUtil.class);
	private final static String STYLE_yyyyMMdd = "yyyyMMdd";
    
    public static String getCurrentDir() {
        return new SimpleDateFormat(STYLE_yyyyMMdd).format(new Date());
    }
    
    private static boolean isDirExist(ChannelSftp sftp, String directory) {
        
        boolean isDirExistFlag = false;
        try {
            SftpATTRS sftpATTRS = sftp.lstat(directory);
            isDirExistFlag = sftpATTRS.isDir();
        }catch(Exception e) {
            isDirExistFlag = false;
        }
        return isDirExistFlag;
    }
    
    private static boolean createDir(ChannelSftp sftp, String dirPath) {
        
        boolean res = false;
        try {
            sftp.cd("/");
            if(isDirExist(sftp, dirPath)) {
                return true;
            }
            String pathArray[] = dirPath.split("/");
            for(String path : pathArray) {
                if(path.equals("")) {
                    continue;
                }
                if(isDirExist(sftp, path)) {
                    sftp.cd(path);
                }else {
                    sftp.mkdir(path);
                    sftp.cd(path);
                }
            }
            res = true;
        }catch(Exception e) {
            res = false;
            logger.warn("创建目录异常!", e);
        }finally {
            try {
                sftp.cd("/");
            } catch (SftpException e) {
                logger.warn("切换到根目录异常!", e);
            }
        }
        return res;
    }
    
    /**
     * 上传文件
     */
    public static void upload(String user, String ip, int port, String password, String privateKeyPath, String passPhrase, String remoteFileName,
            String remoteFilePath, String localFileName) throws Exception {
        ChannelSftp sftp = null;
        FileInputStream input = null;
        Session sshSession = null;
        try {
            JSch jsch = new JSch();
            sshSession = jsch.getSession(user, ip, port);
            // 判断鉴权方式
            if(StringUtils.isNotEmpty(password)) {
                sshSession.setPassword(password);
            }else if(StringUtils.isNotEmpty(passPhrase)){
                jsch.addIdentity(privateKeyPath, passPhrase);
            }else {
                jsch.addIdentity(privateKeyPath);
            }
            sshSession.setConfig("StrictHostKeyChecking", "no");
            sshSession.connect();
            Channel channel = sshSession.openChannel("sftp");
            channel.connect();
            sftp = (ChannelSftp) channel;
            if (sftp != null && sftp.isConnected()) {
                File file = new File(localFileName);
                input = new FileInputStream(file);
                if(remoteFilePath != null && StringUtils.isNotEmpty(remoteFilePath.trim())) {
                    if(createDir(sftp, remoteFilePath.trim())) {
                        sftp.cd(remoteFilePath.trim());
                    }
                }
                sftp.put(input, remoteFileName);
                sftp.quit();
            }
        } finally {
            if (input != null) {
                try {
                    Closeables.close(input, false);
                } finally {
                    input = null;
                }
            }
            if (sftp != null) {
                try {
                    sftp.disconnect();
                } finally {
                    sftp = null;
                }
            }
            if (sshSession != null) {
                try {
                    sshSession.disconnect();
                } finally {
                    sshSession = null;
                }
            }
        }
    }

    /**
     * 下载文件
     */
    public static void download(String user, String ip, int port, String password, String privateKeyPath, String passPhrase, String remoteFileName,
            String remoteFilePath, String localFileName) throws Exception {
        ChannelSftp sftp = null;
        OutputStream output = null;
        Session sshSession = null;
        try {
            JSch jsch = new JSch();
            sshSession = jsch.getSession(user, ip, port);
            // 判断鉴权方式
            if(StringUtils.isNotEmpty(password)) {
                sshSession.setPassword(password);
            }else if(StringUtils.isNotEmpty(passPhrase)){
                jsch.addIdentity(privateKeyPath, passPhrase);
            }else {
                jsch.addIdentity(privateKeyPath);
            }
            sshSession.setConfig("StrictHostKeyChecking", "no");
            sshSession.connect();
            Channel channel = sshSession.openChannel("sftp");
            channel.connect();
            sftp = (ChannelSftp) channel;
            if (sftp != null && sftp.isConnected()) {
                if(remoteFilePath != null && StringUtils.isNotEmpty(remoteFilePath.trim())) {
                    if(createDir(sftp, remoteFilePath.trim())) {
                        sftp.cd(remoteFilePath.trim());
                    }
                }
                output = new FileOutputStream(localFileName, true);
                sftp.get(remoteFileName, output);
                sftp.quit();
            }
        } finally {
            if (output != null) {
                try {
                    Closeables.close(output, false);
                } finally {
                    output = null;
                }
            }
            if (sftp != null) {
                try {
                    sftp.disconnect();
                } finally {
                    sftp = null;
                }
            }
            if (sshSession != null) {
                try {
                    sshSession.disconnect();
                } finally {
                    sshSession = null;
                }
            }
        }
    }

    public static void main(String[] args) throws Exception {
        
		//upload("sftpuser", "10.107.97.20", 57001, null, "C:/Users/bijian/Desktop/test/key", "123456", "a.txt", getCurrentDir(), "C:/Users/bijian/Desktop/bijian.txt");
        download("sftpuser", "10.107.97.20", 57001, null, "C:/Users/bijian/Desktop/test/key", "123456", "b.txt", getCurrentDir(), "C:/Users/bijian/Desktop/bijian02.txt");
		
		//upload("sftpuser", "10.107.97.20", 57001, "12345678", null, null, "a.txt", getCurrentDir(), "C:/Users/bijian/Desktop/bijian.txt");
        download("sftpuser", "10.107.97.20", 57001, "12345678", null, null, "b.txt", getCurrentDir(), "C:/Users/bijian/Desktop/bijian02.txt");
    }
}

 

参考文章:https://*.com/questions/1580012/using-a-pem-encoded-encrypted-private-key-to-sign-a-message-natively

  • RSA公钥私钥在在实际应用的具体运用
            
    
    博客分类: java基础 linuxsftp加签验签 
  • 大小: 79 KB