java/php/c#版rsa签字以及java验签实现-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

java/php/c#版rsa签字以及java验签实现

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 am 11:19 AM

privatereturnrsastring

java/php/c#版rsa签名以及java验签实现

? ? ? ?在开放平台领域，需要给isv提供sdk，签名是Sdk中需要提供的功能之一。由于isv使用的开发语言不是单一的，因此sdk需要提供多种语言的版本。譬如java、php、c#。另外，在电子商务尤其是支付领域，对安全性的要求比较高，所以会采用非对称密钥RSA

? ? ? ?本文主要介绍如何基于java、php、c#在客户端使用rsa签名，然后在服务端使用Java验签。

基于openssl生成RSA公私钥对

a）从网上下载openssl工具，最好是windows下免编译的版本，譬如：http://www.deanlee.cn/programming/openssl-for-windows/

? b）生成私钥

进入到openssl的bin目录下，执行以下命令：

openssl genrsa -out rsa_private_key.pem 1024

会在bin目录下看到新生成的私钥文件rsa_private_key.pem，文件内容如下：

? ?c)生成公钥

在bin目录下，执行以下命令：

openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem

会在bin目录下看到新生成的公钥文件rsa_public_key.pem，文件内容如下：

?2.?客户端签名

? 2.1?java版签名实现

/**     * rsa签名     *      * @param content     *            待签名的字符串     * @param privateKey     *            rsa私钥字符串     * @param charset     *            字符编码     * @return 签名结果     * @throws Exception     *             签名失败则抛出异常     */    public String rsaSign(String content, String privateKey, String charset) throws SignatureException {        try {            PrivateKey priKey = getPrivateKeyFromPKCS8("RSA", new ByteArrayInputStream(privateKey.getBytes()));            Signature signature = Signature.getInstance("SHA1WithRSA");            signature.initSign(priKey);            if (StringUtils.isEmpty(charset)) {                signature.update(content.getBytes());            } else {                signature.update(content.getBytes(charset));            }            byte[] signed = signature.sign();            return new String(Base64.encodeBase64(signed));        } catch (Exception e) {            throw new SignatureException("RSAcontent = " + content + "; charset = " + charset, e);        }    }    public PrivateKey getPrivateKeyFromPKCS8(String algorithm, InputStream ins) throws Exception {        if (ins == null || StringUtils.isEmpty(algorithm)) {            return null;        }        KeyFactory keyFactory = KeyFactory.getInstance(algorithm);        byte[] encodedKey = StreamUtil.readText(ins).getBytes();        encodedKey = Base64.decodeBase64(encodedKey);        return keyFactory.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));    }

?注意：参数privateKey是Pem私钥文件中去除头（-----BEGIN RSA PRIVATE KEY-----）和尾（-----END RSA PRIVATE KEY-----）以及换行符后的字符串。

? 2.2 php签名实现

function sign($content, $rsaPrivateKeyPem) {		$priKey = file_get_contents($rsaPrivateKeyPem);		$res = openssl_get_privatekey($priKey);		openssl_sign($content, $sign, $res);		openssl_free_key($res);		$sign = base64_encode($sign);		return $sign;	}

?注意：$rsaPrivateKeyPem为pem私钥文件路径

? 2.3 c#签名实现(引用了国外某位仁兄的方案)

using System;using System.Text;using System.Security.Cryptography;using System.Web;using System.IO;namespace Aop.Api.Util{    /// <summary>    /// RSA签名工具类。    /// </summary>    public class RSAUtil    {        public static string RSASign(string data, string privateKeyPem)        {            RSACryptoServiceProvider rsaCsp = LoadCertificateFile(privateKeyPem);            byte[] dataBytes = Encoding.UTF8.GetBytes(data);            byte[] signatureBytes = rsaCsp.SignData(dataBytes, "SHA1");            return Convert.ToBase64String(signatureBytes);        }        private static byte[] GetPem(string type, byte[] data)        {            string pem = Encoding.UTF8.GetString(data);            string header = String.Format("-----BEGIN {0}-----\\n", type);            string footer = String.Format("-----END {0}-----", type);            int start = pem.IndexOf(header) + header.Length;            int end = pem.IndexOf(footer, start);            string base64 = pem.Substring(start, (end - start));            return Convert.FromBase64String(base64);        }        private static RSACryptoServiceProvider LoadCertificateFile(string filename)        {            using (System.IO.FileStream fs = System.IO.File.OpenRead(filename))            {                byte[] data = new byte[fs.Length];                byte[] res = null;                fs.Read(data, 0, data.Length);                if (data[0] != 0x30)                {                    res = GetPem("RSA PRIVATE KEY", data);                }                try                {                    RSACryptoServiceProvider rsa = DecodeRSAPrivateKey(res);                    return rsa;                }                catch (Exception ex)                {                }                return null;            }        }        private static RSACryptoServiceProvider DecodeRSAPrivateKey(byte[] privkey)        {            byte[] MODULUS, E, D, P, Q, DP, DQ, IQ;            // --------- Set up stream to decode the asn.1 encoded RSA private key ------            MemoryStream mem = new MemoryStream(privkey);            BinaryReader binr = new BinaryReader(mem);  //wrap Memory Stream with BinaryReader for easy reading            byte bt = 0;            ushort twobytes = 0;            int elems = 0;            try            {                twobytes = binr.ReadUInt16();                if (twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81)                    binr.ReadByte();    //advance 1 byte                else if (twobytes == 0x8230)                    binr.ReadInt16();    //advance 2 bytes                else                    return null;                twobytes = binr.ReadUInt16();                if (twobytes != 0x0102) //version number                    return null;                bt = binr.ReadByte();                if (bt != 0x00)                    return null;                //------ all private key components are Integer sequences ----                elems = GetIntegerSize(binr);                MODULUS = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                E = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                D = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                P = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                Q = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                DP = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                DQ = binr.ReadBytes(elems);                elems = GetIntegerSize(binr);                IQ = binr.ReadBytes(elems);                                // ------- create RSACryptoServiceProvider instance and initialize with public key -----                CspParameters CspParameters = new CspParameters();                CspParameters.Flags = CspProviderFlags.UseMachineKeyStore;                RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(1024, CspParameters);                RSAParameters RSAparams = new RSAParameters();                RSAparams.Modulus = MODULUS;                RSAparams.Exponent = E;                RSAparams.D = D;                RSAparams.P = P;                RSAparams.Q = Q;                RSAparams.DP = DP;                RSAparams.DQ = DQ;                RSAparams.InverseQ = IQ;                RSA.ImportParameters(RSAparams);                return RSA;            }            catch (Exception ex)            {                return null;            }            finally            {                binr.Close();            }        }        private static int GetIntegerSize(BinaryReader binr)        {            byte bt = 0;            byte lowbyte = 0x00;            byte highbyte = 0x00;            int count = 0;            bt = binr.ReadByte();            if (bt != 0x02)		//expect integer                return 0;            bt = binr.ReadByte();            if (bt == 0x81)                count = binr.ReadByte();	// data size in next byte            else                if (bt == 0x82)                {                    highbyte = binr.ReadByte();	// data size in next 2 bytes                    lowbyte = binr.ReadByte();                    byte[] modint = { lowbyte, highbyte, 0x00, 0x00 };                    count = BitConverter.ToInt32(modint, 0);                }                else                {                    count = bt;		// we already have the data size                }            while (binr.ReadByte() == 0x00)            {	//remove high order zeros in data                count -= 1;            }            binr.BaseStream.Seek(-1, SeekOrigin.Current);		//last ReadByte wasn't a removed zero, so back up a byte            return count;        }    }}

? 3. 服务端java验签

/**     * rsa验签     *      * @param content 被签名的内容     * @param sign 签名后的结果     * @param publicKey rsa公钥     * @param charset 字符集     * @return 验签结果     * @throws SignatureException 验签失败，则抛异常     */    boolean doCheck(String content, String sign, String publicKey, String charset) throws SignatureException {        try {            PublicKey pubKey = getPublicKeyFromX509("RSA", new ByteArrayInputStream(publicKey.getBytes()));            Signature signature = Signature.getInstance("SHA1WithRSA");            signature.initVerify(pubKey);            signature.update(getContentBytes(content, charset));            return signature.verify(Base64.decodeBase64(sign.getBytes()));        } catch (Exception e) {            throw new SignatureException("RSA验证签名[content = " + content + "; charset = " + charset                                         + "; signature = " + sign + "]发生异常!", e);        }    }    private PublicKey getPublicKeyFromX509(String algorithm, InputStream ins) throws NoSuchAlgorithmException {        try {            KeyFactory keyFactory = KeyFactory.getInstance(algorithm);            StringWriter writer = new StringWriter();            StreamUtil.io(new InputStreamReader(ins), writer);            byte[] encodedKey = writer.toString().getBytes();            // 先base64解码            encodedKey = Base64.decodeBase64(encodedKey);            return keyFactory.generatePublic(new X509EncodedKeySpec(encodedKey));        } catch (IOException ex) {            // 不可能发生        } catch (InvalidKeySpecException ex) {            // 不可能发生        }        return null;    }    private byte[] getContentBytes(String content, String charset) throws UnsupportedEncodingException {        if (StringUtil.isEmpty(charset)) {            return content.getBytes();        }        return content.getBytes(charset);    }

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

使用java的String.valueOf()函数将基本数据类型转换为字符串Jul 24, 2023 pm 07:55 PM

使用Java的String.valueOf()函数将基本数据类型转换为字符串在Java开发中，当我们需要将基本数据类型转换为字符串时，一种常见的方法是使用String类的valueOf()函数。这个函数可以接受基本数据类型的参数，并返回对应的字符串表示。在本文中，我们将探讨如何使用String.valueOf()函数进行基本数据类型转换，并提供一些代码示例来

怎么把char数组转stringJun 09, 2023 am 10:04 AM

char数组转string的方法：可以通过赋值来实现，使用{char a[]=" abc d\0efg ";string s=a;}语法，让char数组对string直接赋值，执行代码即可完成转换。

2w字详解 String，yydsAug 24, 2023 pm 03:56 PM

大家好，今天给大家分享java基础知识之String。String类的重要性就不必说了，可以说是我们后端开发用的最多的类，所以，很有必要好好来聊聊它。

使用java的String.replace()函数替换字符串中的字符(串)Jul 25, 2023 pm 05:16 PM

使用Java的String.replace()函数替换字符串中的字符(串)在Java中，字符串是不可变的对象，这意味着一旦创建了一个字符串对象，就无法修改它的值。但是，你可能会遇到需要替换字符串中的某些字符或者字符串的情况。这时候，我们可以使用Java的String类中的replace()方法来实现字符串的替换。String类的replace()方法有两种重

使用java的String.length()函数获取字符串的长度Jul 25, 2023 am 09:09 AM

使用Java的String.length()函数获取字符串的长度在Java编程中，字符串是一种非常常见的数据类型，我们经常需要获取字符串的长度，即字符串中字符的个数。在Java中，我们可以使用String类的length()函数来获取字符串的长度。下面是一个简单的示例代码：publicclassStringLengthExample{publ

java的String类如何使用Apr 19, 2023 pm 01:19 PM

一、认识String1.JDK中的String首先我们看看JDK中的String类源码，它实现了很多接口，可以看到String类被final修饰了，这就说明String类不可以被继承，String不存在子类，这样所有使用JDK的人，用到的String类都是同一个，如果String允许被继承，每个人都可以对String进行扩展，每个人使用的String都不是同一个版本，两个不同的人使用相同的方法，表现出不同的结果，这就导致代码没办法进行开发了继承和方法覆写在带来灵活性的同时，也会带来很多子类行为不

Java String中的split方法如何使用May 02, 2023 am 09:37 AM

String中split方法使用String的split()方法用于按传入的字符或字符串对String进行拆分，返回拆分之后的数组。1、一般用法用一般的字符，例如@或,等符号做分隔符时：Stringaddress="上海@上海市@闵行区@吴中路";String[]splitAddr=address.split("@");System.out.println(splitAddr[0]+splitAddr[1]+splitAddr[2]+splitAddr[3

Golang函数的byte、rune和string类型转换技巧May 17, 2023 am 08:21 AM

在Golang编程中，byte、rune和string类型是非常基础、常见的数据类型。它们在处理字符串、文件流等数据操作时发挥着重要作用。而在进行这些数据操作时，我们通常需要对它们进行相互的转换，这就需要掌握一些转换技巧。本文将介绍Golang函数的byte、rune和string类型转换技巧，旨在帮助读者更好地理解这些数据类型，并能够熟练地在编程实践中应用

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

2 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Repo: How To Revive Teammates

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hello Kitty Island Adventure: How To Get Giant Seeds

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How Long Does It Take To Beat Split Fiction?

3 weeks agoByDDD

R.E.P.O. Save File Location: Where Is It & How to Protect It?

3 weeks agoByDDD

Hot Tools

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.