import org.bouncycastle.crypto.*;
import org.bouncycastle.crypto.digests.SHA1Digest;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.x509.X509V1CertificateGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import javax.security.auth.x500.X500Principal;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Date;
/**
* @Author: Flop Coder
* @Since: 6/16/14
*/
public class Main {
public static void main(String[] args) throws Exception{
byte[] nonce = "pQeYgQ28X1fhMCHahJ5Mmw==".getBytes();
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
generator.initialize(2048,random);
KeyPair keyPair = generator.generateKeyPair();
PrivateKey privateKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
/*PrivateKey privateKey = readPrivateKey();*/
byte[] signature = generateSignature(nonce, privateKey);
X509Certificate certificate = genCert(keyPair);
System.out.println(certificate.getIssuerX500Principal());
System.out.println(verify(signature, certificate.getPublicKey(), nonce));
}
public static PrivateKey readPrivateKey() throws Exception{
File file = new File("E:\\Projects\\src\\main\\resources\\certs\\server.key");
FileInputStream fis = new FileInputStream(file);
DataInputStream dis = new DataInputStream(fis);
byte[] buf = new byte[(int)file.length()];
dis.readFully(buf);
dis.close();
PKCS8EncodedKeySpec kspec = new PKCS8EncodedKeySpec(buf);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privKey = kf.generatePrivate(kspec);
return privKey;
}
public static byte[] generateSignature(byte[] msg, PrivateKey privateKey) throws CryptoException, IOException {
RSAKeyParameters privParameters = new RSAKeyParameters
(true, ((RSAPrivateKey) privateKey).getModulus(), ((RSAPrivateKey) privateKey).getPrivateExponent());
SHA1Digest digest = new SHA1Digest();
byte[] signedData;
RSADigestSigner eng = new RSADigestSigner(digest);
eng.init(true, privParameters);
eng.update(msg, 0, msg.length);
signedData = eng.generateSignature();
return signedData;
}
public static X509Certificate genCert(KeyPair keyPair) throws Exception
{
X509V3CertificateGenerator certgen = new X509V3CertificateGenerator();
Date startDate = new Date(); // time from which certificate is valid
Date expiryDate = new Date(); // time after which certificate is not valid
BigInteger serialNumber = new BigInteger("123"); // serial number for certificate
// EC public/private key pair
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=flop@gmail.com,C=Dhaka");
certGen.setSerialNumber(serialNumber);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(startDate);
certGen.setNotAfter(expiryDate);
certGen.setSubjectDN(dnName); // note: same as issuer
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA1withRSA");
X509Certificate cert = certGen.generate(keyPair.getPrivate());
return cert;
}
private static boolean verify(byte[] signature, PublicKey pubKey, byte[] paramToSign) throws Exception {
RSAKeyParameters pubParameters =
new RSAKeyParameters(false, ((RSAPublicKey) pubKey).getModulus(), ((RSAPublicKey) pubKey).getPublicExponent());
SHA1Digest digest = new SHA1Digest();
org.bouncycastle.crypto.Signer eng = new RSADigestSigner(digest);
eng.init(false, pubParameters);
eng.update(paramToSign, 0, paramToSign.length);
return eng.verifySignature(signature);
}
}
Generate X509Certificate generate and verify Signature using bouncy catsle
Sanjoy Kumer Deb
June 16, 2014
Reactions
0 Comments