JAVA加密解密之數字證書

系統之間在進行互動的時候，我們經常會用到數字證書，數字證書可以幫我們驗證身份等，下面我們就來看一下在java中如何使用數字證書。
我們先使用keytool工具生成金鑰庫並匯出公鑰證書。
第一步：生成keyStroe檔案
執行如下命令：

keytool -genkey -validity 36000 -alias www.jianggujin.com -keyalg RSA -keystore test.keystore

該命令相關引數如下：
這裡寫圖片描述

輸入完後，我們需要按照提示完成後續資訊的輸入，這裡面我們使用的密碼為：123456

第二步：匯出公鑰證書
生成完金鑰庫後，我們就可以匯出公鑰檔案了，執行如下命令：

keytool -export -keystore test.keystore -alias www.jianggujin.com -file test.cer -rfc

該命令相關引數如下：
這裡寫圖片描述

完整操作過程如下：
這裡寫圖片描述

經過這兩步後，我們就有了金鑰庫和證書檔案，和之前的加密解密工具類一樣，我們再來編寫一個用於運算元字證書的工具類：

package com.jianggujin.codec;

import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import 
 java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import 
 java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;

import javax.crypto.Cipher;

import com.jianggujin.codec.util.JCipherInputStream;
import com.jianggujin.codec.util.JCipherOutputStream;
import com.jianggujin.codec.util.JCodecException;
import com.jianggujin.codec.util.JCodecUtils;

/**
 * 數字證書
 * 
 * @author jianggujin
 *
 */
public class JCertificate {
   public final static String X509 = "X.509";

   /**
    * 金鑰庫列舉
    * 
    * @author jianggujin
    *
    */
   public static enum JKeyStore {

      JCEKS, JKS, DKS, PKCS11, PKCS12;

      public String getName() {
         return this.name();
      }
   }

   /**
    * 獲得{@link KeyStore}
    * 
    * @param in
    * @param password
    * @param keyStore
    * @return
    */
   public static KeyStore getKeyStore(InputStream in, char[] password, JKeyStore keyStore) {
      return getKeyStore(in, password, keyStore.getName());
   }

   /**
    * 獲得{@link KeyStore}
    * 
    * @param in
    * @param password
    * @param keyStore
    * @return
    * @throws Exception
    */
   public static KeyStore getKeyStore(InputStream in, char[] password, String keyStore) {
      try {
         KeyStore ks = KeyStore.getInstance(keyStore);
         ks.load(in, password);
         return ks;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 列出別名
    * 
    * @param keyStore
    * @return
    */
   public static List<String> listAlias(KeyStore keyStore) {
      try {
         Enumeration<String> aliasEnum = keyStore.aliases();
         List<String> aliases = new ArrayList<String>();
         while (aliasEnum.hasMoreElements()) {
            aliases.add(aliasEnum.nextElement());
         }
         return aliases;
      } catch (KeyStoreException e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得私鑰
    * 
    * @param keyStore
    * @param alias
    * @param password
    * @return
    */
   public static PrivateKey getPrivateKey(KeyStore keyStore, String alias, char[] password) {
      try {
         PrivateKey key = (PrivateKey) keyStore.getKey(alias, password);
         return key;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得私鑰
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static PrivateKey getPrivateKey(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getPrivateKey(in, alias, password, keyStore.getName());
   }

   /**
    * 獲得私鑰
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    * @throws Exception
    */
   public static PrivateKey getPrivateKey(InputStream in, String alias, char[] password, String keyStore) {
      try {
         KeyStore ks = getKeyStore(in, password, keyStore);
         PrivateKey key = (PrivateKey) ks.getKey(alias, password);
         return key;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得{@link Certificate}
    * 
    * @param in
    * @return
    */
   public static Certificate getCertificate(InputStream in) {
      try {
         CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);
         Certificate certificate = certificateFactory.generateCertificate(in);
         return certificate;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得{@link Certificate}
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static Certificate getCertificate(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getCertificate(in, alias, password, keyStore.getName());
   }

   /**
    * 獲得{@link Certificate}
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static Certificate getCertificate(InputStream in, String alias, char[] password, String keyStore) {
      KeyStore ks = getKeyStore(in, password, keyStore);
      return getCertificate(ks, alias);
   }

   /**
    * 獲得{@link Certificate}
    * 
    * @param keyStore
    * @param alias
    * @return
    */
   public static Certificate getCertificate(KeyStore keyStore, String alias) {
      try {
         Certificate certificate = keyStore.getCertificate(alias);
         return certificate;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得證書鏈
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static Certificate[] getCertificateChain(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getCertificateChain(in, alias, password, keyStore.getName());
   }

   /**
    * 獲得證書鏈
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static Certificate[] getCertificateChain(InputStream in, String alias, char[] password, String keyStore) {
      KeyStore ks = getKeyStore(in, password, keyStore);
      return getCertificateChain(ks, alias);
   }

   /**
    * 獲得證書鏈
    * 
    * @param keyStore
    * @param alias
    * @return
    */
   public static Certificate[] getCertificateChain(KeyStore keyStore, String alias) {
      try {
         Certificate[] certificateChain = keyStore.getCertificateChain(alias);
         return certificateChain;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得公鑰
    * 
    * @param certificate
    * @return
    */
   public static PublicKey getPublicKey(Certificate certificate) {
      PublicKey key = certificate.getPublicKey();
      return key;
   }

   /**
    * 獲得公鑰
    * 
    * @param in
    * @return
    */
   public static PublicKey getPublicKey(InputStream in) {
      Certificate certificate = getCertificate(in);
      return getPublicKey(certificate);
   }

   /**
    * 獲得公鑰
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static PublicKey getPublicKey(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return getPublicKey(in, alias, password, keyStore.getName());
   }

   /**
    * 獲得公鑰
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static PublicKey getPublicKey(InputStream in, String alias, char[] password, String keyStore) {
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      return getPublicKey(certificate);
   }

   /**
    * 獲得公鑰
    * 
    * @param keyStore
    * @param alias
    * @return
    */
   public static PublicKey getPublicKey(KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return getPublicKey(certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param date
    * @param certificate
    * @return
    */
   public static boolean verifyCertificate(Date date, Certificate certificate) {
      X509Certificate x509Certificate = (X509Certificate) certificate;
      try {
         x509Certificate.checkValidity(date);
         return true;
      } catch (CertificateExpiredException e1) {
         return false;
      } catch (CertificateNotYetValidException e1) {
         return false;
      }
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param certificate
    * @return
    */
   public static boolean verifyCertificate(Certificate certificate) {
      return verifyCertificate(new Date(), certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param in
    * @return
    */
   public static boolean verifyCertificate(InputStream in) {
      Certificate certificate = getCertificate(in);
      return verifyCertificate(certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param date
    * @param in
    * @return
    */
   public static boolean verifyCertificate(Date date, InputStream in) {
      Certificate certificate = getCertificate(in);
      return verifyCertificate(date, certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static boolean verifyCertificate(InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return verifyCertificate(in, alias, password, keyStore.getName());
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static boolean verifyCertificate(InputStream in, String alias, char[] password, String keyStore) {
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      return verifyCertificate(certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param date
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static boolean verifyCertificate(Date date, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return verifyCertificate(date, in, alias, password, keyStore.getName());
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param date
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static boolean verifyCertificate(Date date, InputStream in, String alias, char[] password, String keyStore) {
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      return verifyCertificate(date, certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param keyStore
    * @param alias
    * @return
    */
   public static boolean verifyCertificate(KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return verifyCertificate(certificate);
   }

   /**
    * 驗證{@link Certificate}是否過期或無效
    * 
    * @param date
    * @param keyStore
    * @param alias
    * @return
    */
   public static boolean verifyCertificate(Date date, KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return verifyCertificate(date, certificate);
   }

   /**
    * 簽名
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] sign(byte[] data, InputStream in, String alias, char[] password, JKeyStore keyStore) {
      return sign(data, in, alias, password, keyStore.getName());
   }

   /**
    * 簽名
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] sign(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      // 獲得證書
      Certificate certificate = getCertificate(in, alias, password, keyStore);
      // 取得私鑰
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return sign(data, certificate, privateKey);
   }

   /**
    * 簽名
    * 
    * @param data
    * @param keyStore
    * @param alias
    * @param password
    * @return
    */
   public static byte[] sign(byte[] data, KeyStore keyStore, String alias, char[] password) {
      // 獲得證書
      Certificate certificate = getCertificate(keyStore, alias);
      // 取得私鑰
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return sign(data, certificate, privateKey);
   }

   /**
    * 簽名
    * 
    * @param data
    * @param certificate
    * @param privateKey
    * @return
    */
   public static byte[] sign(byte[] data, Certificate certificate, PrivateKey privateKey) {
      // 獲得證書
      X509Certificate x509Certificate = (X509Certificate) certificate;
      return sign(data, privateKey, x509Certificate.getSigAlgName());
   }

   /**
    * 簽名
    * 
    * @param data
    * @param privateKey
    * @param signatureAlgorithm
    * @return
    */
   public static byte[] sign(byte[] data, PrivateKey privateKey, String signatureAlgorithm) {
      return JCodecUtils.sign(data, privateKey, signatureAlgorithm);
   }

   /**
    * 驗籤
    * 
    * @param data
    * @param sign
    * @param in
    * @return
    */
   public static boolean verify(byte[] data, byte[] sign, InputStream in) {
      // 獲得證書
      Certificate certificate = getCertificate(in);

      return verify(data, sign, certificate);
   }

   /**
    * 驗籤
    * 
    * @param data
    * @param sign
    * @param certificate
    * @return
    */
   public static boolean verify(byte[] data, byte[] sign, Certificate certificate) {
      // 獲得證書
      X509Certificate x509Certificate = (X509Certificate) certificate;
      // 獲得公鑰
      PublicKey publicKey = x509Certificate.getPublicKey();
      return verify(data, sign, publicKey, x509Certificate.getSigAlgName());
   }

   /**
    * 驗籤
    * 
    * @param data
    * @param sign
    * @param publicKey
    * @param signatureAlgorithm
    * @return
    */
   public static boolean verify(byte[] data, byte[] sign, PublicKey publicKey, String signatureAlgorithm) {
      return JCodecUtils.verify(data, sign, publicKey, signatureAlgorithm);
   }

   /**
    * 驗籤
    * 
    * @param data
    * @param sign
    * @param keyStore
    * @param alias
    * @return
    */
   public static boolean verify(byte[] data, byte[] sign, KeyStore keyStore, String alias) {
      Certificate certificate = getCertificate(keyStore, alias);
      return verify(data, sign, certificate);
   }

   /**
    * 驗籤，遍歷金鑰庫中的所有公鑰
    * 
    * @param data
    * @param sign
    * @param keyStore
    * @return
    */
   public static boolean verify(byte[] data, byte[] sign, KeyStore keyStore) {
      try {
         Enumeration<String> aliasEnum = keyStore.aliases();
         while (aliasEnum.hasMoreElements()) {
            if (verify(data, sign, keyStore.getCertificate(aliasEnum.nextElement())))
               return true;
         }
      } catch (KeyStoreException e) {
         throw new JCodecException(e);
      }
      return false;
   }

   /**
    * 私鑰加密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] encryptByPrivate(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return encryptByPrivate(data, in, alias, password, keyStore.getName());
   }

   /**
    * 私鑰加密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] encryptByPrivate(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return encrypt(data, privateKey);
   }

   /**
    * 私鑰加密
    * 
    * @param data
    * @param keyStore
    * @param alias
    * @param password
    * @return
    */
   public static byte[] encryptByPrivate(byte[] data, KeyStore keyStore, String alias, char[] password) {
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return encrypt(data, privateKey);
   }

   /**
    * 私鑰加密
    * 
    * @param data
    * @param privateKey
    * @return
    */
   public static byte[] encrypt(byte[] data, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static OutputStream wrapByPrivate(OutputStream out, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPrivate(out, in, alias, password, keyStore.getName());
   }

   public static OutputStream wrapByPrivate(OutputStream out, InputStream in, String alias, char[] password,
         String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return wrap(out, privateKey);
   }

   public static OutputStream wrapByPrivate(OutputStream out, KeyStore keyStore, String alias, char[] password) {
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return wrap(out, privateKey);
   }

   public static OutputStream wrap(OutputStream out, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
      return new JCipherOutputStream(cipher, out);
   }

   /**
    * 公鑰加密
    * 
    * @param data
    * @param certificate
    * @return
    */
   public static byte[] encrypt(byte[] data, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return encrypt(data, publicKey);
   }

   /**
    * 公鑰加密
    * 
    * @param data
    * @param in
    * @return
    */
   public static byte[] encryptByPublic(byte[] data, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return encrypt(data, publicKey);
   }

   /**
    * 公鑰加密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] encryptByPublic(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return encryptByPublic(data, in, alias, password, keyStore.getName());
   }

   /**
    * 公鑰加密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] encryptByPublic(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return encrypt(data, publicKey);
   }

   /**
    * 公鑰加密
    * 
    * @param data
    * @param keyStore
    * @param alias
    * @return
    */
   public static byte[] encryptByPublic(byte[] data, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return encrypt(data, publicKey);
   }

   /**
    * 公鑰加密
    * 
    * @param data
    * @param publicKey
    * @return
    */
   public static byte[] encrypt(byte[] data, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.ENCRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static OutputStream wrap(OutputStream out, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return wrap(out, publicKey);
   }

   public static OutputStream wrapByPublic(OutputStream out, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return wrap(out, publicKey);
   }

   public static OutputStream wrapByPublic(OutputStream out, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPublic(out, in, alias, password, keyStore.getName());
   }

   public static OutputStream wrapByPublic(OutputStream out, InputStream in, String alias, char[] password,
         String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return wrap(out, publicKey);
   }

   public static OutputStream wrapByPublic(OutputStream out, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return wrap(out, publicKey);
   }

   public static OutputStream wrap(OutputStream out, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.ENCRYPT_MODE);
      return new JCipherOutputStream(cipher, out);
   }

   /**
    * 私鑰解密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] decryptByPrivate(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return decryptByPrivate(data, in, alias, password, keyStore.getName());
   }

   /**
    * 私鑰解密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] decryptByPrivate(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return decrypt(data, privateKey);
   }

   /**
    * 私鑰解密
    * 
    * @param data
    * @param keyStore
    * @param alias
    * @param password
    * @return
    */
   public static byte[] decryptByPrivate(byte[] data, KeyStore keyStore, String alias, char[] password) {
      // 取得私鑰
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return decrypt(data, privateKey);
   }

   /**
    * 私鑰解密
    * 
    * @param data
    * @param privateKey
    * @return
    */
   public static byte[] decrypt(byte[] data, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.DECRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static InputStream wrapByPrivate(InputStream sIn, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPrivate(sIn, in, alias, password, keyStore.getName());
   }

   public static InputStream wrapByPrivate(InputStream sIn, InputStream in, String alias, char[] password,
         String keyStore) {
      PrivateKey privateKey = getPrivateKey(in, alias, password, keyStore);
      return wrap(sIn, privateKey);
   }

   public static InputStream wrapByPrivate(InputStream sIn, KeyStore keyStore, String alias, char[] password) {
      PrivateKey privateKey = getPrivateKey(keyStore, alias, password);
      return wrap(sIn, privateKey);
   }

   public static InputStream wrap(InputStream sIn, PrivateKey privateKey) {
      Cipher cipher = getCipher(privateKey, Cipher.ENCRYPT_MODE);
      return new JCipherInputStream(cipher, sIn);
   }

   /**
    * 公鑰解密
    * 
    * @param data
    * @param certificate
    * @return
    */
   public static byte[] decrypt(byte[] data, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return decrypt(data, publicKey);
   }

   /**
    * 公鑰解密
    * 
    * @param data
    * @param in
    * @return
    */
   public static byte[] decryptByPublic(byte[] data, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return decrypt(data, publicKey);
   }

   /**
    * 公鑰解密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] decryptByPublic(byte[] data, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return decryptByPublic(data, in, alias, password, keyStore.getName());
   }

   /**
    * 公鑰解密
    * 
    * @param data
    * @param in
    * @param alias
    * @param password
    * @param keyStore
    * @return
    */
   public static byte[] decryptByPublic(byte[] data, InputStream in, String alias, char[] password, String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return decrypt(data, publicKey);
   }

   /**
    * 公鑰解密
    * 
    * @param data
    * @param keyStore
    * @param alias
    * @return
    */
   public static byte[] decryptByPublic(byte[] data, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return decrypt(data, publicKey);
   }

   /**
    * 公鑰解密
    * 
    * @param data
    * @param publicKey
    * @return
    */
   public static byte[] decrypt(byte[] data, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.DECRYPT_MODE);
      return JCodecUtils.doFinal(data, cipher);
   }

   public static InputStream wrap(InputStream sIn, Certificate certificate) {
      PublicKey publicKey = certificate.getPublicKey();
      return wrap(sIn, publicKey);
   }

   public static InputStream wrapByPublic(InputStream sIn, InputStream in) {
      PublicKey publicKey = getPublicKey(in);
      return wrap(sIn, publicKey);
   }

   public static InputStream wrapByPublic(InputStream sIn, InputStream in, String alias, char[] password,
         JKeyStore keyStore) {
      return wrapByPublic(sIn, in, alias, password, keyStore.getName());
   }

   public static InputStream wrapByPublic(InputStream sIn, InputStream in, String alias, char[] password,
         String keyStore) {
      PublicKey publicKey = getPublicKey(in, alias, password, keyStore);
      return wrap(sIn, publicKey);
   }

   public static InputStream wrapByPublic(InputStream sIn, KeyStore keyStore, String alias) {
      PublicKey publicKey = getPublicKey(keyStore, alias);
      return wrap(sIn, publicKey);
   }

   public static InputStream wrap(InputStream sIn, PublicKey publicKey) {
      Cipher cipher = getCipher(publicKey, Cipher.DECRYPT_MODE);
      return new JCipherInputStream(cipher, sIn);
   }

   public static Cipher getCipher(Key key, int opmode) {
      JCodecUtils.checkOpMode(opmode);
      try {
         Cipher cipher = Cipher.getInstance(key.getAlgorithm());
         cipher.init(opmode, key);
         return cipher;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 匯出公鑰證書
    * 
    * @param out
    * @param certificate
    * @param rfc
    */
   public static void export(OutputStream out, Certificate certificate, boolean rfc) {
      try {
         byte[] encoded = certificate.getEncoded();
         if (rfc) {
            out.write("-----BEGIN CERTIFICATE-----\r\n".getBytes());
            out.write(JBase64.getMimeEncoder().encode(encoded));
            out.write("\r\n-----END CERTIFICATE-----\r\n".getBytes());
         } else out.write(encoded);
         out.flush();
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 將金鑰庫轉換為指定型別的金鑰庫
    * 
    * @param srcKeyStore
    * @param target
    * @param password
    * @param alias
    *           匯出指定別名的證書
    * @return
    */
   public static KeyStore convert(KeyStore srcKeyStore, JKeyStore target, char[] password, String... alias) {
      return convert(srcKeyStore, target.getName(), password, alias);
   }

   /**
    * 將金鑰庫轉換為指定型別的金鑰庫
    * 
    * @param srcKeyStore
    * @param target
    * @param password
    * @param alias
    *           匯出指定別名的證書
    * @return
    */
   public static KeyStore convert(KeyStore srcKeyStore, String target, char[] password, String... alias) {
      try {
         KeyStore outputKeyStore = KeyStore.getInstance(target);
         outputKeyStore.load(null, password);
         if (alias.length == 0) {
            Enumeration<String> enums = srcKeyStore.aliases();
            while (enums.hasMoreElements()) {
               String keyAlias = enums.nextElement();
               copyKeyEntry(srcKeyStore, outputKeyStore, keyAlias, password);
            }
         } else {
            for (String keyAlias : alias) {
               copyKeyEntry(srcKeyStore, outputKeyStore, keyAlias, password);
            }
         }
         return outputKeyStore;
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 複製
    * 
    * @param src
    * @param target
    * @param alias
    * @param password
    * @throws UnrecoverableKeyException
    * @throws KeyStoreException
    * @throws NoSuchAlgorithmException
    */
   public static void copyKeyEntry(KeyStore src, KeyStore target, String alias, char[] password)
         throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
      if (src.isKeyEntry(alias)) {
         Key key = src.getKey(alias, password);
         Certificate[] certChain = src.getCertificateChain(alias);
         target.setKeyEntry(alias, key, password, certChain);
      }
   }
}

package com.jianggujin.codec.util;

import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/**
 * 加解密工具
 * 
 * @author jianggujin
 *
 */
public class JCodecUtils {
   /**
    * 獲得私鑰
    * 
    * @param privateKey
    * @param algorithm
    * @return
    */
   public static PrivateKey getPrivateKey(byte[] privateKey, String algorithm) {
      try {
         PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(privateKey);
         KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
         return keyFactory.generatePrivate(pkcs8KeySpec);
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 獲得公鑰
    * 
    * @param publicKey
    * @param algorithm
    * @return
    */
   public static PublicKey getPublicKey(byte[] publicKey, String algorithm) {
      try {
         X509EncodedKeySpec keySpec = new X509EncodedKeySpec(publicKey);
         KeyFactory keyFactory = KeyFactory.getInstance(algorithm);
         return keyFactory.generatePublic(keySpec);
      } catch (Exception e) {
         throw new JCodecException(e);
      }
   }

   /**
    * 檢查加解密操作模式
    * 
    * @param 
 
              
           
              
              
            
            相關推薦
			   
            
            
            
 

    

    
    JAVA加密解密之數字證書
      
							
							
							系統之間在進行互動的時候，我們經常會用到數字證書，數字證書可以幫我們驗證身份等，下面我們就來看一下在java中如何使用數字證書。 
我們先使用keytool工具生成金鑰庫並匯出公鑰證書。 
第一步：生成keyStroe檔案  
執行如下命令：


  keyto 

  
 

    

    
    Java加密解密之數字簽名
      
                
上一篇帖子，我們講了MAC（訊息認證碼），它可以驗證身份和防篡改。
它的機制是通過通訊雙方都持有相同的祕鑰去實現，祕鑰相同摘要才相同，沒有祕鑰就不能生成正確的摘要資訊。
但是，它有個缺點，就是通訊雙方必須持有相同的祕鑰，解決方法就是使用數字簽名
數字簽名（又稱公鑰數字簽名、 

  
 

    

    
    java加密解密與數字證書的操作
      
							
							
							1 Java程式實現金鑰庫的維護 
1.1 Java程式列出金鑰庫所有條目

import java.util.*;  
import java.io.*;  
import java.security.*;  
public class ShowAlias{  

  
 

    

    
    password學4——Java 加密解密之消息摘要算法（MD5 SHA MAC）
      加密解密   hash函數   -s   -m   hmac   可能   正向   技術發展   哈希算法   

Java 加密解密之消息摘要算法（MD5 SHA MAC）



消息摘要
消息摘要（Message Digest）又稱為數字摘要(Digital Digest)。它是一個唯一相 

  
 

    

    
    JAVA加密解密之凱撒加密（Caesar cipher）演算法
      
							
							
							凱撒加密演算法簡介

凱撒加密(Caesar cipher)是一種簡單的訊息編碼方式：它根據字母表將訊息中的每個字母移動常量位k。舉個例子如果k等於3，則在編碼後的訊息中，每個字母都會向前移動3位：a會被替換為d；b會被替換成e；依此類推。字母表末尾將回捲到字母 

  
 

    

    
    Java加密解密之對稱加密
      
                
採用單鑰密碼系統的加密方法，同一個金鑰可以同時用作資訊的加密和解密，這種加密方法稱為對稱加密，也稱為單金鑰加密。
其核心思想是，加密和解密都是同一個祕鑰

對稱加密常用的演算法有：DES、3DES、TDEA、Blowfish、RC2、RC4、RC5、IDEA、SKIPJAC 

  
 

    

    
    Java加密解密之MAC（訊息認證碼）
      
                
上一篇帖子，我們講了訊息摘要（數字摘要），它是把一個文字/檔案 通過摘要函式（hash函式）計算出一個結果。然後把文字/檔案和摘要結果一同發給接受者
接受者接收到檔案之後，也進行摘要，把兩個摘要結果進行對比。如果一致就說明文字/檔案和摘要是一致的
但是，這裡有個問題，假設A 

  
 

    

    
    Java加密解密之非對稱加密
      
                
非對稱加密演算法需要兩個金鑰來進行加密和解密，這兩個祕鑰是公開金鑰（public key，簡稱公鑰）和私有金鑰（private key，簡稱私鑰）。使用公鑰加密的，要使用私鑰解密。反之，使用私鑰加密的，要使用公鑰解密。

和對稱加密的區別是：
對稱加密：加密和解密時使用的是 

  
 

    

    
    JAVA加密解密之DH（Diffie-Hellman）演算法
      
							
							
							DH演算法簡介

Diffie-Hellman演算法(D-H演算法)，金鑰一致協議。是由公開金鑰密碼體制的奠基人Diffie和Hellman所提出的一種思想。簡單的說就是允許兩名使用者在公開媒體上交換資訊以生成”一致”的、可以共享的金鑰。換句話說，就是由甲方產出 

  
 

    

    
    第十八篇：JAVA加密解密之DH（Diffie-Hellman）演算法
      
                

DH演算法簡介

Diffie-Hellman演算法(D-H演算法)，金鑰一致協議。是由公開金鑰密碼體制的奠基人Diffie和Hellman所提出的一種思想。簡單的說就是允許兩名使用者在公開媒體上交換資訊以生成”一致”的、可以共享的金鑰。換句話說，就是由甲方產出一對金鑰（ 

  
 

    

    
    RSA加密解密及數字簽名Java實現
      cto   包括   sign   object   misc   數據   factory   了解   對稱密鑰   RSA公鑰加密算法是1977年由羅納德·李維斯特（Ron Rivest）、阿迪·薩莫爾（Adi Shamir）和倫納德·阿德曼（Leonard Adleman）一起提出的。當時他們三人都在 

  
 

    

    
    Java 實現 RSA加密解密及數字簽名
      
                


RSA公鑰加密演算法是1977年由羅納德·李維斯特（Ron
 Rivest）、阿迪·薩莫爾（Adi Shamir）和倫納德·阿德曼（Leonard Adleman）一起提出的。當時他們三人都在麻省理工學院工作。RSA就是他們三人姓氏開頭字母拼在一起組成的。

RSA是目 

  
 

    

    
    Java加解密與數字簽名
      對稱   數組   aes   生成密鑰   分解   encode   rup   特性   ntc                        Java加解密與數字簽名
2016-08-30 蕊蕊 java編程

  
  ** 
    Java加解密 
    ** 
實現方式：JDK實現，CC，B 

  
 

    

    
    區塊鏈技術之密碼學技術之數字證書
      自己   對稱加密   key   ast   機構   成對   -m   操作   之前   
數字證書
數字證書用來證明某個公鑰是誰的，並且內容是正確的。
對於非對稱加密算法和數字簽名來說，很重要的一點就是公鑰的分發。一旦公鑰被人替換（典型的如中間人攻擊），則整個安全體系將被破壞掉。
怎麽確保一個公鑰確 

  
 

    

    
    java加密解密
      子郵件   openssl   sock   天數   file   驗證   word   genrsa   https   一：1.KeyManagerFactory類（密鑰管理工廠，用來管理密鑰）：  構建密鑰庫管理工廠與下例一樣： System.setProperty("javax.net.ssl.k 

  
 

    

    
    java加密解密技術(3)對稱加密AES
      
                






	import javax.crypto.Cipher;
	
	
	import javax.crypto.spec.IvParameterSpec;
	
	
	import javax.crypto.spec.SecretKeySpec;
	
	
	
	imp 

  
 

    

    
    前端加密解密之Crypto.js
      前端js加密概述 
 
 對系統安全性要求比較高，那麼需要選擇https協議來傳輸資料。當然很多情況下一般的web網站，如果安全要求不是很高的話，用http協議就可以了。在這種情況下，密碼的明文傳輸顯然是不合適的，因為如果請求在傳輸過程中被截了，就可以直接拿明文密碼登入網站了。 
 
 
 HTTPS（443 

  
 

    

    
    Java 加密解密工具類AESUtil
      
							
							
							package test; 
/* @auther wjh @date 2018-08-01*/ 
import java.security.SecureRandom;

import javax.crypto.Cipher; 
import javax.cry 

  
 

    

    
    Java 加密解密工具
      
								
								            
						
                package com.panda.core.db.util;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import  

  
 

    

    
    Java加密解密全解
      
                
1 sha加密：
安全雜湊演算法（Secure Hash Algorithm）主要適用於數字簽名標準（Digital Signature Standard DSS）裡面定義的數字簽名演算法（Digital Signature Algorithm DSA）。對於長度小於2^6