signandver.java

实现PKI/CA的数字签名部分

package signature;

import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.PKCS8EncodedKeySpec;

public class SignandVer {
	
	//fhash原文件的hash值 //signed私钥签名后的文件  //CertName 证书
	public static void veriSig(String fhash, String signed,String CertName){
		try{   	
			FileInputStream bythash = new FileInputStream(fhash);
			byte[] hash = new byte[bythash.available()];
			bythash.read ( hash, 0, bythash.available() );
			bythash.close();
			
			FileInputStream fsign = new FileInputStream(signed);
			byte[] sigedText = new byte[fsign.available()];
			fsign.read ( sigedText, 0, fsign.available() );
			fsign.close();
			
			CertificateFactory certificatefactory=CertificateFactory.getInstance("X.509");
			FileInputStream fin=new FileInputStream(CertName);
			X509Certificate certificate=(X509Certificate)certificatefactory.generateCertificate(fin);
			PublicKey pub = certificate.getPublicKey();
			Signature rsa=Signature.getInstance("MD5withRSA");
			rsa.initVerify(pub);
			rsa.update(hash);
			boolean verifies=rsa.verify(sigedText);
			System.out.println("verified "+verifies);
			if(verifies){
				System.out.println("Verify is done!");
			}else{
				System.out.println("verify is not successful");
			}      
		}catch(Exception e){     
			e.printStackTrace();              
		}
	}
	
	public static void TransFormat(String fpem, String fder){
		try{
			String cmd="openssl.exe";
			java.lang.Runtime.getRuntime().exec(cmd+" pkcs8 -topk8 -inform PEM -outform DER -in "+fpem+" -out "+fder+" -nocrypt");  
		}catch(Exception e){
			e.printStackTrace();
		}
	}
	//fhash文件的hash值  //keyfile密钥文件  //outFileName输出文件
	public static void sig(String fhash, String keyfile,String outFileName){
		try{
			
			FileInputStream bythash = new FileInputStream(fhash);
			byte[] hash = new byte[bythash.available()];
			bythash.read ( hash, 0, bythash.available() );
			bythash.close();
			
			FileInputStream fl = new FileInputStream(keyfile);
			byte[] key = new byte[fl.available()];
			KeyFactory kf = KeyFactory.getInstance("RSA");
			fl.read ( key, 0, fl.available() );
			fl.close();
		
			PKCS8EncodedKeySpec keyspc = new PKCS8EncodedKeySpec ( key );
			PrivateKey priv = kf.generatePrivate (keyspc);
			Signature rsa=Signature.getInstance("MD5withRSA");   
			rsa.initSign(priv);
			rsa.update(hash);
			byte[] sig=rsa.sign();
			System.out.println("sig is done");
			try{
				FileOutputStream out=new FileOutputStream(outFileName);
				out.write(sig);
				out.close();
			}catch(IOException e){
				e.printStackTrace();
			}     
		}catch(Exception e){
			e.printStackTrace();
		}
	}
	
	
	

}