网站建设免费按词收费,昆明学校网站建设,wordpress 3.3.2 主题,免费网站空间女人一、概述ECC算法(Elliptic curve cryptography#xff0c;椭圆曲线密码学)椭圆加密算法(ECC)是一种公钥加密体制#xff0c;最初由Koblitz和Miller两人于1985年提出#xff0c;其数学基础是利用椭圆曲线上的有理点构成Abel加法群上椭圆离散对数的计算困难性。是目前已知的公…一、概述ECC算法(Elliptic curve cryptography椭圆曲线密码学)椭圆加密算法(ECC)是一种公钥加密体制最初由Koblitz和Miller两人于1985年提出其数学基础是利用椭圆曲线上的有理点构成Abel加法群上椭圆离散对数的计算困难性。是目前已知的公钥体制中对每比特所提供加密强度最高的一种体制。在软件注册保护方面起到很大的作用一般的序列号通常由该算法产生。ECDSA is a digital signature algorithm是一种数字签名算法ECIES is an Integrated Encryption scheme 是一种集成加密方案ECDH is a key secure key exchange algorithm是密钥安全密钥交换算法1.1、jdk实现ECC算法在jdk1.5后加入支持目前仅仅只能完成密钥的生成与解析。JDK1.7开始内置了ECC公私钥生成、签名验签但没有实现加密解密。jdk支持ecdsa、不支持ecdh、eciesbc支持ecdsa、ecdh、ecies1.2、bc实现【提供实现】在Java中使用ECC算法有以下几点需要注意JDK1.7开始内置了ECC公私钥生成、签名验签但没有实现加密解密因此需要使用BouncyCastle来做Security Provider在Java中使用高级别的加解密算法比如AES使用256bit密钥、ECC使用Secp256r1等需要更新JRE的security policy文件否则会报类似“Illegal key size or default parameters”这样的错误。具体怎样更换policy文件可以参考这里实际项目开发过程中可能发现有传递给Java的公钥不是完整的X.509 SubjectPublicKeyInfo比如只传递了一个65字节的ECPoint过来这种情况可以跟对方沟通清楚所使用的Algorithm以及NamedCurve补全DER数据后再使用Java Security库解析。public classBcEcc {public static KeyPair initKeyPair(String algorithm, Integer keySize) throwsException {Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());KeyPairGenerator keyPairGenerator KeyPairGenerator.getInstance(EC,BC);keyPairGenerator.initialize(keySize,newSecureRandom());KeyPair keyPairkeyPairGenerator.generateKeyPair();returnkeyPair;}public static byte[] encrypt(byte[] content, PublicKey publicKey) throwsException {Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());Cipher cipher Cipher.getInstance(ECIES,BC);//写不写 BC都可以都是会选择BC实现来做cipher.init(Cipher.ENCRYPT_MODE, publicKey);returncipher.doFinal(content);}public static byte[] decrypt(byte[] content, PrivateKey privateKey) throwsException {Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());Cipher cipher Cipher.getInstance(ECIES,BC);cipher.init(Cipher.DECRYPT_MODE, privateKey);returncipher.doFinal(content);}}二、ECDSA签名基于ECC与DSA签名算法分类信息ECDSA(elliptic curve digital signature algorithm) 椭圆曲线数字签名算法速度快强度高签名短算法密钥长度默认长度签名长度实现的方NONEwithECDSA112-571256128JDK/BCRIPEMD160withECDSA同上256160BCSHA1withECDSA...256160JDK/BCSHA224withECDSA...256224JDK/BCSHA256withECDSA...256256JDK/BCSHA384withECDSA...256384JDK/BCSHA512withECDSA...256512JDK/BC签名示例/algorithm-sign/algorithm-sign-impl/src/main/java/com/github/bjlhx15/security/sign003ecchttp://baike.baidu.com/item/%E6%A4%AD%E5%9C%86%E5%8A%A0%E5%AF%86%E7%AE%97%E6%B3%95/10305582?sefrcr三、nodejs版crypto支持ecdsa、ecdh不支持ecies加密解密ecccrypto支持ecies加密解密jsrsasign 使用3.1、使用原生crypto 操作ecdsa、ecdh无需安装类库模块//原生crypto 支持 签名 验签 密钥交换//签名functionecc_ecdsa_sign(signAlgorithmName, privateKey, srcData) {const crypto require(crypto);const signcrypto.createSign(signAlgorithmName);sign.update(srcData);//注意这里是pkcs1 java后端默认是pkcs8const private_key -----BEGIN EC PRIVATE KEY-----\n privateKey-----END EC PRIVATE KEY-----\n;return sign.sign(private_key).toString(base64);}//验签functionecc_ecdsa_verify(signAlgorithmName, publicKey,sign, srcData) {//校验这里直接使用公钥直接后端java生成的即可const crypto require(crypto);const verifycrypto.createVerify(signAlgorithmName);verify.update(srcData);//verify.update(new Buffer(srcData, utf-8));var public_key-----BEGIN PUBLIC KEY-----\n publicKey-----END PUBLIC KEY-----\n;console.log(verify.verify(public_key, sign,base64));}//密钥交换functionecc_ecdh(srcData) {const crypto require(crypto);const assert require(assert);//Generate Alices keys...const alice crypto.createECDH(secp521r1);const alice_keyalice.generateKeys();//Generate Bobs keys...const bob crypto.createECDH(secp521r1);const bob_keybob.generateKeys();//Exchange and generate the secret...const alice_secret alice.computeSecret(bob_key);const bob_secretbob.computeSecret(alice_key);console.log(alice_secret: alice_secret.toString(base64))console.log(bob_secret: bob_secret.toString(base64))assert(alice_secret, bob_secret);}//算法var algorithmName {sha1:sha1,sha224:sha224,sha256:sha256,sha384:sha384,sha512:sha512}module.exports{algorithmName, ecc_ecdsa_sign, ecc_ecdsa_verify, ecc_ecdh}测试functionmain() {var algorithm require(../main/ecc001crypto)//pkcs1var priKey MHQCAQEEID7ytsiAhdlShisEkdox7E2pTDP/nKmFdyKWyrqaFh/oAcGBSuBBAAKoUQDQgAEE0eb7o1ibninvBQlX8sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A\n;//普通的后端keyvar pubKey MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE0eb7o1ibninvBQlX8sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A\n;console.log(-----签名-验签-------)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha1, priKey, hello world)console.log(value)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha1, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha224, priKey, hello world)console.log(value)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha224, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha256, priKey, hello world)console.log(value)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha256, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha384, priKey, hello world)console.log(value)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha384, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.sha512, priKey, hello world)console.log(value)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha512, pubKey, value,hello world)console.log(-----java的签名-验签-------)var javaSignMEYCIQDFtnUYxR0jPw8/16iZxYlEkWAJkcPIxpXSWNnU9DoGwIhAJ1A8XlSoeqRvGC9ZzOthvGvQoOXZsaiy7iryHINJa0;algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha256, pubKey, javaSign,我是测试数据对的纷纷)console.log(-----密钥交换-------)algorithm.ecc_ecdh()}main();3.2、使用类库ecccrypto操作ecdsa、ecdh、ecies加密解密安装npm i eccrypto//使用 eccrypto 库 支持 签名 验签 密钥交换 加密解密//签名 验签functionecc_ecdsa(signAlgorithmName, pubKey, priKey, str) {var crypto require(crypto);var eccrypto require(eccrypto);//A new random 32-byte private key.var privateKey eccrypto.generatePrivate();console.log(privateKey.toString(base64))//Corresponding uncompressed (65-byte) public key.var publicKey eccrypto.getPublic(privateKey);console.log(publicKey.toString(base64))//var str message to sign;//Always hash you message to sign!var msg crypto.createHash(signAlgorithmName).update(str).digest();eccrypto.sign(privateKey, msg).then(function(sig) {console.log(Signature in DER format:, sig.toString(base64));eccrypto.verify(publicKey, msg, sig).then(function() {console.log(Signature is OK);}).catch(function() {console.log(Signature is BAD);});});}//密钥交换functionecc_ecdh() {var eccrypto require(eccrypto);var privateKeyA eccrypto.generatePrivate();var publicKeyA eccrypto.getPublic(privateKeyA);var privateKeyB eccrypto.generatePrivate();var publicKeyB eccrypto.getPublic(privateKeyB);eccrypto.derive(privateKeyA, publicKeyB).then(function(sharedKey1) {eccrypto.derive(privateKeyB, publicKeyA).then(function(sharedKey2) {console.log(Both shared keys are equal:, sharedKey1.toString(base64), sharedKey2.toString(base64));});});}//ecc加密解密functionecc_ecies() {var eccrypto require(eccrypto);var privateKeyA eccrypto.generatePrivate();var publicKeyA eccrypto.getPublic(privateKeyA);var privateKeyB eccrypto.generatePrivate();var publicKeyB eccrypto.getPublic(privateKeyB);//Encrypting the message for B.eccrypto.encrypt(publicKeyB, Buffer.from(msg to b)).then(function(encrypted) {//B decrypting the message.console.log(Message to part B[encrypted]:, encrypted.ciphertext.toString(base64));eccrypto.decrypt(privateKeyB, encrypted).then(function(plaintext) {console.log(Message to part B:, plaintext.toString());});});//Encrypting the message for A.eccrypto.encrypt(publicKeyA, Buffer.from(msg to a)).then(function(encrypted) {//A decrypting the message.console.log(Message to part A[encrypted]:, encrypted.ciphertext.toString(base64));eccrypto.decrypt(privateKeyA, encrypted).then(function(plaintext) {console.log(Message to part A:, plaintext.toString());});});}//算法var algorithmName {sha1:sha1,sha224:sha224,sha256:sha256,//sha384: sha384, //Error: Message is too long//sha512: sha512}module.exports{algorithmName, ecc_ecdsa, ecc_ecdh, ecc_ecies}测试functionmain() {var algorithm require(../main/ecc002eccrypto)//pkcs1var priKey MHQCAQEEID7ytsiAhdlShisEkdox7E2pTDP/nKmFdyKWyrqaFh/oAcGBSuBBAAKoUQDQgAEE0eb7o1ibninvBQlX8sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A;//普通的后端keyvar pubKey MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE0eb7o1ibninvBQlX8sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A;console.log(-----签名-验签-------)var value algorithm.ecc_ecdsa(algorithm.algorithmName.sha1, pubKey,priKey, hello world)var value algorithm.ecc_ecdsa(algorithm.algorithmName.sha224, pubKey,priKey, hello world)var value algorithm.ecc_ecdsa(algorithm.algorithmName.sha256, pubKey,priKey, hello world)//var value algorithm.ecc_ecdsa(algorithm.algorithmName.sha384, pubKey,priKey, hello world)console.log(-----密钥交换-------)algorithm.ecc_ecdh()console.log(-----加密 解密-------)algorithm.ecc_ecies()}main();3.3、使用类库jsrsasign操作//使用 eccrypto 库 支持 签名 验签 密钥交换 加密解密//签名 验签functionecc_ecdsa_sign(signAlgorithmName, priKey, str) {var Jsrsasign require(jsrsasign);//导入的Jsrsasign模块里面有很多实用的对象对应不同的方法console.log(Jsrsasign)const privateKeyString -----BEGIN PRIVATE KEY-----\n priKey \n-----END PRIVATE KEY-----\n;//传入私钥//默认传入的私钥是PKCS#1的格式所以采用readPrivateKeyFromPEMString(keyPEM)这个方法//rsa.readPrivateKeyFromPEMString(PrivateKey);//如果后台生产出来的私钥是PKCS#8的格式就不能用readPrivateKeyFromPEMString(keyPEM)这个方法const key Jsrsasign.KEYUTIL.getKey(privateKeyString);//创建 Signature 对象设置签名编码算法const signature newJsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName });//初始化signature.init(key);//上面3行相当于这句//const signature new Jsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName,prvkeypem:privateKeyString });//!这里指定 私钥 pem!//传入待加密字符串signature.updateString(str);//生成密文const originSign signature.sign();const sign64Jsrsasign.hextob64(originSign);console.log(sign base64 , sign64);//const sign64u Jsrsasign.hextob64u(originSign);//console.log(sign base64u, sign64u);returnsign64;}functionecc_ecdsa_verify(signAlgorithmName, pubKey, sign, str) {var Jsrsasign require(jsrsasign);//导入的Jsrsasign模块里面有很多实用的对象对应不同的方法console.log(Jsrsasign)const pKeyString -----BEGIN PUBLIC KEY-----\n pubKey \n-----END PUBLIC KEY-----\n;//1.传入私钥//默认传入的私钥是PKCS#1的格式所以采用readPrivateKeyFromPEMString(keyPEM)这个方法//rsa.readPrivateKeyFromPEMString(PrivateKey);//如果后台生产出来的私钥是PKCS#8的格式就不能用readPrivateKeyFromPEMString(keyPEM)这个方法//const key Jsrsasign.KEYUTIL.getKey(pKeyString);//2. 创建 Signature 对象设置签名编码算法//const signature new Jsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName});//3.初始化//signature.init(key)//上面3行另一种写法const signature newJsrsasign.KJUR.crypto.Signature({ alg: signAlgorithmName, prvkeypem: pKeyString });//传入待加密字符串signature.updateString(str);var b signature.verify(Jsrsasign.b64tohex(sign))//生成密文console.log(sign verify , b);returnb;}//ecc加密解密functionecc_ecies() {var Jsrsasign require(jsrsasign);var keypair Jsrsasign.KEYUTIL.generateKeypair(EC,secp256k1);console.log(keypair)var pubKeykeypair.pubKeyObj.pubKeyHexvar priKeykeypair.prvKeyObj.prvKeyHexconsole.log(Jsrsasign.hextob64(pubKey))console.log(Jsrsasign.hextob64(priKey))}//算法var algorithmName {SHA1withECDSA:SHA1withECDSA,SHA224withECDSA:SHA224withECDSA,SHA256withECDSA:SHA256withECDSA,SHA384withECDSA:SHA384withECDSA, //Error: Message is too longSHA512withECDSA: SHA512withECDSA}module.exports{algorithmName, ecc_ecdsa_sign, ecc_ecdsa_verify, ecc_ecies}测试functionmain() {var algorithm require(../main/ecc003jsrsasign)//pkcs1var priKeyPkcs1 MHQCAQEEID7ytsiAhdlShisEkdox7E2pTDP/nKmFdyKWyrqaFh/oAcGBSuBBAAKoUQDQgAEE0eb7o1ibninvBQlX8sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A;var priKeyPkcs8 MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQgPvK2yICF2VL6GKwSR2jHsTalMM/cqYV3IpbKupoWHgBwYFK4EEAAqhRANCAAQTR5vujWJueKe8FCVfz6yOKAdoHjrXY2frbSnbTM/FsoCMtrnDkzaMnC0Pe/ZtEOOYh4BXcAeHPHM823nq3sHo;//普通的后端keyvar pubKey MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEE0eb7o1ibninvBQlX8sjigHaB4612Nn620p20zPxbKAjLa5w5M2jJwtD3v2bRDjmIeAV3AHhzxzPNt56t7B6A;console.log(-----签名-验签-------)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA1withECDSA, priKeyPkcs8, hello world)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA1withECDSA, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA224withECDSA, priKeyPkcs8, hello world)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA224withECDSA, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA256withECDSA, priKeyPkcs8, hello world)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA256withECDSA, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA384withECDSA, priKeyPkcs8, hello world)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA384withECDSA, pubKey, value,hello world)var value algorithm.ecc_ecdsa_sign(algorithm.algorithmName.SHA512withECDSA, priKeyPkcs8, hello world)algorithm.ecc_ecdsa_verify(algorithm.algorithmName.SHA512withECDSA, pubKey, value,hello world)//console.log(-----密钥交换-------)//algorithm.ecc_ecdh()console.log(-----加密 解密-------)algorithm.ecc_ecies()}main();更多https://github.com/kjur/jsrsasign.git3.5、nodejs结合java使用签名验签Java 语言就使用「PKCS8」密钥格式也叫 「PKCS#8」如果非 Java 语言可以考虑「PKCS1」。Java 使用private key 和 public key时要把首尾「-----BEGIN PRIVATE KEY-----」之类的删除但在 JavaScript 里使用时一定要加上。nodejs与java的ecc加密签名通讯。3.5.1、使用java操作生成双方公私钥java端ecchttps://github.com/bjlhx15/algorithm-sign.git使用测代码生成com.github.bjlhx15.security.encryptSign001BcEcc.BcEccAlgorithmUtilTest 生成 initKeyPairBase64 后续操作方便使用 process 测试A pubKey:MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYfNJOtj1Xkfp9bVqoXlB4ixVhNtN7ZlmPPiyeDrPbKNX7XhmN8EcyOhjfpbXYmJY8JItue9rajOqouS45wYpQA priKey:MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQg1xRtgNwZ3oo509hNEkoHhGRDhHiq0zfZy0zQxAOegBwYFK4EEAAqhRANCAARh80k62PVeRn1tWqheUHiLFWE203tmX6Y8LJ4Os9so1fteGY3wRzI6GNltdiYljwki2572tqM6qi5LjnBilA priKey[pkcs1]:MHQCAQEEINcUbYDcGd6KPudPYTfhJKB/oRkQ4R4qtM32ctM0MQDnoAcGBSuBBAAKoUQDQgAEYfNJOtj1Xkfp9bVqoXlB4ixVhNtN7ZlmPPiyeDrPbKNX7XhmN8EcyOhjfpbXYmJY8JItue9rajOqouS45wYpQB pubKey:MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEJN5FVWR90XaFSMjVEbCGgAqrMbvHCIM0i84kVLuKpESDNgGSnz0AZt4HKElRR8MkZbzsnJdMq5gmDxTrYMyg8QB priKey:MIGNAgEAMBAGByqGSM49AgEGBSuBBAAKBHYwdAIBAQQgUHzI83yRMCfl395xdpx/CB2eZPIsEORBN3OPQyN0RT6gBwYFK4EEAAqhRANCAAQk3kVVZH3RdoVIyNURsIaACqsxu8cIgzSLziRUu4qkRIM2AZKfPQBm3gcoSVFHwyRlvOycl0yrmCYPFOtgzKDxA 向 B 发送数据【密文、签名】A 需要用B的 公钥加密数据密文:BNmsoiMfajCwsqvNGwx198QliMzFVFySnsGkJuBWGNHxbe/lKxcsDnh3qTyD8DNdm0se2l3mmJudy2msDwCde2lVGLDCRjHh8htCFaFJUGSPP/f7IrzWUMJB1zF8nr1VB7GIGgMeGyGaynE31viTg3QA 需要用自己的 私钥签名sign:MEUCIQCEF3hAZed32ZLwxuhuGozogPstm2YPSYNpjMqGTnK7wIge3LRMWegt9eBm6u5j7oWi06boKTWspOBSWJRY33Fj8A 向 B 发送数据:okB用 需要用自己 的私钥解密解密后:我是测试数据对的纷纷B需要用A 的公钥验签check:true3.5.2、nodejs交互操作方案一、使用nodejs自带模块crypto签名将A的公私钥分发给nodejs使用java使用的是pkcs8nodejs的crypto使用的是pkcs1所以这里使用的是 priKey[pkcs1]参看3.1示例注意使用的是sha256的算法方案二、使用工具类-jsrsasign安装 npm i jsrsasign参看3.23.5.3、java验签此时nodejs端会将签名发送至java端java端验签使用客户的公钥以及签名org.junit.Testpublicvoidpkcs8checkSign() throws Exception {String msg 我是测试数据对的 http://blog.bjlhx.top/;System.out.println(B需要用A 的公钥验签);boolean check BcEccAlgorithmUtil.verify(MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEYfNJOtj1Xkfp9bVqoXlB4ixVhNtN7ZlmPPiyeDrPbKNX7XhmN8EcyOhjfpbXYmJY8JItue9rajOqouS45wYpQ,msg,MEUCIEuuqtMhHw/JvZgyBrs5djPD0VIZjxdeHYUWeEJsqcdlAiEAyVowkbpvQJuZWrUG2FXhq6BFDpq9wFSl2CcjcSjGRM);System.out.println(check: check);}输出B需要用A 的公钥验签check:truehttps://github.com/bjlhx15/algorithm-sign.git的encryptSign001BcEcc 的pkcs8checkSign3.5.4、java端回发数据签名参看com.github.bjlhx15.security.encryptSign001BcEcc.BcEccAlgorithmUtilTest#process签名值MEQCIEQbw0cfSMncVG/3OT/HnNQamNAZFPLYt5uYpjCsvoZAiAI9l4hdDDJqXlfKBxovkBUtqjl8r5BQHZfkS4QRH0/A3.5.5、node验签参看3.1console.log(-----java的签名-验签-------)var javaSign MEQCIEQbw0cfSMncVG/3OT/HnNQamNAZFPLYt5uYpjCsvoZAiAI9l4hdDDJqXlfKBxovkBUtqjl8r5BQHZfkS4QRH0/A;algorithm.ecc_ecdsa_verify(algorithm.algorithmName.sha256, pubKeyRemote, javaSign, msg:B)pubKeyRemote是B的公钥java端代码https://github.com/bjlhx15/algorithm-sign.git的com.github.bjlhx15.security.encryptSign001BcEcc.BcEccAlgorithmUtilTestnodejs端代码https://github.com/bjlhx15/algorithm-sign-nodejs.git 的ecc00X代码 主要看testEcc001crypto
