SpringBoot中_JAVA利用国密算法_实现内容的加密_解密

首先来看一下什么是用国国密算法:

国密即国家密码局认定的国产密码算法 ，即商用密码 。密算

国密主要有SM1，法实SM2，现内SM3，加密解密SM4。用国密钥长度和分组长度均为128位。密算

1 、法实SM1 为对称加密。现内其加密强度与AES(高级加密标准,加密解密Advanced Encryption Standard)相当。该算法不公开  ，用国调用该算法时 ，密算需要通过加密芯片的法实接口进行调用。

2、现内SM2为非对称加密，加密解密基于ECC。该算法已公开 。由于该算法基于ECC ，故其签名速度与秘钥生成速度都快于RSA
。ECC 256位（SM2采用的就是ECC 256位的一种）安全强度比RSA 2048位高，但运算速度快于RSA。

3、SM3为消息摘要 。可以用MD5作为对比理解。该算法已公开 。校验结果为256位  。

4、SM4为无线局域网标准的分组数据算法。对称加密，密钥长度和分组长度均为128位。

由于SM1 、SM4加解密的分组大小为128bit
，故对消息进行加解密时，若消息长度过长，需要进行分组 ，要消息长度不足 ，则要进行填充 。

在很多地方还是会用到的,这里说一下这个:SM2

1.在pom.xml中引入依赖jar包:

<dependency>n <groupId>org.bouncycastle</groupId>n <artifactId>bcprov-jdk15on</artifactId>n <version>1.58</version>n</dependency>n

2.然后来写一个工具类,用来生成国密的,公钥和私钥 这个密码对.

import org.bouncycastle.jce.provider.BouncyCastleProvider;n nimport java.security.*;nimport java.security.spec.ECGenParameterSpec;nimport java.security.spec.PKCS8EncodedKeySpec;nimport java.security.spec.X509EncodedKeySpec;nimport java.util.Base64;n n/**n * @author hulalan * @Description 国密公私钥对 工具类n */npublic class KeyUtils { n n /**n * 生成国密公私钥对n *n * @returnn * @throws Exceptionn */n public static String[] generateSmKey() throws Exception { n KeyPairGenerator keyPairGenerator = null;n SecureRandom secureRandom = new SecureRandom();n ECGenParameterSpec sm2Spec = new ECGenParameterSpec("sm2p256v1");n keyPairGenerator = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());n keyPairGenerator.initialize(sm2Spec);n keyPairGenerator.initialize(sm2Spec, secureRandom);n KeyPair keyPair = keyPairGenerator.generateKeyPair();n PrivateKey privateKey = keyPair.getPrivate();n PublicKey publicKey = keyPair.getPublic();n //String[0] 公钥n //String[1] 私钥n String[] result = { n new String(Base64.getEncoder().encode(publicKey.getEncoded()))n , new String(Base64.getEncoder().encode(privateKey.getEncoded()))n };n return result;n }n n /**n * 将Base64转码的公钥串，转化为公钥对象n *n * @param publicKeyn * @returnn */n public static PublicKey createPublicKey(String publicKey) { n PublicKey publickey = null;n try { n X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKey));n KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());n publickey = keyFactory.generatePublic(publicKeySpec);n } catch (Exception e) { n e.printStackTrace();n }n return publickey;n }n n /**n * 将Base64转码的私钥串
，转化为私钥对象n *n * @param privateKeyn * @returnn */n public static PrivateKey createPrivateKey(String privateKey) { n PrivateKey publickey = null;n try { n PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey));n KeyFactory keyFactory = KeyFactory.getInstance("EC", new BouncyCastleProvider());n publickey = keyFactory.generatePrivate(pkcs8EncodedKeySpec);n } catch (Exception e) { n e.printStackTrace();n }n return publickey;n }n n}n

3.根据公钥和私钥工具类,生成的密钥对,对数据,进行加密和解密操作

import org.bouncycastle.asn1.gm.GMObjectIdentifiers;nimport org.bouncycastle.crypto.InvalidCipherTextException;nimport org.bouncycastle.crypto.engines.SM2Engine;nimport org.bouncycastle.crypto.params.ECDomainParameters;nimport org.bouncycastle.crypto.params.ECPrivateKeyParameters;nimport org.bouncycastle.crypto.params.ECPublicKeyParameters;nimport org.bouncycastle.crypto.params.ParametersWithRandom;nimport org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;nimport org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;nimport org.bouncycastle.jce.provider.BouncyCastleProvider;nimport org.bouncycastle.jce.spec.ECParameterSpec;n nimport java.security.*;n n/**n * @author hulalan * @Description SM2实现工具类n */npublic class Sm2Util { n n static { n Security.addProvider(new BouncyCastleProvider());n }n n /**n * 根据publicKey对原始数据data，使用SM2加密n *n * @param datan * @param publicKeyn * @returnn */n public static byte[] encrypt(byte[] data, PublicKey publicKey) { n ECPublicKeyParameters localECPublicKeyParameters = null;n n if (publicKey instanceof BCECPublicKey) { n BCECPublicKey localECPublicKey = (BCECPublicKey) publicKey;n ECParameterSpec localECParameterSpec = localECPublicKey.getParameters();n ECDomainParameters localECDomainParameters = new ECDomainParameters(localECParameterSpec.getCurve(),n localECParameterSpec.getG(), localECParameterSpec.getN());n localECPublicKeyParameters = new ECPublicKeyParameters(localECPublicKey.getQ(), localECDomainParameters);n }n SM2Engine localSM2Engine = new SM2Engine();n localSM2Engine.init(true, new ParametersWithRandom(localECPublicKeyParameters, new SecureRandom()));n byte[] arrayOfByte2;n try { n arrayOfByte2 = localSM2Engine.processBlock(data, 0, data.length);n return arrayOfByte2;n } catch (InvalidCipherTextException e) { n n e.printStackTrace();n return null;n }n }n n /**n * 根据privateKey对加密数据encodedata ，使用SM2解密n *n * @param encodedatan * @param privateKeyn * @returnn */n public static byte[] decrypt(byte[] encodedata, PrivateKey privateKey) { n SM2Engine localSM2Engine = new SM2Engine();n BCECPrivateKey sm2PriK = (BCECPrivateKey) privateKey;n ECParameterSpec localECParameterSpec = sm2PriK.getParameters();n ECDomainParameters localECDomainParameters = new ECDomainParameters(localECParameterSpec.getCurve(),n localECParameterSpec.getG(), localECParameterSpec.getN());n ECPrivateKeyParameters localECPrivateKeyParameters = new ECPrivateKeyParameters(sm2PriK.getD(),n localECDomainParameters);n localSM2Engine.init(false, localECPrivateKeyParameters);n try { n byte[] arrayOfByte3 = localSM2Engine.processBlock(encodedata, 0, encodedata.length);n return arrayOfByte3;n } catch (InvalidCipherTextException e) { n e.printStackTrace();n return null;n }n }n n /**n * 私钥签名n *n * @param datan * @param privateKeyn * @returnn * @throws Exceptionn */n public static byte[] signByPrivateKey(byte[] data, PrivateKey privateKey) throws Exception { n Signature sig = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), BouncyCastleProvider.PROVIDER_NAME);n sig.initSign(privateKey);n sig.update(data);n byte[] ret = sig.sign();n return ret;n }n n /**n * 公钥验签n *n * @param datan * @param publicKeyn * @param signaturen * @returnn * @throws Exceptionn */n public static boolean verifyByPublicKey(byte[] data, PublicKey publicKey, byte[] signature) throws Exception { n Signature sig = Signature.getInstance(GMObjectIdentifiers.sm2sign_with_sm3.toString(), BouncyCastleProvider.PROVIDER_NAME);n sig.initVerify(publicKey);n sig.update(data);n boolean ret = sig.verify(signature);n return ret;n }n n}n

4.来测试一下,对数据进行加密解密

import org.junit.Test;n nimport java.util.Base64;n n/**n * @author hulalan * @Description Sm2Util 的测试类n */npublic class Sm2UtilTest { n n private String testStr = "wangjing";n n java.security.PublicKey publicKey = null;n java.security.PrivateKey privateKey = null;n n n @Testn public void test() throws Exception { n //生成公私钥对n String[] keys = KeyUtils.generateSmKey();n n System.out.println("原始字符串：" + testStr);n System.out.println("公钥 ：" + keys[0]);n publicKey = KeyUtils.createPublicKey(keys[0]);n n System.out.println("私钥：" + keys[1]);n privateKey = KeyUtils.createPrivateKey(keys[1]);n n System.out.println("");n n n byte[] encrypt = Sm2Util.encrypt(testStr.getBytes(), publicKey);n String encryptBase64Str = Base64.getEncoder().encodeToString(encrypt);n System.out.println("加密数据：" + encryptBase64Str);n n byte[] decode = Base64.getDecoder().decode(encryptBase64Str);n byte[] decrypt = Sm2Util.decrypt(decode, privateKey);n System.out.println("解密数据
：" + new String(decrypt));n n byte[] sign = Sm2Util.signByPrivateKey(testStr.getBytes(), privateKey);n System.out.println("数据签名：" + Base64.getEncoder().encodeToString(sign));n n boolean b = Sm2Util.verifyByPublicKey(testStr.getBytes(), publicKey, sign);n System.out.println("数据验签 ：" + b);n }n}n

5.这样就实现了利用国密,SM2进行加密解密了.

​