JAVA集成国密SM2

JAVA集成国密SM2加解密

国密算法概述:https://blog.csdn.net/qq_38254635/article/details/131801527

SM2椭圆曲线公钥密码算法

为非对称加密,基于ECC。该算法已公开。由于该算法基于ECC,故其签名速度与秘钥生成速度都快于RSA。ECC 256位(SM2采用的就是ECC 256位的一种)安全强度比RSA 2048位高,但运算速度快于RSA。

一、pom配置

java 复制代码
<!-- 国密 -->
<dependency>
	<groupId>org.bouncycastle</groupId>
	<artifactId>bcprov-jdk15to18</artifactId>
	<version>1.66</version>
</dependency>

二、代码集成

2.1、目录结构

2.2、源码

KeyConstant.java

java 复制代码
package com.secret.sm2;

public class KeyConstant {

    public static final String PRIVATE_KEY = "pveky"; // 私钥
    public static final String PUBLIC_KEY = "pbcky"; // 公钥

    public static final String GM_NAME_CURVE = "sm2p256v1";
    public static final String ALGORITHM = "SHA1PRNG";

}

ModeTypeConstant.java

java 复制代码
package com.secret.sm2;

import org.bouncycastle.crypto.engines.SM2Engine;

public class ModeTypeConstant {

    public static final String BASE = "base";
    public static final String BC = "bc";

    @Deprecated
    public static final SM2Engine.Mode BASE_MODE = SM2Engine.Mode.C1C3C2;
    @Deprecated
    public static final SM2Engine.Mode BC_MODE = SM2Engine.Mode.C1C2C3;

    public static ModeTypeEnum getMode(String modeType){
        if (ModeTypeEnum.BASE_MODE.getType().equals(modeType)) return ModeTypeEnum.BASE_MODE;
        return ModeTypeEnum.BC_MODE;
    }

}

ModeTypeEnum.java

java 复制代码
package com.secret.sm2;

import org.bouncycastle.crypto.engines.SM2Engine;

public enum ModeTypeEnum {

    BASE_MODE(ModeTypeConstant.BASE, SM2Engine.Mode.C1C3C2),
    BC_MODE(ModeTypeConstant.BC, SM2Engine.Mode.C1C2C3);

    private String type;
    private SM2Engine.Mode mode;

    ModeTypeEnum(String type, SM2Engine.Mode mode) {
        this.type = type;
        this.mode = mode;
    }

    public String getType(){
        return type;
    }

    public SM2Engine.Mode getMode(){
        return mode;
    }

}

SecretCommon.java

java 复制代码
package com.secret.sm2;

import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.pqc.math.linearalgebra.ByteUtils;
import org.bouncycastle.util.encoders.Hex;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;

/**
 * SM2公钥密码算法(非对称算法)
 * SM2椭圆曲线公钥密码算法是我国自主设计的公钥密码算法。
 * 包括SM2-1椭圆曲线数字签名算法;SM2-2椭圆曲线密钥交换协议;SM2-3椭圆曲线公钥加密算法,分别用于实现数字签名密钥协商和数据加密等功能。
 * SM2算法与RSA算法不同的是,SM2算法是基于椭圆曲线上点群离散对数难题,相对于RSA算法,256位的SM2密码强度已经比2048位的RSA密码强度要高。
 */
public class SecretCommon {

    //获取椭圆曲线
    public static synchronized ECDomainParameters getECDomainParameters() {
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName(KeyConstant.GM_NAME_CURVE);
        return new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
    }

    /**
     * get key pair
     */
    public static Map<String, String> createKeyPair() throws NoSuchAlgorithmException {
        ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
        keyPairGenerator.init(new ECKeyGenerationParameters(getECDomainParameters(), SecureRandom.getInstance(KeyConstant.ALGORITHM)));
        AsymmetricCipherKeyPair asymmetricCipherKeyPair = keyPairGenerator.generateKeyPair();
        Map<String, String> map = new HashMap<>();
        BigInteger bigInteger = ((ECPrivateKeyParameters) asymmetricCipherKeyPair.getPrivate()).getD();
        map.put(KeyConstant.PRIVATE_KEY, ByteUtils.toHexString(bigInteger.toByteArray()));
        // 把公钥放入map中,默认压缩公钥
        // 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥,04的时候,可以去掉前面的04
        ECPoint ecPoint = ((ECPublicKeyParameters) asymmetricCipherKeyPair.getPublic()).getQ();
        map.put(KeyConstant.PUBLIC_KEY, ByteUtils.toHexString(ecPoint.getEncoded(false)));
        return map;
    }

    /**
     * 加密
     * @param plainText 需加密的明文字符串
     * @param publicKey 公钥
     * @param modeType base:标准;bc:BC模式
     */
    public static String encrypt(String plainText, String publicKey, ModeTypeEnum modeType) throws IOException, InvalidCipherTextException {
        return encrypt(plainText.getBytes(), publicKey, modeType.getMode());
    }

    /**
     * 加密
     * @param plainByte 需加密的明文字节数组
     * @param publicKey 公钥
     * @param mode 加密模式 ModeTypeEnum
     */
    public static String encrypt(byte[] plainByte, String publicKey, SM2Engine.Mode mode) throws IOException, InvalidCipherTextException {
        ECDomainParameters domainParameters = getECDomainParameters();
        //提取公钥点
        ECPoint ecPoint = domainParameters.getCurve().decodePoint(ByteUtils.fromHexString(publicKey));
        // 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
        ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(ecPoint, domainParameters);
        SM2Engine sm2Engine = new SM2Engine(mode);
        sm2Engine.init(true, new ParametersWithRandom(publicKeyParameters, new SecureRandom()));
        return ByteUtils.toHexString(sm2Engine.processBlock(plainByte, 0, plainByte.length));
    }

    /**
     * 解密
     * @param cipherText 需加密的字符串
     * @param privateKey 私钥
     * @param modeType base:标准;bc:BC模式
     */
    public static String decrypt(String cipherText, String privateKey, ModeTypeEnum modeType) throws InvalidCipherTextException, UnsupportedEncodingException {
        return decrypt(Hex.decode(cipherText), privateKey, modeType.getMode());
    }

    /**
     * 解密
     * @param cipherDataByte 密文字节数组
     * @param privateKeyHex 私钥
     * @param mode 解密模式 ModeTypeEnum
     */
    public static String decrypt(byte[] cipherDataByte, String privateKeyHex, SM2Engine.Mode mode) throws InvalidCipherTextException, UnsupportedEncodingException {
        BigInteger bigInteger = new BigInteger(privateKeyHex, 16);
        ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(bigInteger, getECDomainParameters());
        SM2Engine sm2Engine = new SM2Engine(mode);
        sm2Engine.init(false, privateKeyParameters);
        return new String(sm2Engine.processBlock(cipherDataByte, 0, cipherDataByte.length), "utf-8");
    }

}

Utils.java

java 复制代码
package com.secret.sm2;

import org.bouncycastle.crypto.InvalidCipherTextException;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;

public class Utils {

    /**
     * get key pair
     */
    public static Map<String, String> createKeyPair() throws NoSuchAlgorithmException {
        return SecretCommon.createKeyPair();
    }

    /**
     * encrypt
     * @param plainText 需加密的明文字符串
     * @param publicKey 公钥
     */
    public static String encrypt(String plainText, String publicKey) throws IOException, InvalidCipherTextException {
        return encrypt(plainText, publicKey, ModeTypeConstant.BASE);
    }

    /**
     * encrypt
     * @param plainText 需加密的明文字符串
     * @param publicKey 公钥
     * @param modeType base:标准;bc:BC模式
     */
    public static String encrypt(String plainText, String publicKey, String modeType) throws IOException, InvalidCipherTextException {
        return SecretCommon.encrypt(plainText, publicKey, ModeTypeConstant.getMode(modeType));
    }

    /**
     * decrypt
     * @param cipherText 需加密的字符串
     * @param privateKey 私钥
     */
    public static String decrypt(String cipherText, String privateKey) throws InvalidCipherTextException, UnsupportedEncodingException {
        return decrypt(cipherText, privateKey, ModeTypeConstant.BASE);
    }

    /**
     * decrypt
     * @param cipherText 需加密的字符串
     * @param privateKey 私钥
     * @param modeType base:标准;bc:BC模式
     */
    public static String decrypt(String cipherText, String privateKey, String modeType) throws InvalidCipherTextException, UnsupportedEncodingException {
        return SecretCommon.decrypt(cipherText, privateKey, ModeTypeConstant.getMode(modeType));
    }

}

测试类:Test.java

java 复制代码
package com.secret.sm2;

import java.util.Map;

public class Test {

    public static void main(String[] args) throws Exception {
        Map<String, String> createKeyPair = Utils.createKeyPair();
        System.out.println("秘钥对:" + createKeyPair);
        String privateKey = createKeyPair.get(KeyConstant.PRIVATE_KEY);
        String publicKey = createKeyPair.get(KeyConstant.PUBLIC_KEY);
        String text = "I believe you can do anything";
        String encrypt = Utils.encrypt(text, publicKey);
        System.out.println("加密后密文:" + encrypt);
        String decrypt = Utils.decrypt(encrypt, privateKey);
        System.out.println("解密后明文:" + decrypt);
    }

}

2.3、测试

测试结果如图:

使用方法参考测试类即可。

三、相关链接

国密算法概述:https://blog.csdn.net/qq_38254635/article/details/131801527

JAVA集成国密SM3:https://blog.csdn.net/qq_38254635/article/details/131810696

JAVA集成国密SM4:https://blog.csdn.net/qq_38254635/article/details/131810715

相关推荐
曦樂~9 分钟前
【Qt】信号与槽(Signal and Slot)- 简易计算器
开发语言·数据库·qt
一线大码9 分钟前
SpringBoot 优雅实现接口的多实现类方式
java·spring boot·后端
花伤情犹在14 分钟前
Java Stream 高级应用:优雅地扁平化(FlatMap)递归树形结构数据
java·stream·function·flatmap
歪歪10018 分钟前
React Native开发Android&IOS流程完整指南
android·开发语言·前端·react native·ios·前端框架
yaoxin52112327 分钟前
212. Java 函数式编程风格 - Java 编程风格转换:命令式 vs 函数式(以循环为例)
java·开发语言
wangqiaowq27 分钟前
ImmutableList.of() 是 Google Guava 库 提供的一个静态工厂方法,用于创建一个不可变的(immutable)列表。
开发语言·windows·python
摇滚侠37 分钟前
Spring Boot 3零基础教程,WEB 开发 Thymeleaf 属性优先级 行内写法 变量选择 笔记42
java·spring boot·笔记
滑水滑成滑头38 分钟前
**发散创新:多智能体系统的探索与实践**随着人工智能技术的飞速发展,多智能体系统作为当今研究的热点领域,正受到越来越多关注
java·网络·人工智能·python
摇滚侠41 分钟前
Spring Boot 3零基础教程,WEB 开发 Thymeleaf 总结 热部署 常用配置 笔记44
java·spring boot·笔记
十年小站42 分钟前
一、新建一个SpringBoot3项目
java·spring boot