可信计算服务的工具库有哪些功能_区块链服务(BaaS)-阿里云帮助中心

MYTF SDK 中包含密码工具库，可以帮助用户进行密钥转换、加密、签名等操作。

UserKeyFactory & CryptoUtils

用于生成公私钥对，并对公私钥进行格式转换。

// 动态引入BC
Security.addProvider(new BouncyCastleProvider());
// 本地生成密钥对 SECP256K1 曲线 EC 密钥
UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_RAW_SECP256K1_KEY);
// 本地生成密钥对 SM2P256V1 曲线 EC 密钥
UserKeyPair SMUserKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_SM2P256V1_KEY);
// 本地生成密钥对 RSA 密钥
UserKeyPair rsaUserKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.RSA_2048_KEY);
// 获取公私钥
PublicKey PKCS8Pubkey = userKeyPair.getPublicKey();
PrivateKey PKCS8Prikey = userKeyPair.getPrivateKey();
// 获取 PKCS8 格式公私钥
byte[] PKCS8PubkeyBytes = userKeyPair.getPublicKey().getEncoded();
byte[] PKCS8PrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
// 获取裸格式公私钥
byte[] pubkeyBytes = userKeyPair..getRawPrivateKey();
byte[] prikeyBytes = userKeyPair.userKeyPair.getRawPublicKey();
// 从 PKCS8 格式转成私钥
PrivateKey privateKey = CryptoUtils.getECPriKeyFromPKCS8Bytes(PKCS8Prikey.getEncoded());
// 从裸格式转成私钥
PrivateKey privateKey2 = CryptoUtils.getECPriKeyFromBytes(userKeyPair.getRawPrivateKey(),CryptoSuiteTypeEnum.SECP256K1);
// 从 PKCS8 格式转成公钥
PublicKey publicKey = CryptoUtils.getECPubKeyFromPKCS8Bytes(PKCS8Pubkey.getEncoded());
// 从裸格式转成公钥
PublicKey publicKey2 = CryptoUtils.getECPubkeyFromBytes(userKeyPair.getRawPublicKey(), CryptoSuiteTypeEnum.SECP256K1);
// 本地生成密钥对并用密码加密
String password = "1235678";
KeyDto keyDto = UserKeyFactory.generateKey(password);
// PKCS8 格式私钥
String sk = keyDto.getPrivateKey();
// 裸格式公钥
String pk = keyDto.getPublicKey();
// 加密的 PEM 格式转换获取私钥
PrivateKey userSK = CryptoUtils.getECPriKeyFromPEM(sk, password);
// Hex 的裸格式转换获取公钥
PublicKey userPK = CryptoUtils.getECPubkeyFromBytes(Hex.decode(pk), CryptoSuiteTypeEnum.SECP256K1);

ECDSATool

帮助用户本地进行 ECDSA 签名和验签。

// 在使用之前动态加入 BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地生成 SECP256K1 公私钥
UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_RAW_SECP256K1_KEY);
// 获取 PKCS8 格式公私钥
byte[] PKCS8PrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
byte[] PKCS8PubkeyBytes = userKeyPair.getPublicKey().getEncoded();
// 对 msg 进行签名和验签，需要传入 PKCS8 格式公私钥
byte[] msg = "this is test for ecdsa".getBytes();
byte[] signature =  ECDSATool.ECDSASign(msg , PKCS8PrikeyBytes);
Assert.assertTrue(ECDSATool.ECDSAVerify(msg ,PKCS8PubkeyBytes, signature));
// 对 msg 进行签名和验签，需要先对内容进行哈希，并传入裸格式公私钥
byte[] sha256msg =  Hash.sha256(msg);
byte[] signature2 =  ECDSATool.sign(sha256msg , userKeyPair.getRawPrivateKey());
Assert.assertTrue(ECDSATool.verify(sha256msg , userKeyPair.getRawPublicKey(), signature2));

ECIESTool

帮助用户本地进行 ECIES 加密和解密。

// 在使用之前动态加入BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地模拟生成 tapp 的公私钥和用户的公私钥
UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
UserKeyPair tappKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
// 获取 PKCS8 格式公私钥
byte[] userPrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
byte[] userPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
// 获取 PKCS8 格式公私钥
byte[] tappPrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
byte[] tappPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
String plainText = "this is test for ecies";
byte[] ciphertext = ECIESTool.ECIESEncrypt(tappPubkeyBytes, userPrikeyBytes, plainText.getBytes());
byte[] decrypted = ECIESTool.ECIESDecrypt(userPubkeyBytes, tappPrikeyBytes, ciphertext);

ECElgamalTool

帮助用户在本地进行 ECElamal 加密解密。

// 在使用之前动态加入 BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 模拟三方分别生成公私钥对
UserKeyPair user1Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
UserKeyPair user2Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
UserKeyPair user3Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
// 分别获取三方的公钥
String[] publicKeys = new String[3];
publicKeys[0] = Base64.toBase64String(user1Keypair.getRawPublicKey());
publicKeys[1] = Base64.toBase64String(user2Keypair.getRawPublicKey());
publicKeys[2] = Base64.toBase64String(user3Keypair.getRawPublicKey());
// 用三把公钥对内容进行加密
String plainText = "this is test for ecelgamal";
byte[] ciphertext = ECElgamalTool.ECElgamalEncrypt(CryptoSuiteTypeEnum.SECP256K1, publicKeys, plainText.getBytes());
// 解密方用自己的裸私钥进行解密
byte[] user3PrikeyBytes = user3Keypair.getRawPrivateKey();
byte[] decrypted = ECElgamalTool.ECElgamalDecrypt(CryptoSuiteTypeEnum.SECP256K1, user3PrikeyBytes, ciphertext);

RSATool

帮助用户在本地进行 RSA 签名验签。

// 本地生成RSA公私钥
UserKeyPair rsaKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.RSA_2048_KEY);
String plain = "this is test for RSASign";
// 获取PKCS8格式公私钥
byte[] userPrikeyBytes = rsaKeypair.getPrivateKey().getEncoded();
byte[] userPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
byte[] sig = RSATool.RSASign(plain.getBytes(), userPrikeyBytes);
Assert.assertTrue(RSATool.RSAVerify(plain.getBytes(), sig, userPubkeyBytes));

SM2Tool

帮助用户进行国密算法签名验签和加密解密。

// 在使用之前动态加入 BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地生成SM2P256V1公私钥
UserKeyPair signKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_SM2P256V1_KEY);
UserKeyPair enckeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
// 获取裸格式公私钥
byte[] userSignPrikeyBytes = signKeypair.getRawPrivateKey();
byte[] userSignPubkeyBytes = signKeypair.getRawPublicKey();
// 获取裸格式公私钥
byte[] userEncPrikeyBytes = signKeypair.getRawPrivateKey();
byte[] userEncPubkeyBytes = signKeypair.getRawPublicKey();
// 用 SM2P256V1 公私钥进行签名和验签
String plainText = "this is test for sm2";
byte[] signature = SM2Tool.SM2Sign(userSignPrikeyBytes, plainText);
Assert.assertTrue(SM2Tool.SM2Verify(userSignPubkeyBytes, plainText, signature));
// 用 SM2P256V1 公私钥进行加密和解密
byte[] cipherText = SM2Tool.SM4GCMSM2Encrypt(userEncPubkeyBytes, plainText);
byte[] plainText2 = SM2Tool.SM4GCMSM2Decrypt(userEncPrikeyBytes, cipherText);
Assert.assertTrue(Arrays.equals(plainText, plainText2));

EnvelopeUtils

帮助用户构造和打开 TAPP 信封。

// 在使用之前动态加入BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地模拟生成用户和 TAPP 的 SECP256K1 公私钥
UserKeyPair userKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
UserKeyPair tappKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
// 获取用户 PKCS8 格式公私钥
byte[] userPrikeyBytes = userKeypair.getPrivateKey().getEncoded();
byte[] userPubkeyBytes = userKeypair.getPublicKey().getEncoded();
// 获取 TAPP PKCS8 格式公私钥
byte[] tappPrikeyBytes = tappKeypair.getPrivateKey().getEncoded();
byte[] tappPubkeyBytes = tappKeypair.getPublicKey().getEncoded();
// 用户对内容打包成加密信封
String plainText = "this is test for envelope";
byte[] tappEnvelope = EnvelopeUtils.buildTappEnvelope(tappPubkeyBytes, userPrikeyBytes, plainText.getBytes());
// TAPP 对用户加密信封解密
byte[] envelopeRecoverPlainData = EnvelopeUtils.openTappEnvelope(userPubkeyBytes, tappPrikeyBytes, tappEnvelope);
// 本地模拟生成用户和 TAPP 的 SM2P256V1 公私钥
UserKeyPair userSM2keyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
UserKeyPair tappSM2Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
// 获取用户裸格式公私钥
byte[] userSMPrikeyBytes = userSM2keyPair.getRawPrivateKey();
byte[] userSMPubkeyBytes = userSM2keyPair.getRawPublicKey();
// 获取 TAPP 裸格式公私钥
byte[] tappSMPrikeyBytes = tappSM2Keypair.getRawPrivateKey();
byte[] tappSMPubkeyBytes = tappSM2Keypair.getRawPublicKey();
// 用户对内容使用国密算法打包成加密信封
byte[] tappSMEnvelope = EnvelopeUtils.buildSMTappEnvelope(tappSMPubkeyBytes, userSMPrikeyBytes, plainText);
// TAPP 对用户加密信封解密
byte[] recoveredPlain = EnvelopeUtils.openSMTappEnvelope(tappSMPrikeyBytes, userSMPubkeyBytes, tappSMEnvelope);