ECDSA(椭圆曲线数字签名算法:Elliptic Curve Digital Signatrue Algorithm)是用于数字签名,是ECC与DSA的结合,整个签名过程与DSA类似,所不一样的是签名中采取的算法为ECC,最后签名出来的值也是分为r,s。而ECC(全称Elliptic Curves Cryptography)是一种椭圆曲线密码编码学。
ECDH每次用一个固定的DH key,导致不能向前保密(forward secrecy),所以一般都是用ECDHE(ephemeral)或其他版本的ECDH算法。ECDH则是基于ECC的DH( Diffie-Hellman)密钥交换算法。
ECC与RSA 相比,有以下的优点:
a. 相同密钥长度下,安全性能更高,如160位ECC已经与1024位RSA、DSA有相同的安全强度。
b. 计算量小,处理速度快,在私钥的处理速度上(解密和签名),ECC远 比RSA、DSA快得多。
c. 存储空间占用小 ECC的密钥尺寸和系统参数与RSA、DSA相比要小得多, 所以占用的存储空间小得多。
d. 带宽要求低使得ECC具有广泛得应用前景。
具体算法种类如下图:
示例代码:
import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.interfaces.ECPrivateKey; import java.security.interfaces.ECPublicKey; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; public class HelloECDSA { private final static String SIGNATURE_ALGORITHM = "EC"; private final static String KEY_ALGORITHM = "SHA1withECDSA"; private final static String src = "Hello World"; public static void main(String[] args) { jdkEC(); } public static void jdkEC() { try { //1.初始化密钥 KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(SIGNATURE_ALGORITHM); keyPairGenerator.initialize(256); // 位 KeyPair keyPair = keyPairGenerator.generateKeyPair(); ECPublicKey rsaPublicKey = (ECPublicKey)keyPair.getPublic(); //公钥 ECPrivateKey rsaPrivateKey = (ECPrivateKey)keyPair.getPrivate(); //私钥 //2.执行签名 //PKCS8EncodedKeySpec类表示私钥的ASN.1编码。 PKCS8EncodedKeySpec pkcs8EncodedKeySpec = new PKCS8EncodedKeySpec(rsaPrivateKey.getEncoded()); KeyFactory keyFactory = KeyFactory.getInstance(SIGNATURE_ALGORITHM); PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec); //签名 Signature signature = Signature.getInstance(KEY_ALGORITHM); signature.initSign(privateKey); signature.update(src.getBytes()); byte[] result = signature.sign(); System.out.println("jdk "+SIGNATURE_ALGORITHM+" sign : " + bytesToHexString(result)); //3.验证签名 //X509EncodedKeySpec类表示根据ASN.1类型SubjectPublicKeyInfo编码的公钥的ASN.1编码。 X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(rsaPublicKey.getEncoded()); keyFactory = KeyFactory.getInstance(SIGNATURE_ALGORITHM); PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec); //验签 signature = Signature.getInstance(KEY_ALGORITHM); signature.initVerify(publicKey); signature.update(src.getBytes()); boolean bool = signature.verify(result); System.out.println("jdk "+SIGNATURE_ALGORITHM+" verify : " + bool); } catch (Exception e) { e.printStackTrace(); } } /** * byte[] 转 16进制 */ private static String bytesToHexString(byte[] src) { StringBuilder stringBuilder = new StringBuilder(); if (src == null || src.length <= 0) { return null; } for (int i = 0; i < src.length; i++) { int v = src[i] & 0xFF; String hv = Integer.toHexString(v); if (hv.length() < 2) { stringBuilder.append(0); } stringBuilder.append(hv); } return stringBuilder.toString(); } }参考文章:
openssl 摘要和签名验证指令dgst使用详解
Java实现数字签名
数字签名算法介绍和区别