• 日期: 2026-03-16
  • 标签: 常规

Java 中的 SM2 签名验签需要使用 Bouncy Castle 库中的 SM2 算法实现。以下是一个简单的示例代码:

签名:

import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.generators.ECKeyPairGenerator;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECKeyGenerationParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECPoint;

import java.security.Security;
import java.util.Base64;

public class SM2Utils {

    /**
     * 生成 SM2 密钥对
     *
     * @return 密钥对
     */
    public static AsymmetricCipherKeyPair generateKeyPair() {
        Security.addProvider(new BouncyCastleProvider());
        ECKeyPairGenerator gen = new ECKeyPairGenerator();
        ECDomainParameters ecSpec = ECDomainParametersUtil.getSM2Parameters();
        ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(ecSpec, null);
        gen.init(keygenParams);
        return gen.generateKeyPair();
    }

    /**
     * SM2 签名
     *
     * @param data      待签名数据
     * @param privateKey 私钥
     * @return 签名结果
     */
    public static String sign(byte[] data, ECPrivateKeyParameters privateKey) {
        SM2Signer signer = new SM2Signer();
        CipherParameters param = new SM2Signer.Parameters(privateKey.getParameters());
        signer.init(true, param);
        signer.update(data, 0, data.length);
        byte[] signature = signer.generateSignature();
        return Base64.getEncoder().encodeToString(signature);
    }
}

验签:

import org.bouncycastle.crypto.digests.SM3Digest;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.math.ec.ECPoint;

import java.security.Security;
import java.util.Base64;

public class SM2Utils {

    /**
     * SM2 验签
     *
     * @param data     待验签数据
     * @param sign     签名结果
     * @param publicKey 公钥
     * @return 验签结果
     */
    public static boolean verify(byte[] data, byte[] sign, ECPublicKeyParameters publicKey) {
        SM2Signer signer = new SM2Signer();
        CipherParameters param = new SM2Signer.Parameters(publicKey.getParameters());
        signer.init(false, param);
        signer.update(data, 0, data.length);
        return signer.verifySignature(sign);
    }
}

使用示例:

import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;

import java.util.Base64;

public class Main {

    public static void main(String[] args) {
        // 生成密钥对
        AsymmetricCipherKeyPair keyPair = SM2Utils.generateKeyPair();
        ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters) keyPair.getPrivate();
        ECPublicKeyParameters publicKey = (ECPublicKeyParameters) keyPair.getPublic();

        // 待签名数据
        byte[] data = 'Hello, world!'.getBytes();

        // 签名
        String sign = SM2Utils.sign(data, privateKey);
        System.out.println('签名结果:' + sign);

        // 验签
        boolean verifyResult = SM2Utils.verify(data, Base64.getDecoder().decode(sign), publicKey);
        System.out.println('验签结果:' + verifyResult);
    }
}
Java SM2 签名验签 - 使用 Bouncy Castle 库实现

原文地址: https://www.cveoy.top/t/topic/mV7y 著作权归作者所有。请勿转载和采集!

免费AI点我,无需注册和登录