MYTF SDK 中包含密碼工具庫，可以幫助用戶進(jìn)行密鑰轉(zhuǎn)換、加密、簽名等操作。

UserKeyFactory & CryptoUtils

用于生成公私鑰對，并對公私鑰進(jìn)行格式轉(zhuǎn)換。

// 動態(tài)引入BC
Security.addProvider(new BouncyCastleProvider());
// 本地生成密鑰對 SECP256K1 曲線 EC 密鑰
UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_RAW_SECP256K1_KEY);
// 本地生成密鑰對 SM2P256V1 曲線 EC 密鑰
UserKeyPair SMUserKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_SM2P256V1_KEY);
// 本地生成密鑰對 RSA 密鑰
UserKeyPair rsaUserKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.RSA_2048_KEY);
// 獲取公私鑰
PublicKey PKCS8Pubkey = userKeyPair.getPublicKey();
PrivateKey PKCS8Prikey = userKeyPair.getPrivateKey();
// 獲取 PKCS8 格式公私鑰
byte[] PKCS8PubkeyBytes = userKeyPair.getPublicKey().getEncoded();
byte[] PKCS8PrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
// 獲取裸格式公私鑰
byte[] pubkeyBytes = userKeyPair..getRawPrivateKey();
byte[] prikeyBytes = userKeyPair.userKeyPair.getRawPublicKey();
// 從 PKCS8 格式轉(zhuǎn)成私鑰
PrivateKey privateKey = CryptoUtils.getECPriKeyFromPKCS8Bytes(PKCS8Prikey.getEncoded());
// 從裸格式轉(zhuǎn)成私鑰
PrivateKey privateKey2 = CryptoUtils.getECPriKeyFromBytes(userKeyPair.getRawPrivateKey(),CryptoSuiteTypeEnum.SECP256K1);
// 從 PKCS8 格式轉(zhuǎn)成公鑰
PublicKey publicKey = CryptoUtils.getECPubKeyFromPKCS8Bytes(PKCS8Pubkey.getEncoded());
// 從裸格式轉(zhuǎn)成公鑰
PublicKey publicKey2 = CryptoUtils.getECPubkeyFromBytes(userKeyPair.getRawPublicKey(), CryptoSuiteTypeEnum.SECP256K1);
// 本地生成密鑰對并用密碼加密
String password = "1235678";
KeyDto keyDto = UserKeyFactory.generateKey(password);
// PKCS8 格式私鑰
String sk = keyDto.getPrivateKey();
// 裸格式公鑰
String pk = keyDto.getPublicKey();
// 加密的 PEM 格式轉(zhuǎn)換獲取私鑰
PrivateKey userSK = CryptoUtils.getECPriKeyFromPEM(sk, password);
// Hex 的裸格式轉(zhuǎn)換獲取公鑰
PublicKey userPK = CryptoUtils.getECPubkeyFromBytes(Hex.decode(pk), CryptoSuiteTypeEnum.SECP256K1);

ECDSATool

幫助用戶本地進(jìn)行 ECDSA 簽名和驗(yàn)簽。

// 在使用之前動態(tài)加入 BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地生成 SECP256K1 公私鑰
UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_RAW_SECP256K1_KEY);
// 獲取 PKCS8 格式公私鑰
byte[] PKCS8PrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
byte[] PKCS8PubkeyBytes = userKeyPair.getPublicKey().getEncoded();
// 對 msg 進(jìn)行簽名和驗(yàn)簽，需要傳入 PKCS8 格式公私鑰
byte[] msg = "this is test for ecdsa".getBytes();
byte[] signature =  ECDSATool.ECDSASign(msg , PKCS8PrikeyBytes);
Assert.assertTrue(ECDSATool.ECDSAVerify(msg ,PKCS8PubkeyBytes, signature));
// 對 msg 進(jìn)行簽名和驗(yàn)簽，需要先對內(nèi)容進(jìn)行哈希，并傳入裸格式公私鑰
byte[] sha256msg =  Hash.sha256(msg);
byte[] signature2 =  ECDSATool.sign(sha256msg , userKeyPair.getRawPrivateKey());
Assert.assertTrue(ECDSATool.verify(sha256msg , userKeyPair.getRawPublicKey(), signature2));

ECIESTool

幫助用戶本地進(jìn)行 ECIES 加密和解密。

// 在使用之前動態(tài)加入BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地模擬生成 tapp 的公私鑰和用戶的公私鑰
UserKeyPair userKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
UserKeyPair tappKeyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
// 獲取 PKCS8 格式公私鑰
byte[] userPrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
byte[] userPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
// 獲取 PKCS8 格式公私鑰
byte[] tappPrikeyBytes = userKeyPair.getPrivateKey().getEncoded();
byte[] tappPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
String plainText = "this is test for ecies";
byte[] ciphertext = ECIESTool.ECIESEncrypt(tappPubkeyBytes, userPrikeyBytes, plainText.getBytes());
byte[] decrypted = ECIESTool.ECIESDecrypt(userPubkeyBytes, tappPrikeyBytes, ciphertext);

ECElgamalTool

幫助用戶在本地進(jìn)行 ECElamal 加密解密。

// 在使用之前動態(tài)加入 BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 模擬三方分別生成公私鑰對
UserKeyPair user1Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
UserKeyPair user2Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
UserKeyPair user3Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECELGAMAL_SECP256K1_KEY);
// 分別獲取三方的公鑰
String[] publicKeys = new String[3];
publicKeys[0] = Base64.toBase64String(user1Keypair.getRawPublicKey());
publicKeys[1] = Base64.toBase64String(user2Keypair.getRawPublicKey());
publicKeys[2] = Base64.toBase64String(user3Keypair.getRawPublicKey());
// 用三把公鑰對內(nèi)容進(jìn)行加密
String plainText = "this is test for ecelgamal";
byte[] ciphertext = ECElgamalTool.ECElgamalEncrypt(CryptoSuiteTypeEnum.SECP256K1, publicKeys, plainText.getBytes());
// 解密方用自己的裸私鑰進(jìn)行解密
byte[] user3PrikeyBytes = user3Keypair.getRawPrivateKey();
byte[] decrypted = ECElgamalTool.ECElgamalDecrypt(CryptoSuiteTypeEnum.SECP256K1, user3PrikeyBytes, ciphertext);

RSATool

幫助用戶在本地進(jìn)行 RSA 簽名驗(yàn)簽。

// 本地生成RSA公私鑰
UserKeyPair rsaKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.RSA_2048_KEY);
String plain = "this is test for RSASign";
// 獲取PKCS8格式公私鑰
byte[] userPrikeyBytes = rsaKeypair.getPrivateKey().getEncoded();
byte[] userPubkeyBytes = userKeyPair.getPublicKey().getEncoded();
byte[] sig = RSATool.RSASign(plain.getBytes(), userPrikeyBytes);
Assert.assertTrue(RSATool.RSAVerify(plain.getBytes(), sig, userPubkeyBytes));

SM2Tool

幫助用戶進(jìn)行國密算法簽名驗(yàn)簽和加密解密。

// 在使用之前動態(tài)加入 BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地生成SM2P256V1公私鑰
UserKeyPair signKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECDSA_SM2P256V1_KEY);
UserKeyPair enckeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
// 獲取裸格式公私鑰
byte[] userSignPrikeyBytes = signKeypair.getRawPrivateKey();
byte[] userSignPubkeyBytes = signKeypair.getRawPublicKey();
// 獲取裸格式公私鑰
byte[] userEncPrikeyBytes = signKeypair.getRawPrivateKey();
byte[] userEncPubkeyBytes = signKeypair.getRawPublicKey();
// 用 SM2P256V1 公私鑰進(jìn)行簽名和驗(yàn)簽
String plainText = "this is test for sm2";
byte[] signature = SM2Tool.SM2Sign(userSignPrikeyBytes, plainText);
Assert.assertTrue(SM2Tool.SM2Verify(userSignPubkeyBytes, plainText, signature));
// 用 SM2P256V1 公私鑰進(jìn)行加密和解密
byte[] cipherText = SM2Tool.SM4GCMSM2Encrypt(userEncPubkeyBytes, plainText);
byte[] plainText2 = SM2Tool.SM4GCMSM2Decrypt(userEncPrikeyBytes, cipherText);
Assert.assertTrue(Arrays.equals(plainText, plainText2));

EnvelopeUtils

幫助用戶構(gòu)造和打開 TAPP 信封。

// 在使用之前動態(tài)加入BouncyCastle Provider
Security.addProvider(new BouncyCastleProvider());
// 本地模擬生成用戶和 TAPP 的 SECP256K1 公私鑰
UserKeyPair userKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
UserKeyPair tappKeypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.ECIES_SECP256K1_KEY);
// 獲取用戶 PKCS8 格式公私鑰
byte[] userPrikeyBytes = userKeypair.getPrivateKey().getEncoded();
byte[] userPubkeyBytes = userKeypair.getPublicKey().getEncoded();
// 獲取 TAPP PKCS8 格式公私鑰
byte[] tappPrikeyBytes = tappKeypair.getPrivateKey().getEncoded();
byte[] tappPubkeyBytes = tappKeypair.getPublicKey().getEncoded();
// 用戶對內(nèi)容打包成加密信封
String plainText = "this is test for envelope";
byte[] tappEnvelope = EnvelopeUtils.buildTappEnvelope(tappPubkeyBytes, userPrikeyBytes, plainText.getBytes());
// TAPP 對用戶加密信封解密
byte[] envelopeRecoverPlainData = EnvelopeUtils.openTappEnvelope(userPubkeyBytes, tappPrikeyBytes, tappEnvelope);
// 本地模擬生成用戶和 TAPP 的 SM2P256V1 公私鑰
UserKeyPair userSM2keyPair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
UserKeyPair tappSM2Keypair = UserKeyFactory.generateKeyPair(KeyTypeEnum.SM4GCM_SM2P256V1_KEY);
// 獲取用戶裸格式公私鑰
byte[] userSMPrikeyBytes = userSM2keyPair.getRawPrivateKey();
byte[] userSMPubkeyBytes = userSM2keyPair.getRawPublicKey();
// 獲取 TAPP 裸格式公私鑰
byte[] tappSMPrikeyBytes = tappSM2Keypair.getRawPrivateKey();
byte[] tappSMPubkeyBytes = tappSM2Keypair.getRawPublicKey();
// 用戶對內(nèi)容使用國密算法打包成加密信封
byte[] tappSMEnvelope = EnvelopeUtils.buildSMTappEnvelope(tappSMPubkeyBytes, userSMPrikeyBytes, plainText);
// TAPP 對用戶加密信封解密
byte[] recoveredPlain = EnvelopeUtils.openSMTappEnvelope(tappSMPrikeyBytes, userSMPubkeyBytes, tappSMEnvelope);