一：SM2簡介

SM2是中國密碼學(xué)算法標(biāo)準(zhǔn)中的一種非對稱加密算法（包括公鑰和私鑰）。SM2主要用于數(shù)字簽名、密鑰交換和加密解密等密碼學(xué)。

• 生成秘鑰：用于生成一對公鑰和私鑰。公鑰：用于加密數(shù)據(jù)和驗(yàn)證數(shù)字簽名。私鑰：用于解密數(shù)據(jù)和生成數(shù)字簽名。
• 數(shù)字簽名：用于生成和驗(yàn)證數(shù)字簽名，可以獨(dú)立使用。數(shù)字簽名可以確保數(shù)據(jù)的完整性和身份認(rèn)證，防止數(shù)據(jù)被篡改或冒充。發(fā)送方可以使用自己的私鑰生成數(shù)字簽名，并將簽名附加在數(shù)據(jù)上發(fā)送給接收方。接收方使用發(fā)送方的公鑰來驗(yàn)證數(shù)字簽名的有效性，從而確保數(shù)據(jù)的完整性和身份認(rèn)證。
• 密鑰交換：雙方可以使用各自的私鑰和對方的公鑰來生成一個(gè)共享密鑰，用于后續(xù)的對稱加密通信。
• 加密解密：發(fā)送方使用接收方的公鑰進(jìn)行加密，接收方使用自己的私鑰進(jìn)行解密。

CFCA

二：Java

<dependency><groupId>org.apache.commons</groupId><artifactId>commons-lang3</artifactId><version>3.9</version>
</dependency><dependency><groupId>com.cfca</groupId><artifactId>SADK</artifactId><version>3.2.1.3</version>
</dependency>

public class SM2Util {private static final String PVK_FILE = ".pvk";private static final String PUB_FILE = ".puk";/*** 加密數(shù)據(jù)* @param publicKey* @param data*/public static byte[] encrypt(PublicKey publicKey, byte[] data) throws Exception {byte[] result = null;SM2Toolkit sm2Toolkit = new SM2Toolkit();SM2PublicKey sm2PublicKey = (SM2PublicKey)publicKey;result = sm2Toolkit.SM2EncryptData(sm2PublicKey, data);return result;}public static byte[] decryptString(PrivateKey privateKey, String base64Text) throws Exception {SM2Toolkit sm2Toolkit = new SM2Toolkit();SM2PrivateKey sm2PrivateKey = (SM2PrivateKey)privateKey;return sm2Toolkit.SM2DecryptData(sm2PrivateKey, BASE64Toolkit.decode(base64Text));}public static void sm4EncryptFile(String key, String inFile, String outFile) throws Exception{SM4Toolkit toolkit = new SM4Toolkit();toolkit.SM4Init(key.getBytes(), key.getBytes());toolkit.SM4EncryptFile(inFile, outFile);}public static boolean sM4DecryptFile(String key, String inFile, String outFile) throws Exception {SM4Toolkit toolkit = new SM4Toolkit();toolkit.SM4Init(key.getBytes(), key.getBytes());return toolkit.SM4DecryptFile(inFile, outFile);}/*** 簽名* @param privateKey*/public static String singnString(PrivateKey privateKey, byte[] srcBytes) throws Exception {SM2Toolkit sm2Toolkit = new SM2Toolkit();SM2PrivateKey sm2PrivateKey = (SM2PrivateKey)privateKey;String result = BASE64Toolkit.encode(sm2Toolkit.SM2Sign(sm2PrivateKey, srcBytes));return result;}public static String sm2SignFile(String filePath, String privateKeyPath) throws Exception {SM2Toolkit sm2Toolkit = new SM2Toolkit();byte[] privateBytes = readKey(privateKeyPath);SM2PrivateKey sm2PrivateKey = (SM2PrivateKey)sm2Toolkit.SM2BuildPrivateKey(BASE64Toolkit.encode(privateBytes));byte[] hash = SM3Toolkit.SM3HashFile(sm2PrivateKey.getSM2PublicKey(), filePath);String result = BASE64Toolkit.encode(BCSoftSM2.sign(hash, sm2PrivateKey.dBigInteger(), true));return result;}/*** 文件驗(yàn)簽* @param outfilePath* @param keyPath* @param singStr* @return*/public static boolean verify(String outfilePath, String keyPath, String singStr) {boolean result = false;try {SM2Toolkit toolkit = new SM2Toolkit();SM2PublicKey sm2PublicKey = (SM2PublicKey)toolkit.SM2BuildPublicKey(BASE64Toolkit.encode(readKey(keyPath)));byte[] hash = SM3Toolkit.SM3HashFile(sm2PublicKey, outfilePath);result = toolkit.SM2VerifyHash(sm2PublicKey, hash, BASE64Toolkit.decode(singStr));} catch (Exception e) {throw new RuntimeException("文件驗(yàn)簽失敗");}return result;}/*** 讀取私鑰* @param keyPath* @return*/public static SM2PrivateKey buildPrivateKey(String keyPath) throws Exception {if (!keyPath.endsWith(PVK_FILE)) {keyPath += PVK_FILE;}byte[] privateKeyByte = readKey(keyPath);SM2Toolkit sm2Toolkit = new SM2Toolkit();SM2PrivateKey sm2PrivateKey = (SM2PrivateKey)sm2Toolkit.SM2BuildPrivateKey(BASE64Toolkit.encode(privateKeyByte));return sm2PrivateKey;}/*** 讀取公鑰* @param keyPath* @return*/public static SM2PublicKey buildPublicKey(String keyPath) throws Exception {if (!keyPath.endsWith(PUB_FILE)) {keyPath += PUB_FILE;}byte[] privateKeyByte = readKey(keyPath);SM2Toolkit sm2Toolkit = new SM2Toolkit();SM2PublicKey sm2PublicKey = (SM2PublicKey)sm2Toolkit.SM2BuildPublicKey(BASE64Toolkit.encode(privateKeyByte));return sm2PublicKey;}/*** 讀取秘鑰* @param filePath*/public static byte[] readKey(String filePath) throws Exception {try(FileInputStream is = new FileInputStream(filePath)) {byte[] out = new byte[is.available()];byte[] buffer = new byte[1024];int len;for (int offset = 0; (len = is.read(buffer, 0, buffer.length)) != -1; offset += len) {System.arraycopy(buffer, 0, out, offset, len);}return out;}}public static void main(String[] args) throws Exception {SM2Toolkit toolkit = new SM2Toolkit();KeyPair keyPair = toolkit.SM2GenerateKeyPair();PublicKey publicKey = keyPair.getPublic();PrivateKey privateKey = keyPair.getPrivate();// 1. 對源文件進(jìn)行簽名（最終會作為簽名文件和數(shù)據(jù)zip一起放到新的.zip中去）String zipPath = "/Temp/data.zip";String tempZipPath = "/Temp/Activiti/data.zip";String signguare = sm2SignFile(zipPath, "xxx.pvk");// 2. 對秘鑰加密(最終將將加密的秘鑰作為壓縮包文件中的一部分)String verifyChars = "1234567890abcdefghijkmnopqrstuvwxyz";String encryptKey = RandomStringUtils.random(16, verifyChars).toUpperCase();byte[] encrypt = encrypt(buildPublicKey("/Temp/xxx.puk"), random16.getBytes());byte[] encryptKeyBytes = BASE64Toolkit.encode(encrypt).getBytes();// 3. 加密源文件sm4EncryptFile(encryptKey, zipPath, tempZipPath);// 4. 新的zip = (sign文件、秘鑰文件、加密源文件)}
}