Class EcdsaSignature

java.lang.Object
cloud.opencode.base.crypto.signature.EcdsaSignature
All Implemented Interfaces:
SignatureEngine
public final class EcdsaSignature extends Object implements SignatureEngine
ECDSA signature implementation - Elliptic Curve Digital Signature Algorithm ECDSA 签名实现 - 椭圆曲线数字签名算法

ECDSA provides strong security with smaller key sizes compared to RSA. Commonly used curves are P-256, P-384, and P-521. ECDSA 提供比 RSA 更小的密钥大小和强大的安全性。常用曲线为 P-256、P-384 和 P-521。

Features | 主要功能:

  • ECDSA with P-256, P-384, P-521 - ECDSA(P-256、P-384、P-521)
  • SHA-256/384/512 digest algorithms - SHA-256/384/512 摘要算法

Usage Examples | 使用示例:

EcdsaSignature ecdsa = EcdsaSignature.p256();
ecdsa.setPrivateKey(privateKey);
byte[] sig = ecdsa.sign(data);

Security | 安全性:

  • Thread-safe: No - 线程安全: 否
  • Null-safe: Yes - 空值安全: 是
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    doSign()
    Complete the multi-part signing operation 完成多部分签名操作
    String
    doSignBase64()
    Complete the multi-part signing and return Base64 signature 完成多部分签名并返回 Base64 签名
    boolean
    doVerify(byte[] signature)
    Complete the multi-part verification operation 完成多部分验证操作
    String
    getAlgorithm()
    Get the signature algorithm name 获取签名算法名称
    CurveType
    getCurveType()
    Get the curve type 获取曲线类型
    PrivateKey
    getPrivateKey()
    Get the private key 获取私钥
    PublicKey
    getPublicKey()
    Get the public key 获取公钥
    static EcdsaSignature
    p256()
    Create ECDSA signature with P-256 curve (SHA-256, recommended for most uses) 创建使用 P-256 曲线的 ECDSA 签名(SHA-256,推荐用于大多数场景)
    static EcdsaSignature
    p256WithGeneratedKeyPair()
    Create ECDSA P-256 signature with generated key pair 创建带有生成密钥对的 ECDSA P-256 签名
    static EcdsaSignature
    p384()
    Create ECDSA signature with P-384 curve (SHA-384, higher security) 创建使用 P-384 曲线的 ECDSA 签名(SHA-384,更高安全性)
    static EcdsaSignature
    p384WithGeneratedKeyPair()
    Create ECDSA P-384 signature with generated key pair 创建带有生成密钥对的 ECDSA P-384 签名
    static EcdsaSignature
    p521()
    Create ECDSA signature with P-521 curve (SHA-512, maximum security) 创建使用 P-521 曲线的 ECDSA 签名(SHA-512,最高安全性)
    static EcdsaSignature
    p521WithGeneratedKeyPair()
    Create ECDSA P-521 signature with generated key pair 创建带有生成密钥对的 ECDSA P-521 签名
    SignatureEngine
    setKeyPair(KeyPair keyPair)
    Set both keys from a key pair 从密钥对设置公私钥
    SignatureEngine
    setPrivateKey(byte[] encodedKey)
    Set the private key from encoded bytes 从编码字节设置私钥
    SignatureEngine
    setPrivateKey(PrivateKey privateKey)
    Set the private key for signing operations 设置用于签名操作的私钥
    SignatureEngine
    setPrivateKeyPem(String pem)
    Set the private key from PEM format 从 PEM 格式设置私钥
    SignatureEngine
    setPublicKey(byte[] encodedKey)
    Set the public key from encoded bytes 从编码字节设置公钥
    SignatureEngine
    setPublicKey(PublicKey publicKey)
    Set the public key for verification operations 设置用于验证操作的公钥
    SignatureEngine
    setPublicKeyPem(String pem)
    Set the public key from PEM format 从 PEM 格式设置公钥
    byte[]
    sign(byte[] data)
    Sign data and return signature bytes 签名数据并返回签名字节
    byte[]
    sign(InputStream input)
    Sign data from input stream 从输入流签名数据
    byte[]
    sign(String data)
    Sign UTF-8 encoded string data 签名 UTF-8 编码的字符串数据
    String
    signBase64(byte[] data)
    Sign data and return Base64 encoded signature 签名数据并返回 Base64 编码的签名
    String
    signBase64(String data)
    Sign UTF-8 encoded string and return Base64 signature 签名 UTF-8 编码字符串并返回 Base64 签名
    byte[]
    signFile(Path file)
    Sign file content 签名文件内容
    String
    signHex(byte[] data)
    Sign data and return hexadecimal encoded signature 签名数据并返回十六进制编码的签名
    SignatureEngine
    update(byte[] data)
    Update the signature with additional data (for multi-part signing) 使用额外数据更新签名(用于多部分签名)
    SignatureEngine
    update(String data)
    Update the signature with UTF-8 encoded string 使用 UTF-8 编码字符串更新签名
    boolean
    verify(byte[] data, byte[] signature)
    Verify signature for given data 验证给定数据的签名
    boolean
    verify(String data, byte[] signature)
    Verify signature for UTF-8 encoded string 验证 UTF-8 编码字符串的签名
    boolean
    verifyBase64(byte[] data, String base64Signature)
    Verify Base64 encoded signature 验证 Base64 编码的签名
    boolean
    verifyBase64(String data, String base64Signature)
    Verify Base64 encoded signature for string data 验证字符串数据的 Base64 编码签名
    boolean
    verifyFile(Path file, byte[] signature)
    Verify signature for file content 验证文件内容的签名
    boolean
    verifyHex(byte[] data, String hexSignature)
    Verify hexadecimal encoded signature 验证十六进制编码的签名
    static EcdsaSignature
    withCurve(CurveType curve)
    Create ECDSA signature with custom curve type 创建使用自定义曲线类型的 ECDSA 签名
    EcdsaSignature
    withGeneratedKeyPair()
    Generate a new EC key pair for the configured curve 为配置的曲线生成新的 EC 密钥对

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • p256

      public static EcdsaSignature p256()
      Create ECDSA signature with P-256 curve (SHA-256, recommended for most uses) 创建使用 P-256 曲线的 ECDSA 签名(SHA-256,推荐用于大多数场景)
      Returns:
      ECDSA P-256 signature instance

    • p384

      public static EcdsaSignature p384()
      Create ECDSA signature with P-384 curve (SHA-384, higher security) 创建使用 P-384 曲线的 ECDSA 签名(SHA-384,更高安全性)
      Returns:
      ECDSA P-384 signature instance

    • p521

      public static EcdsaSignature p521()
      Create ECDSA signature with P-521 curve (SHA-512, maximum security) 创建使用 P-521 曲线的 ECDSA 签名(SHA-512,最高安全性)
      Returns:
      ECDSA P-521 signature instance

    • withCurve

      public static EcdsaSignature withCurve(CurveType curve)
      Create ECDSA signature with custom curve type 创建使用自定义曲线类型的 ECDSA 签名
      Parameters:
      curve - the elliptic curve type
      Returns:
      ECDSA signature instance

    • p256WithGeneratedKeyPair

      public static EcdsaSignature p256WithGeneratedKeyPair()
      Create ECDSA P-256 signature with generated key pair 创建带有生成密钥对的 ECDSA P-256 签名
      Returns:
      ECDSA P-256 signature with generated keys

    • p384WithGeneratedKeyPair

      public static EcdsaSignature p384WithGeneratedKeyPair()
      Create ECDSA P-384 signature with generated key pair 创建带有生成密钥对的 ECDSA P-384 签名
      Returns:
      ECDSA P-384 signature with generated keys

    • p521WithGeneratedKeyPair

      public static EcdsaSignature p521WithGeneratedKeyPair()
      Create ECDSA P-521 signature with generated key pair 创建带有生成密钥对的 ECDSA P-521 签名
      Returns:
      ECDSA P-521 signature with generated keys

    • withGeneratedKeyPair

      public EcdsaSignature withGeneratedKeyPair()
      Generate a new EC key pair for the configured curve 为配置的曲线生成新的 EC 密钥对
      Returns:
      this signature instance with generated keys

    • setPrivateKey

      public SignatureEngine setPrivateKey(PrivateKey privateKey)
      Description copied from interface: SignatureEngine
      Set the private key for signing operations 设置用于签名操作的私钥
      Specified by:
      setPrivateKey in interface SignatureEngine
      Parameters:
      privateKey - the private key
      Returns:
      this engine instance for method chaining

    • setPrivateKey

      public SignatureEngine setPrivateKey(byte[] encodedKey)
      Description copied from interface: SignatureEngine
      Set the private key from encoded bytes 从编码字节设置私钥
      Specified by:
      setPrivateKey in interface SignatureEngine
      Parameters:
      encodedKey - encoded private key bytes
      Returns:
      this engine instance for method chaining

    • setPrivateKeyPem

      public SignatureEngine setPrivateKeyPem(String pem)
      Description copied from interface: SignatureEngine
      Set the private key from PEM format 从 PEM 格式设置私钥
      Specified by:
      setPrivateKeyPem in interface SignatureEngine
      Parameters:
      pem - PEM formatted private key
      Returns:
      this engine instance for method chaining

    • setPublicKey

      public SignatureEngine setPublicKey(PublicKey publicKey)
      Description copied from interface: SignatureEngine
      Set the public key for verification operations 设置用于验证操作的公钥
      Specified by:
      setPublicKey in interface SignatureEngine
      Parameters:
      publicKey - the public key
      Returns:
      this engine instance for method chaining

    • setPublicKey

      public SignatureEngine setPublicKey(byte[] encodedKey)
      Description copied from interface: SignatureEngine
      Set the public key from encoded bytes 从编码字节设置公钥
      Specified by:
      setPublicKey in interface SignatureEngine
      Parameters:
      encodedKey - encoded public key bytes
      Returns:
      this engine instance for method chaining

    • setPublicKeyPem

      public SignatureEngine setPublicKeyPem(String pem)
      Description copied from interface: SignatureEngine
      Set the public key from PEM format 从 PEM 格式设置公钥
      Specified by:
      setPublicKeyPem in interface SignatureEngine
      Parameters:
      pem - PEM formatted public key
      Returns:
      this engine instance for method chaining

    • setKeyPair

      public SignatureEngine setKeyPair(KeyPair keyPair)
      Description copied from interface: SignatureEngine
      Set both keys from a key pair 从密钥对设置公私钥
      Specified by:
      setKeyPair in interface SignatureEngine
      Parameters:
      keyPair - the key pair
      Returns:
      this engine instance for method chaining

    • sign

      public byte[] sign(byte[] data)
      Description copied from interface: SignatureEngine
      Sign data and return signature bytes 签名数据并返回签名字节
      Specified by:
      sign in interface SignatureEngine
      Parameters:
      data - data to sign
      Returns:
      signature bytes

    • sign

      public byte[] sign(String data)
      Description copied from interface: SignatureEngine
      Sign UTF-8 encoded string data 签名 UTF-8 编码的字符串数据
      Specified by:
      sign in interface SignatureEngine
      Parameters:
      data - string data to sign
      Returns:
      signature bytes

    • signBase64

      public String signBase64(byte[] data)
      Description copied from interface: SignatureEngine
      Sign data and return Base64 encoded signature 签名数据并返回 Base64 编码的签名
      Specified by:
      signBase64 in interface SignatureEngine
      Parameters:
      data - data to sign
      Returns:
      Base64 encoded signature

    • signBase64

      public String signBase64(String data)
      Description copied from interface: SignatureEngine
      Sign UTF-8 encoded string and return Base64 signature 签名 UTF-8 编码字符串并返回 Base64 签名
      Specified by:
      signBase64 in interface SignatureEngine
      Parameters:
      data - string data to sign
      Returns:
      Base64 encoded signature

    • signHex

      public String signHex(byte[] data)
      Description copied from interface: SignatureEngine
      Sign data and return hexadecimal encoded signature 签名数据并返回十六进制编码的签名
      Specified by:
      signHex in interface SignatureEngine
      Parameters:
      data - data to sign
      Returns:
      hexadecimal encoded signature

    • signFile

      public byte[] signFile(Path file)
      Description copied from interface: SignatureEngine
      Sign file content 签名文件内容
      Specified by:
      signFile in interface SignatureEngine
      Parameters:
      file - file to sign
      Returns:
      signature bytes

    • sign

      public byte[] sign(InputStream input)
      Description copied from interface: SignatureEngine
      Sign data from input stream 从输入流签名数据
      Specified by:
      sign in interface SignatureEngine
      Parameters:
      input - input stream to read data from
      Returns:
      signature bytes

    • verify

      public boolean verify(byte[] data, byte[] signature)
      Description copied from interface: SignatureEngine
      Verify signature for given data 验证给定数据的签名
      Specified by:
      verify in interface SignatureEngine
      Parameters:
      data - data that was signed
      signature - signature bytes
      Returns:
      true if signature is valid

    • verify

      public boolean verify(String data, byte[] signature)
      Description copied from interface: SignatureEngine
      Verify signature for UTF-8 encoded string 验证 UTF-8 编码字符串的签名
      Specified by:
      verify in interface SignatureEngine
      Parameters:
      data - string data that was signed
      signature - signature bytes
      Returns:
      true if signature is valid

    • verifyBase64

      public boolean verifyBase64(byte[] data, String base64Signature)
      Description copied from interface: SignatureEngine
      Verify Base64 encoded signature 验证 Base64 编码的签名
      Specified by:
      verifyBase64 in interface SignatureEngine
      Parameters:
      data - data that was signed
      base64Signature - Base64 encoded signature
      Returns:
      true if signature is valid

    • verifyBase64

      public boolean verifyBase64(String data, String base64Signature)
      Description copied from interface: SignatureEngine
      Verify Base64 encoded signature for string data 验证字符串数据的 Base64 编码签名
      Specified by:
      verifyBase64 in interface SignatureEngine
      Parameters:
      data - string data that was signed
      base64Signature - Base64 encoded signature
      Returns:
      true if signature is valid

    • verifyHex

      public boolean verifyHex(byte[] data, String hexSignature)
      Description copied from interface: SignatureEngine
      Verify hexadecimal encoded signature 验证十六进制编码的签名
      Specified by:
      verifyHex in interface SignatureEngine
      Parameters:
      data - data that was signed
      hexSignature - hexadecimal encoded signature
      Returns:
      true if signature is valid

    • verifyFile

      public boolean verifyFile(Path file, byte[] signature)
      Description copied from interface: SignatureEngine
      Verify signature for file content 验证文件内容的签名
      Specified by:
      verifyFile in interface SignatureEngine
      Parameters:
      file - file that was signed
      signature - signature bytes
      Returns:
      true if signature is valid

    • update

      public SignatureEngine update(byte[] data)
      Description copied from interface: SignatureEngine
      Update the signature with additional data (for multi-part signing) 使用额外数据更新签名(用于多部分签名)
      Specified by:
      update in interface SignatureEngine
      Parameters:
      data - data to add
      Returns:
      this engine instance for method chaining

    • update

      public SignatureEngine update(String data)
      Description copied from interface: SignatureEngine
      Update the signature with UTF-8 encoded string 使用 UTF-8 编码字符串更新签名
      Specified by:
      update in interface SignatureEngine
      Parameters:
      data - string data to add
      Returns:
      this engine instance for method chaining

    • doSign

      public byte[] doSign()
      Description copied from interface: SignatureEngine
      Complete the multi-part signing operation 完成多部分签名操作
      Specified by:
      doSign in interface SignatureEngine
      Returns:
      signature bytes

    • doSignBase64

      public String doSignBase64()
      Description copied from interface: SignatureEngine
      Complete the multi-part signing and return Base64 signature 完成多部分签名并返回 Base64 签名
      Specified by:
      doSignBase64 in interface SignatureEngine
      Returns:
      Base64 encoded signature

    • doVerify

      public boolean doVerify(byte[] signature)
      Description copied from interface: SignatureEngine
      Complete the multi-part verification operation 完成多部分验证操作
      Specified by:
      doVerify in interface SignatureEngine
      Parameters:
      signature - signature to verify
      Returns:
      true if signature is valid

    • getAlgorithm

      public String getAlgorithm()
      Description copied from interface: SignatureEngine
      Get the signature algorithm name 获取签名算法名称
      Specified by:
      getAlgorithm in interface SignatureEngine
      Returns:
      algorithm name

    • getCurveType

      public CurveType getCurveType()
      Get the curve type 获取曲线类型
      Returns:
      the curve type

    • getPublicKey

      public PublicKey getPublicKey()
      Get the public key 获取公钥
      Returns:
      the public key, or null if not set

    • getPrivateKey

      public PrivateKey getPrivateKey()
      Get the private key 获取私钥
      Returns:
      the private key, or null if not set