Android: AndroidKeyStore 对数据进行签名和验证,卑微打工人
作者:互联网
.setDigests(KeyProperties.DIGEST_SHA256)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM, KeyProperties.BLOCK_MODE_CTR,
KeyProperties.BLOCK_MODE_CBC, KeyProperties.BLOCK_MODE_ECB)
// .setBlockModes(KeyProperties.BLOCK_MODE_GCM/CTR/CBC/ECB)
.setCertificateSerialNumber(BigInteger.valueOf(1337))
.setCertificateNotBefore(start.getTime())
.setCertificateNotAfter(end.getTime())
.build();
}
KeyPairGenerator kpGenerator = KeyPairGenerator
.getInstance(SecurityConstants.TYPE_RSA,
SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
kpGenerator.initialize(spec);
KeyPair kp = kpGenerator.generateKeyPair();
Log.d(“huangxiaoguo”, "公共密钥: " + kp.getPublic().toString());
Log.d(“huangxiaoguo”, "私钥: " + kp.getPrivate().toString());
}
/**
-
签名
-
@param inputStr
-
@return
-
@throws KeyStoreException
-
@throws CertificateException
-
@throws NoSuchAlgorithmException
-
@throws IOException
-
@throws UnrecoverableEntryException
-
@throws InvalidKeyException
-
@throws SignatureException
*/
public static String signData(String inputStr) throws KeyStoreException, CertificateException,
NoSuchAlgorithmException, IOException, UnrecoverableEntryException,
InvalidKeyException, SignatureException {
byte[] data = inputStr.getBytes();
//AndroidKeyStore
KeyStore ks = KeyStore.getInstance(SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
// 如果你没有InputStream加载,你仍然需要
//称之为“负载”,或者它会崩溃
ks.load(null);
if (mAlias == null) {
setAlias(SAMPLE_ALIAS);
}
//从Android加载密钥对密钥存储库中
KeyStore.Entry entry = ks.getEntry(mAlias, null);
/* *
*进行判断处理钥匙是不是存储的当前别名下 不存在要遍历别名列表Keystore.aliases()
*/
if (entry == null) {
Log.w(“huangxiaoguo”, "No key found under alias: " + mAlias);
Log.w(“huangxiaoguo”, “Exiting signData()…”);
return null;
}
if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
Log.w(“huangxiaoguo”, “Not an instance of a PrivateKeyEntry”);
Log.w(“huangxiaoguo”, “Exiting signData()…”);
return null;
}
// 开始签名
Signature s = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);
//初始化使用指定的私钥签名
s.initSign(((KeyStore.PrivateKeyEntry) entry).getPrivateKey());
// 签名并存储结果作为Base64编码的字符串。
s.update(data);
byte[] signature = s.sign();
String result = Base64.encodeToString(signature, Base64.DEFAULT);
return result;
}
/**
-
校验签名的字符串
-
@param input
-
@param signatureStr
-
@return
-
@throws KeyStoreException
-
@throws CertificateException
-
@throws NoSuchAlgorithmException
-
@throws IOException
-
@throws UnrecoverableEntryException
-
@throws InvalidKeyException
-
@throws SignatureException
*/
public static boolean verifyData(String input, String signatureStr) throws KeyStoreException,
CertificateException, NoSuchAlgorithmException, IOException,
UnrecoverableEntryException, InvalidKeyException, SignatureException {
//要验证的数据
byte[] data = input.getBytes();
//签名
byte[] signature;
//判断签名是否存在
if (signatureStr == null) {
Log.w(“huangxiaoguo”, “Invalid signature.”);
Log.w(“huangxiaoguo”, “Exiting verifyData()…”);
return false;
}
try {
//Base64解码字符串
signature = Base64.decode(signatureStr, Base64.DEFAULT);
} catch (IllegalArgumentException e) {
return false;
}
KeyStore ks = KeyStore.getInstance(“AndroidKeyStore”);
ks.load(null);
// Load the key pair from the Android Key Store
if (mAlias == null) {
setAlias(SAMPLE_ALIAS);
}
//从Android加载密钥对密钥存储库中
KeyStore.Entry entry = ks.getEntry(mAlias, null);
if (entry == null) {
Log.w(“huangxiaoguo”, "No key found under alias: " + mAlias);
Log.w(“huangxiaoguo”, “Exiting verifyData()…”);
return false;
}
if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
Log.w(“huangxiaoguo”, “Not an instance of a PrivateKeyEntry”);
return false;
}
Signature s = Signature.getInstance(SecurityConstants.SIGNATURE_SHA256withRSA);
// 开始校验签名
s.initVerify(((KeyStore.PrivateKeyEntry) entry).getCertificate());
s.update(data);
boolean valid = s.verify(signature);
return valid;//true 签名一致
}
/**
-
判断是否创建过秘钥
-
@return
-
@throws KeyStoreException
-
@throws CertificateException
-
@throws NoSuchAlgorithmException
-
@throws IOException
-
@throws UnrecoverableEntryException
*/
public static boolean isHaveKeyStore() {
try {
KeyStore ks = KeyStore.getInstance(“AndroidKeyStore”);
ks.load(null);
if (mAlias == null) {
setAlias(SAMPLE_ALIAS);
}
// Load the key pair from the Android Key Store
//从Android加载密钥对密钥存储库中
KeyStore.Entry entry = ks.getEntry(mAlias, null);
if (entry == null) {
return false;
}
} catch (KeyStoreException e) {
e.printStackTrace();
return false;
} catch (CertificateException e) {
e.printStackTrace();
return false;
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
return false;
} catch (IOException e) {
e.printStackTrace();
return false;
} catch (UnrecoverableEntryException e) {
e.printStackTrace();
return false;
}
return true;
}
}
package tsou.com.encryption.androidkeystoresign;
public class SecurityConstants {
public static final String KEYSTORE_PROVIDER_ANDROID_KEYSTORE = “AndroidKeyStore”;
public static final String TYPE_RSA = “RSA”;
public static final String TYPE_DSA = “DSA”;
public static final String TYPE_BKS = “BKS”;
public static final String SIGNATURE_SHA256withRSA = “SHA256withRSA”;
public static final String SIGNATURE_SHA512withRSA = “SHA512withRSA”;
}
- 执行操作
package tsou.com.encryption.activity.AndroidKeyStore;
import android.app.Activity;
import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.support.annotation.RequiresApi;
import android.support.v7.app.AppCompatActivity;
import android.text.TextUtils;
import android.view.View;
import android.widget.Button;
import android.widget.EditText;
import android.widget.TextView;
import android.widget.Toast;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import tsou.com.encryption.R;
import tsou.com.encryption.aescbc.Base64Encoder;
import tsou.com.encryption.androidkeystoresign.KeyStoneUtils;
/**
- Android AndroidKeyStore 对数据进行签名和验证
*/
public class AndroidKeyStoreActivity extends AppCompatActivity implements View.OnClickListener {
private EditText encryptionContext;
private Button encryption;
private TextView tvEncryption;
private Button decode;
private TextView tvDecode;
private Activity mActivity;
private Context mContext;
private Button encryptionNotFixed;
尾声
以薪资待遇为基础,以发展为最终目标,要在高薪资的地方,谋求最好的发展!
下面是有几位Android行业大佬对应上方技术点整理的一些进阶资料。有**Android架构视频+BATJ面试专题PDF+核心笔记等资料。希望能够帮助到大家提升技术。如果大家想要获取的话,可以私信我【666】免费获取哦**
ity mActivity;
private Context mContext;
private Button encryptionNotFixed;
尾声
以薪资待遇为基础,以发展为最终目标,要在高薪资的地方,谋求最好的发展!
下面是有几位Android行业大佬对应上方技术点整理的一些进阶资料。有**Android架构视频+BATJ面试专题PDF+核心笔记等资料。希望能够帮助到大家提升技术。如果大家想要获取的话,可以私信我【666】免费获取哦**
[外链图片转存中…(img-5N6Y3kSH-1643786387034)]
标签:KeyStore,android,return,AndroidKeyStore,import,Android,null,throws,卑微 来源: https://blog.csdn.net/m0_66264588/article/details/122769769