国密sm2公钥加密 私钥解密java代码实现

目录

一、引入jar包

二、生成秘钥对,加解密工具类


一、引入jar包

        <!-- sm2加密依赖 -->
        <dependency>
            <groupId>org.bouncycastle</groupId>
            <artifactId>bcprov-jdk15on</artifactId>
            <version>1.70</version>
        </dependency>

二、生成秘钥对,加解密工具类

import org.apache.tomcat.util.codec.binary.Base64;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;


/**
 * @ClassName
 * @Description 加密工具类
 * @Author csn
 * @Date 14:54 2022/11/14
 * @Version V1.0
 **/
public class PassUtils {
    private static Logger logger = LoggerFactory.getLogger(PassUtils.class);

    private static final SM2Engine.Mode DIGEST = SM2Engine.Mode.C1C3C2;


    /**
     * @Description: 生成sm2秘钥对
     * @Author: csn
     * @date: 2022/11/14
     */
    public static KeyPair createSm2Key() {
        try {
            //使用标准名称创建EC参数生成的参数规范
            final ECGenParameterSpec sm2p256v1 = new ECGenParameterSpec("sm2p256v1");
            // 获取一个椭圆曲线类型的密钥对生成器
            final KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
            // 使用SM2的算法区域初始化密钥生成器
            kpg.initialize(sm2p256v1, new SecureRandom());
            // 获取密钥对
            return kpg.generateKeyPair();
        } catch (Exception e) {
            logger.error("生成秘钥对失败{}", e.getMessage());
            return null;
        }
    }

    /**
     * sm2公钥加密方法
     * @param publicKeyStr 加密的公钥
     * @param data         需要加密的数据
     * @return 返回加密后的字符串
     */
    public static String encryptSm2(String publicKeyStr, String data) {
        try {
            //算法工具包
            Security.addProvider(new BouncyCastleProvider());
            //将公钥字符串转为公钥字节
            byte[] bytes = Base64.decodeBase64(publicKeyStr);
            KeyFactory keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
            X509EncodedKeySpec keySpec = new X509EncodedKeySpec(bytes);
            logger.info("获取转换后的公钥");
            PublicKey publicKey = keyFactory.generatePublic(keySpec);

            logger.info("开始加密");
            CipherParameters pubKeyParameters = new ParametersWithRandom(ECUtil.generatePublicKeyParameter(publicKey), new SecureRandom());
            SM2Engine sm2Engine = new SM2Engine();
            sm2Engine.init(true, pubKeyParameters);
            byte[] arrayBytes = sm2Engine.processBlock(data.getBytes(), 0, data.getBytes().length);
            return Base64.encodeBase64String(arrayBytes);
            //开始加密
        } catch (Exception e) {
            logger.error("加密失败{}", e.getMessage());
        }
        return null;

    }

    /**
     * sm2私钥解密方法
     * @param privateStr 私钥
     * @param data       需要解密的数据
     * @return 返回解密后的数据
     */
    public static String decryptSm2(String privateStr, String data) {
        try {
            logger.info("私钥转换");
            byte[] bytes = Base64.decodeBase64(privateStr);
            KeyFactory keyFactory = KeyFactory.getInstance("EC", BouncyCastleProvider.PROVIDER_NAME);
            PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(bytes);
            PrivateKey privateKey = keyFactory.generatePrivate(keySpec);
            logger.info("sm2开始解密");

            CipherParameters privateKeyParameters = ECUtil.generatePrivateKeyParameter((BCECPrivateKey) privateKey);
            SM2Engine engine = new SM2Engine();
            engine.init(false, privateKeyParameters);
            byte[] byteDate = engine.processBlock(Base64.decodeBase64(data), 0, Base64.decodeBase64(data).length);
            return new String(byteDate);
        } catch (Exception e) {
            logger.error("sm2解密失败{}", e.getMessage());
            return null;
        }
    }

    public static void main(String[] args) throws Exception {
        //定义需要加密的字符串
        String str = "aaaaa";
        //生成秘钥对
        KeyPair sm2Key = createSm2Key();
        //获取公钥
        PublicKey publicKey = sm2Key.getPublic();
        //获取公钥base加密后字符串
        String publicStr = Base64.encodeBase64String(publicKey.getEncoded());
        logger.info("公钥为:{}", publicStr);
        //获取私钥
        PrivateKey privateKey = sm2Key.getPrivate();
        //获取私钥base加密后字符串
        String privateStr = Base64.encodeBase64String(privateKey.getEncoded());
        logger.info("私钥为:{}", privateStr);

        //公钥加密
        String passStr = encryptSm2(publicStr, str);
        logger.info("加密后为{}", passStr);
        //私钥解密
        String deStr = decryptSm2(privateStr, passStr);
        logger.info("解密后为{}", deStr);
    }
}