sm2國密
sm2國密 SM2算法是一種更先進安全的算法,在我們國家商用密碼體系中被用來替換RSA算法
package com.xmh.action.mainTest.sm2;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
import org.bouncycastle.util.encoders.Hex;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
public class SM2Utils {
private static final String publicKey = "你生成的公鑰";
private static final String privateKey = "你生成私鑰";
/**
* 解密,并且獲取解密后的字符串
*
* @return 秦無解
*/
public static String getJieMiJieGuo(String cipherData) {
byte[] cipherDataByte = Hex.decode(cipherData);
BigInteger privateKeyD = new BigInteger(privateKey, 16);
X9ECParameters sm2ECParameters1 = GMNamedCurves.getByName("sm2p256v1");
ECDomainParameters domainParameters1 = new ECDomainParameters(sm2ECParameters1.getCurve(), sm2ECParameters1.getG(), sm2ECParameters1.getN());
ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(privateKeyD, domainParameters1);
//用私鑰解密,SM2Engine.Mode.C1C3C2得加,不然就會報錯invalid cipher text
SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
sm2Engine.init(false, privateKeyParameters);
//processBlock得到Base64格式,記得解碼
byte[] arrayOfBytes = null;
try {
arrayOfBytes = Base64.decodeBase64(sm2Engine.processBlock(cipherDataByte, 0, cipherDataByte.length));
} catch (Exception e) {
e.printStackTrace();
return null;
}
//得到明文:SM2 Encryption Test
return new String(arrayOfBytes);
}
/**
* @Description 生成秘鑰對
* @Author msx
* @return KeyPair
*/
public static KeyPair createECKeyPair() {
//使用標準名稱創建EC參數生成的參數規范
final ECGenParameterSpec sm2Spec = new ECGenParameterSpec("sm2p256v1");
// 獲取一個橢圓曲線類型的密鑰對生成器
final KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
// 使用SM2算法域參數集初始化密鑰生成器(默認使用以最高優先級安裝的提供者的 SecureRandom 的實現作為隨機源)
// kpg.initialize(sm2Spec);
// 使用SM2的算法域參數集和指定的隨機源初始化密鑰生成器
kpg.initialize(sm2Spec, new SecureRandom());
// 通過密鑰生成器生成密鑰對
return kpg.generateKeyPair();
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
/**
* @Description 公鑰加密
* @Author msx
* @param publicKeyHex SM2十六進制公鑰
* @param data 明文數據
* @return String
*/
public static String encrypt1(String publicKeyHex, String data) {
return encrypt(getECPublicKeyByPublicKeyHex(publicKeyHex), data, 1);
}
/**
* @Description 公鑰加密
* @Author msx
* @param data 明文數據
* @return String
*/
public static String encrypt(String data) {
return encrypt(getECPublicKeyByPublicKeyHex(publicKey), data, 1);
}
/**
* @Description 公鑰加密
* @Author msx
* @param publicKey SM2公鑰
* @param data 明文數據
* @param modeType 加密模式
* @return String
*/
public static String encrypt(BCECPublicKey publicKey, String data, int modeType) {
//加密模式
SM2Engine.Mode mode = SM2Engine.Mode.C1C3C2;
if (modeType != 1) {
mode = SM2Engine.Mode.C1C2C3;
}
//通過公鑰對象獲取公鑰的基本域參數。
ECParameterSpec ecParameterSpec = publicKey.getParameters();
ECDomainParameters ecDomainParameters = new ECDomainParameters(ecParameterSpec.getCurve(),
ecParameterSpec.getG(), ecParameterSpec.getN());
//通過公鑰值和公鑰基本參數創建公鑰參數對象
ECPublicKeyParameters ecPublicKeyParameters = new ECPublicKeyParameters(publicKey.getQ(), ecDomainParameters);
//根據加密模式實例化SM2公鑰加密引擎
SM2Engine sm2Engine = new SM2Engine(mode);
//初始化加密引擎
sm2Engine.init(true, new ParametersWithRandom(ecPublicKeyParameters, new SecureRandom()));
byte[] arrayOfBytes = null;
try {
//將明文字符串轉換為指定編碼的字節串
byte[] in = data.getBytes("utf-8");
//通過加密引擎對字節數串行加密
arrayOfBytes = sm2Engine.processBlock(in, 0, in.length);
} catch (Exception e) {
System.out.println("SM2加密時出現異常:" + e.getMessage());
e.printStackTrace();
}
//將加密后的字節串轉換為十六進制字符串
return Hex.toHexString(arrayOfBytes);
}
/**
* @Description 私鑰解密
* @Author msx
* @param privateKeyHex SM2十六進制私鑰
* @param cipherData 密文數據
* @return String
*/
public static String decrypt1(String privateKeyHex, String cipherData) {
return decrypt(getBCECPrivateKeyByPrivateKeyHex(privateKeyHex), cipherData, 1);
}
/**
* @Description 私鑰解密
* @Author msx
* @param s
* @param cipherData 密文數據
* @return String
*/
public static String decrypt(String s, String cipherData) {
return decrypt(getBCECPrivateKeyByPrivateKeyHex(privateKey), cipherData, 1);
}
/**
* @Description 私鑰解密
* @Author msx
* @param privateKey SM私鑰
* @param cipherData 密文數據
* @param modeType 解密模式
* @return
*/
public static String decrypt(BCECPrivateKey privateKey, String cipherData, int modeType) {
//解密模式
SM2Engine.Mode mode = SM2Engine.Mode.C1C3C2;
if (modeType != 1) {
mode = SM2Engine.Mode.C1C2C3;
}
//將十六進制字符串密文轉換為字節數組(需要與加密一致,加密是:加密后的字節數組轉換為了十六進制字符串)
byte[] cipherDataByte = Hex.decode(cipherData);
//通過私鑰對象獲取私鑰的基本域參數。
ECParameterSpec ecParameterSpec = privateKey.getParameters();
ECDomainParameters ecDomainParameters = new ECDomainParameters(ecParameterSpec.getCurve(),
ecParameterSpec.getG(), ecParameterSpec.getN());
//通過私鑰值和私鑰鑰基本參數創建私鑰參數對象
ECPrivateKeyParameters ecPrivateKeyParameters = new ECPrivateKeyParameters(privateKey.getD(),
ecDomainParameters);
//通過解密模式創建解密引擎并初始化
SM2Engine sm2Engine = new SM2Engine(mode);
sm2Engine.init(false, ecPrivateKeyParameters);
String result = null;
try {
//通過解密引擎對密文字節串進行解密
byte[] arrayOfBytes = sm2Engine.processBlock(cipherDataByte, 0, cipherDataByte.length);
//將解密后的字節串轉換為utf8字符編碼的字符串(需要與明文加密時字符串轉換成字節串所指定的字符編碼保持一致)
result = new String(arrayOfBytes, "utf-8");
} catch (Exception e) {
System.out.println("SM2解密時出現異常" + e.getMessage());
}
return result;
}
//橢圓曲線ECParameters ASN.1 結構
private static X9ECParameters x9ECParameters = GMNamedCurves.getByName("sm2p256v1");
//橢圓曲線公鑰或私鑰的基本域參數。
private static ECParameterSpec ecDomainParameters = new ECParameterSpec(x9ECParameters.getCurve(), x9ECParameters.getG(), x9ECParameters.getN());
/**
* @Description 公鑰字符串轉換為 BCECPublicKey 公鑰對象
* @Author msx
* @param pubKeyHex 64字節十六進制公鑰字符串(如果公鑰字符串為65字節首個字節為0x04:表示該公鑰為非壓縮格式,操作時需要刪除)
* @return BCECPublicKey SM2公鑰對象
*/
public static BCECPublicKey getECPublicKeyByPublicKeyHex(String pubKeyHex) {
//截取64字節有效的SM2公鑰(如果公鑰首個字節為0x04)
if (pubKeyHex.length() > 128) {
pubKeyHex = pubKeyHex.substring(pubKeyHex.length() - 128);
}
//將公鑰拆分為x,y分量(各32字節)
String stringX = pubKeyHex.substring(0, 64);
String stringY = pubKeyHex.substring(stringX.length());
//將公鑰x、y分量轉換為BigInteger類型
BigInteger x = new BigInteger(stringX, 16);
BigInteger y = new BigInteger(stringY, 16);
//通過公鑰x、y分量創建橢圓曲線公鑰規范
ECPublicKeySpec ecPublicKeySpec = new ECPublicKeySpec(x9ECParameters.getCurve().createPoint(x, y), ecDomainParameters);
//通過橢圓曲線公鑰規范,創建出橢圓曲線公鑰對象(可用于SM2加密及驗簽)
return new BCECPublicKey("EC", ecPublicKeySpec, BouncyCastleProvider.CONFIGURATION);
}
/**
* @Description 私鑰字符串轉換為 BCECPrivateKey 私鑰對象
* @Author msx
* @param privateKeyHex 32字節十六進制私鑰字符串
* @return BCECPrivateKey SM2私鑰對象
*/
public static BCECPrivateKey getBCECPrivateKeyByPrivateKeyHex(String privateKeyHex) {
//將十六進制私鑰字符串轉換為BigInteger對象
BigInteger d = new BigInteger(privateKeyHex, 16);
//通過私鑰和私鑰域參數集創建橢圓曲線私鑰規范
ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(d, ecDomainParameters);
//通過橢圓曲線私鑰規范,創建出橢圓曲線私鑰對象(可用于SM2解密和簽名)
return new BCECPrivateKey("EC", ecPrivateKeySpec, BouncyCastleProvider.CONFIGURATION);
}
public static void main(String[] args) {
String publicKeyHex = null;
String privateKeyHex = null;
KeyPair keyPair = createECKeyPair();
PublicKey publicKey = keyPair.getPublic();
if (publicKey instanceof BCECPublicKey) {
//獲取65字節非壓縮縮的十六進制公鑰串(0x04)
publicKeyHex = Hex.toHexString(((BCECPublicKey) publicKey).getQ().getEncoded(false));
System.out.println("---->SM2公鑰:" + publicKeyHex);
}
PrivateKey privateKey = keyPair.getPrivate();
if (privateKey instanceof BCECPrivateKey) {
//獲取32字節十六進制私鑰串
privateKeyHex = ((BCECPrivateKey) privateKey).getD().toString(16);
System.out.println("---->SM2私鑰:" + privateKeyHex);
}
/**
* 公鑰加密
*/
String data = "=========待加密數據=========";
//將十六進制公鑰串轉換為 BCECPublicKey 公鑰對象
String encryptData = encrypt1(publicKeyHex, data);
System.out.println("---->加密結果:" + encryptData);
/**
* 私鑰解密
*/
//將十六進制私鑰串轉換為 BCECPrivateKey 私鑰對象
data = decrypt1(privateKeyHex, encryptData);
System.out.println("---->解密結果:" + data);
}
}
浙公網安備 33010602011771號