Golang
func Sign(content, prvKey []byte) (sign string, err error) {
block, _ := pem.Decode(prvKey)
if block == nil {
fmt.Println("pem.Decode err")
return
}
var private interface{}
private, err = x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return
}
privateKey := private.(*rsa.PrivateKey)
h := crypto.Hash.New(crypto.SHA1)
h.Write([]byte(content))
hashed := h.Sum(nil)
signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey,
crypto.SHA1, hashed)
if err != nil {
return
}
sign = base64.StdEncoding.EncodeToString(signature)
return
}
func RSAVerify(origdata, ciphertext string, publicKey []byte) (bool, error) {
block, _ := pem.Decode(publicKey)
if block == nil {
return false, errors.New("public key error")
}
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return false, err
}
pub := pubInterface.(*rsa.PublicKey)
h := crypto.Hash.New(crypto.SHA1)
h.Write([]byte(origdata))
digest := h.Sum(nil)
body, err := base64.StdEncoding.DecodeString(ciphertext)
if err != nil {
return false, err
}
err = rsa.VerifyPKCS1v15(pub, crypto.SHA1, digest, body)
if err != nil {
return false, err
}
return true, nil
}
func TestSign3(t *testing.T) {
pubKey := "-----BEGIN PUBLIC KEY-----\n{公钥内容}\n-----END PUBLIC KEY-----"
prvKey := "-----BEGIN RSA PRIVATE KEY-----\n{公钥内容}\n-----END RSA PRIVATE KEY-----"
content := "模型训练需要花多长时间"
sign, err := Sign([]byte(content), []byte(prvKey))
if err != nil {
t.Fatal(err)
return
}
t.Log("sign签名结果:", sign)
res, err := RSAVerify(content, sign, []byte(pubKey))
if err != nil {
t.Fatal(err)
return
}
t.Log("验签结果:", res)
}
=== RUN TestSign
main_test.go:476: sign签名结果: E28UPJoYXDkZhmsIXRau+NI9bk8OsXH85y+IX2LhdQWLpVzHnM2loj179tBNWwElH8bYJPhZE0rJ/5P9tfRozgtCOmkReLkHu/dGbCv3z+6AfnuH/xDqQXgbiO1ZquJFZXUn88ndsO5RgfBUqXCPaovw2k0Fsuv1EtPr6WFcUGk=
main_test.go:483: 验签结果: true
--- PASS: TestSign (0.00s)
PKCS相互转换
prvKey = "-----BEGIN RSA PRIVATE KEY-----\nMIICdwIBADANBgkqhkiG9w0........KwWPPXMiYR8=\n-----END RSA PRIVATE KEY-----"
block, _ := pem.Decode([]byte(prvKey))
if block == nil {
fmt.Println("pem.Decode err")
return
}
var private interface{}
private, err = x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return
}
privateKey := private.(*rsa.PrivateKey)
pkcs1 := x509.MarshalPKCS1PrivateKey(privateKey)
t.Log("pkcs8 转 pkcs1:", base64.StdEncoding.EncodeToString(pkcs1))
prvKey = fmt.Sprintf("-----BEGIN RSA PRIVATE KEY-----\n%s\n-----END RSA PRIVATE KEY-----", pkcs1)
pkcs8 := x509.MarshalPKCS1PrivateKey(privateKey)
t.Log("pkcs1 转 pkcs8:", base64.StdEncoding.EncodeToString(pkcs8))
Java
private static final String PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQ......cZ78GF0Nhi2detQIDAQAB";
private static final String PRIVATE_KEY = "MIICdQIBA......vEG6kp7M716oqd08+e1";
public static void main(String[] args) throws Exception {
String content = "模型训练需要花多长时间";
String sign = sign(content, PRIVATE_KEY, "UTF-8");
boolean trueRsult = signVerify(content, sign, PUBLIC_KEY, "UTF-8");
System.out.println("待签名字符:" + content);
System.out.println(sign);
System.out.println(trueRsult);
}
private static String sign(String content, String privateKey, String charset) throws Exception {
try {
PrivateKey priKey = getPrivateKeyFromPKCS8(ChsiConstants.SIGN_TYPE_RSA,
new ByteArrayInputStream(privateKey.getBytes()));
java.security.Signature signature = java.security.Signature
.getInstance(ChsiConstants.SIGN_ALGORITHMS);
signature.initSign(priKey);
if (StringUtils.isEmpty(charset)) {
signature.update(content.getBytes());
} else {
signature.update(content.getBytes(charset));
}
byte[] signed = signature.sign();
return new String(Base64.encodeBase64(signed));
} catch (InvalidKeySpecException ie) {
throw new DataApiException("RSA私钥格式不正确,请检查是否正确配置了PKCS8格式的私钥", ie);
} catch (Exception e) {
throw new Exception("content= " + content + "; charset = " + charset, e);
}
}
private static boolean signVerify(String content, String sign, String publicKey, String charset) throws Exception {
try {
PublicKey pubKey = getPublicKeyFromX509("RSA", new ByteArrayInputStream(publicKey.getBytes()));
java.security.Signature signature = java.security.Signature.getInstance(ChsiConstants.SIGN_ALGORITHMS);
signature.initVerify(pubKey);
if (StringUtils.isEmpty(charset)) {
signature.update(content.getBytes());
} else {
signature.update(content.getBytes(charset));
}
return signature.verify(Base64.decodeBase64(sign.getBytes()));
} catch (Exception e) {
throw new Exception("content= " + content + ",sign=" + sign + ",charset = " + charset, e);
}
}
sign结果:E28UPJoYXDkZhmsIXRau+NI9bk8OsXH85y+IX2LhdQWLpVzHnM2loj179tBNWwElH8bYJPhZE0rJ/5P9tfRozgtCOmkReLkHu/dGbCv3z+6AfnuH/xDqQXgbiO1ZquJFZXUn88ndsO5RgfBUqXCPaovw2k0Fsuv1EtPr6WFcUGk=
验签结果:true
Process finished with exit code 0
RASWITHMD5
- go
注意私钥需去除-----BEGIN RSA PRIVATE KEY-----\n和\n-----END RSA PRIVATE KEY-----前后开头的标识内容
// 签名
func RsaSignWithMd5(origData string, RsaPrivateKey string) (sign string, err error) {
//加密
hashMd5 := md5.Sum([]byte(origData))
hashed := hashMd5[:]
privateKeyString, err := base64.StdEncoding.DecodeString(RsaPrivateKey)
if err != nil {
return
}
privateKey, err := x509.ParsePKCS8PrivateKey(privateKeyString)
if err != nil {
return
}
signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey.(*rsa.PrivateKey), crypto.MD5, hashed)
return base64.StdEncoding.EncodeToString(signature), err
}
/**RSA验签
* $data待签名数据(需要先排序,然后拼接)
* $sign需要验签的签名,需要base64_decode解码
* 验签用支付公钥
* return 验签是否通过 bool值
*/
func RsaVerify(originalData, signData string) bool{
sign, err := base64.StdEncoding.DecodeString(signData)
if err != nil {
return false
}
publicKey, _ := base64.StdEncoding.DecodeString(RsaPublickey)//RsaLlkPublickey RsaPublickey
pub, err := x509.ParsePKIXPublicKey(publicKey)
if err != nil {
return false
}
hash := md5.New()
hash.Write([]byte(originalData))
err = rsa.VerifyPKCS1v15(pub.(*rsa.PublicKey), crypto.MD5, hash.Sum(nil), sign)
if err!=nil{
return false
}
return true
}
public static String sign(byte[] data, String privateKey) throws Exception {
byte[] keyBytes = Base64Utils.decode(privateKey);
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PrivateKey privateK = keyFactory.generatePrivate(pkcs8KeySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initSign(privateK);
signature.update(data);
return Base64Utils.encode(signature.sign());
}
public static boolean verify(byte[] data, String publicKey, String sign) throws Exception {
byte[] keyBytes = Base64Utils.decode(publicKey);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
PublicKey publicK = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance(SIGNATURE_ALGORITHM);
signature.initVerify(publicK);
signature.update(data);
return signature.verify(Base64Utils.decode(sign));
}
