MYTF SDK 中包含密码工具库,可以帮助用户进行密钥转换、加密、签名等操作。

UserKeyFactory & CryptoUtils

用于生成公私钥对,并对公私钥进行格式转换。

  1. // 动态引入BC
  2. Security.addProvider(new BouncyCastleProvider());
  3. // 本地生成密钥对 SECP256K1 曲线 EC 密钥
  4. UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_RAW_SECP256K1_KEY);
  5. // 本地生成密钥对 SM2P256V1 曲线 EC 密钥
  6. UserKeyPair SMUserKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_SM2P256V1_KEY);
  7. // 本地生成密钥对 RSA 密钥
  8. UserKeyPair rsaUserKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.RSA_2048_KEY);
  9. // 获取公私钥
  10. PublicKey PKCS8Pubkey = userKeyPair.getPublicKey();
  11. PrivateKey PKCS8Prikey = userKeyPair.getPrivateKey();
  12. // 获取 PKCS8 格式公私钥
  13. byte[] PKCS8PubkeyBytes = userKeyPair.getPublicKey().getEncoded();
  14. byte[] PKCS8PrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
  15. // 获取裸格式公私钥
  16. byte[] pubkeyBytes = userKeyPair..getRawPrivateKey();
  17. byte[] prikeyBytes = userKeyPair.userKeyPair.getRawPublicKey();
  18. // 从 PKCS8 格式转成私钥
  19. PrivateKey privateKey = CryptoUtils.getECPriKeyFromPKCS8Bytes(PKCS8Prikey.getEncoded());
  20. // 从裸格式转成私钥
  21. PrivateKey privateKey2 = CryptoUtils.getECPriKeyFromBytes(userKeyPair.getRawPrivateKey(),CryptoSuiteTypeEnum.SECP256K1);
  22. // 从 PKCS8 格式转成公钥
  23. PublicKey publicKey = CryptoUtils.getECPubKeyFromPKCS8Bytes(PKCS8Pubkey.getEncoded());
  24. // 从裸格式转成公钥
  25. PublicKey publicKey2 = CryptoUtils.getECPubkeyFromBytes(userKeyPair.getRawPublicKey(), CryptoSuiteTypeEnum.SECP256K1);
  26. // 本地生成密钥对并用密码加密
  27. String password = "1235678";
  28. KeyDto keyDto = UserKeyFactory.generateKey(password);
  29. // PKCS8 格式私钥
  30. String sk = keyDto.getPrivateKey();
  31. // 裸格式公钥
  32. String pk = keyDto.getPublicKey();
  33. // 加密的 PEM 格式转换获取私钥
  34. PrivateKey userSK = CryptoUtils.getECPriKeyFromPEM(sk, password);
  35. // Hex 的裸格式转换获取公钥
  36. PublicKey userPK = CryptoUtils.getECPubkeyFromBytes(Hex.decode(pk), CryptoSuiteTypeEnum.SECP256K1);

ECDSATool

帮助用户本地进行 ECDSA 签名和验签。

  1. // 在使用之前动态加入 BouncyCastle Provider
  2. Security.addProvider(new BouncyCastleProvider());
  3. // 本地生成 SECP256K1 公私钥
  4. UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_RAW_SECP256K1_KEY);
  5. // 获取 PKCS8 格式公私钥
  6. byte[] PKCS8PrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
  7. byte[] PKCS8PubkeyBytes = userKeyPair.getPublicKey().getEncoded();
  8. // 对 msg 进行签名和验签,需要传入 PKCS8 格式公私钥
  9. byte[] msg = "this is test for ecdsa".getBytes();
  10. byte[] signature = ECDSATool.ECDSASign(msg , PKCS8PrikeyBytes);
  11. Assert.assertTrue(ECDSATool.ECDSAVerify(msg ,PKCS8PubkeyBytes, signature));
  12. // 对 msg 进行签名和验签,需要先对内容进行哈希,并传入裸格式公私钥
  13. byte[] sha256msg = Hash.sha256(msg);
  14. byte[] signature2 = ECDSATool.sign(sha256msg , userKeyPair.getRawPrivateKey());
  15. Assert.assertTrue(ECDSATool.verify(sha256msg , userKeyPair.getRawPublicKey(), signature2));

ECIESTool

帮助用户本地进行 ECIES 加密和解密。

  1. // 在使用之前动态加入BouncyCastle Provider
  2. Security.addProvider(new BouncyCastleProvider());
  3. // 本地模拟生成 tapp 的公私钥和用户的公私钥
  4. UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
  5. UserKeyPair tappKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
  6. // 获取 PKCS8 格式公私钥
  7. byte[] userPrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
  8. byte[] userPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
  9. // 获取 PKCS8 格式公私钥
  10. byte[] tappPrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
  11. byte[] tappPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
  12. String plainText = "this is test for ecies";
  13. byte[] ciphertext = ECIESTool.ECIESEncrypt(tappPubkeyBytes, userPrikeyBytes, plainText.getBytes());
  14. byte[] decrypted = ECIESTool.ECIESDecrypt(userPubkeyBytes, tappPrikeyBytes, ciphertext);

ECElgamalTool

帮助用户在本地进行 ECElamal 加密解密。

  1. // 在使用之前动态加入 BouncyCastle Provider
  2. Security.addProvider(new BouncyCastleProvider());
  3. // 模拟三方分别生成公私钥对
  4. UserKeyPair user1Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
  5. UserKeyPair user2Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
  6. UserKeyPair user3Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
  7. // 分别获取三方的公钥
  8. String[] publicKeys = new String[3];
  9. publicKeys[0] = Base64.toBase64String(user1Keypair.getRawPublicKey());
  10. publicKeys[1] = Base64.toBase64String(user2Keypair.getRawPublicKey());
  11. publicKeys[2] = Base64.toBase64String(user3Keypair.getRawPublicKey());
  12. // 用三把公钥对内容进行加密
  13. String plainText = "this is test for ecelgamal";
  14. byte[] ciphertext = ECElgamalTool.ECElgamalEncrypt(CryptoSuiteTypeEnum.SECP256K1, publicKeys, plainText.getBytes());
  15. // 解密方用自己的裸私钥进行解密
  16. byte[] user3PrikeyBytes = user3Keypair.getRawPrivateKey();
  17. byte[] decrypted = ECElgamalTool.ECElgamalDecrypt(CryptoSuiteTypeEnum.SECP256K1, user3PrikeyBytes, ciphertext);

RSATool

帮助用户在本地进行 RSA 签名验签。

  1. // 本地生成RSA公私钥
  2. UserKeyPair rsaKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.RSA_2048_KEY);
  3. String plain = "this is test for RSASign";
  4. // 获取PKCS8格式公私钥
  5. byte[] userPrikeyBytes = rsaKeypair.getPrivateKey().getEncoded();
  6. byte[] userPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
  7. byte[] sig = RSATool.RSASign(plain.getBytes(), userPrikeyBytes);
  8. Assert.assertTrue(RSATool.RSAVerify(plain.getBytes(), sig, userPubkeyBytes));

SM2Tool

帮助用户进行国密算法签名验签和加密解密。

  1. // 在使用之前动态加入 BouncyCastle Provider
  2. Security.addProvider(new BouncyCastleProvider());
  3. // 本地生成SM2P256V1公私钥
  4. UserKeyPair signKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_SM2P256V1_KEY);
  5. UserKeyPair enckeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
  6. // 获取裸格式公私钥
  7. byte[] userSignPrikeyBytes = signKeypair.getRawPrivateKey();
  8. byte[] userSignPubkeyBytes = signKeypair.getRawPublicKey();
  9. // 获取裸格式公私钥
  10. byte[] userEncPrikeyBytes = signKeypair.getRawPrivateKey();
  11. byte[] userEncPubkeyBytes = signKeypair.getRawPublicKey();
  12. // 用 SM2P256V1 公私钥进行签名和验签
  13. String plainText = "this is test for sm2";
  14. byte[] signature = SM2Tool.SM2Sign(userSignPrikeyBytes, plainText);
  15. Assert.assertTrue(SM2Tool.SM2Verify(userSignPubkeyBytes, plainText, signature));
  16. // 用 SM2P256V1 公私钥进行加密和解密
  17. byte[] cipherText = SM2Tool.SM4GCMSM2Encrypt(userEncPubkeyBytes, plainText);
  18. byte[] plainText2 = SM2Tool.SM4GCMSM2Decrypt(userEncPrikeyBytes, cipherText);
  19. Assert.assertTrue(Arrays.equals(plainText, plainText2));

EnvelopeUtils

帮助用户构造和打开 TAPP 信封。

  1. // 在使用之前动态加入BouncyCastle Provider
  2. Security.addProvider(new BouncyCastleProvider());
  3. // 本地模拟生成用户和 TAPP 的 SECP256K1 公私钥
  4. UserKeyPair userKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
  5. UserKeyPair tappKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
  6. // 获取用户 PKCS8 格式公私钥
  7. byte[] userPrikeyBytes = userKeypair.getPrivateKey().getEncoded();
  8. byte[] userPubkeyBytes = userKeypair.getPublicKey().getEncoded();
  9. // 获取 TAPP PKCS8 格式公私钥
  10. byte[] tappPrikeyBytes = tappKeypair.getPrivateKey().getEncoded();
  11. byte[] tappPubkeyBytes = tappKeypair.getPublicKey().getEncoded();
  12. // 用户对内容打包成加密信封
  13. String plainText = "this is test for envelope";
  14. byte[] tappEnvelope = EnvelopeUtils.buildTappEnvelope(tappPubkeyBytes, userPrikeyBytes, plainText.getBytes());
  15. // TAPP 对用户加密信封解密
  16. byte[] envelopeRecoverPlainData = EnvelopeUtils.openTappEnvelope(userPubkeyBytes, tappPrikeyBytes, tappEnvelope);
  17. // 本地模拟生成用户和 TAPP 的 SM2P256V1 公私钥
  18. UserKeyPair userSM2keyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
  19. UserKeyPair tappSM2Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
  20. // 获取用户裸格式公私钥
  21. byte[] userSMPrikeyBytes = userSM2keyPair.getRawPrivateKey();
  22. byte[] userSMPubkeyBytes = userSM2keyPair.getRawPublicKey();
  23. // 获取 TAPP 裸格式公私钥
  24. byte[] tappSMPrikeyBytes = tappSM2Keypair.getRawPrivateKey();
  25. byte[] tappSMPubkeyBytes = tappSM2Keypair.getRawPublicKey();
  26. // 用户对内容使用国密算法打包成加密信封
  27. byte[] tappSMEnvelope = EnvelopeUtils.buildSMTappEnvelope(tappSMPubkeyBytes, userSMPrikeyBytes, plainText);
  28. // TAPP 对用户加密信封解密
  29. byte[] recoveredPlain = EnvelopeUtils.openSMTappEnvelope(tappSMPrikeyBytes, userSMPubkeyBytes, tappSMEnvelope);