Class EddsaSignature

java.lang.Object
cloud.opencode.base.crypto.signature.EddsaSignature
All Implemented Interfaces:
SignatureEngine
public final class EddsaSignature extends Object implements SignatureEngine
EdDSA signature implementation - Edwards-curve Digital Signature Algorithm (recommended) EdDSA 签名实现 - 爱德华兹曲线数字签名算法(推荐)

EdDSA using Ed25519 and Ed448 curves provides excellent security and performance. It is deterministic and resistant to side-channel attacks. Native support in JDK 15+. EdDSA 使用 Ed25519 和 Ed448 曲线提供出色的安全性和性能。 它是确定性的且能抵抗侧信道攻击。JDK 15+ 原生支持。

Features | 主要功能:

  • Ed25519 and Ed448 signatures - Ed25519 和 Ed448 签名
  • High performance Edwards-curve signatures - 高性能 Edwards 曲线签名

Usage Examples | 使用示例:

EddsaSignature ed = EddsaSignature.ed25519();
ed.setPrivateKey(privateKey);
byte[] sig = ed.sign(data);

Security | 安全性:

  • Thread-safe: No - 线程安全: 否
  • Null-safe: Yes - 空值安全: 是
Since:
JDK 25, opencode-base-crypto V1.0.0
Author:
Leon Soo www.LeonSoo.com
See Also:

  • Method Summary

    Modifier and Type
    Method
    Description
    byte[]
    doSign()
    Complete the multi-part signing operation 完成多部分签名操作
    String
    doSignBase64()
    Complete the multi-part signing and return Base64 signature 完成多部分签名并返回 Base64 签名
    boolean
    doVerify(byte[] signature)
    Complete the multi-part verification operation 完成多部分验证操作
    static EddsaSignature
    ed25519()
    Create EdDSA signature with Ed25519 curve (recommended for most uses) 创建使用 Ed25519 曲线的 EdDSA 签名(推荐用于大多数场景)
    static EddsaSignature
    ed25519WithGeneratedKeyPair()
    Create EdDSA Ed25519 signature with generated key pair 创建带有生成密钥对的 EdDSA Ed25519 签名
    static EddsaSignature
    ed448()
    Create EdDSA signature with Ed448 curve (higher security) 创建使用 Ed448 曲线的 EdDSA 签名(更高安全性)
    static EddsaSignature
    ed448WithGeneratedKeyPair()
    Create EdDSA Ed448 signature with generated key pair 创建带有生成密钥对的 EdDSA Ed448 签名
    String
    getAlgorithm()
    Get the signature algorithm name 获取签名算法名称
    PrivateKey
    getPrivateKey()
    Get the private key 获取私钥
    PublicKey
    getPublicKey()
    Get the public key 获取公钥
    SignatureEngine
    setKeyPair(KeyPair keyPair)
    Set both keys from a key pair 从密钥对设置公私钥
    SignatureEngine
    setPrivateKey(byte[] encodedKey)
    Set the private key from encoded bytes 从编码字节设置私钥
    SignatureEngine
    setPrivateKey(PrivateKey privateKey)
    Set the private key for signing operations 设置用于签名操作的私钥
    SignatureEngine
    setPrivateKeyPem(String pem)
    Set the private key from PEM format 从 PEM 格式设置私钥
    SignatureEngine
    setPublicKey(byte[] encodedKey)
    Set the public key from encoded bytes 从编码字节设置公钥
    SignatureEngine
    setPublicKey(PublicKey publicKey)
    Set the public key for verification operations 设置用于验证操作的公钥
    SignatureEngine
    setPublicKeyPem(String pem)
    Set the public key from PEM format 从 PEM 格式设置公钥
    byte[]
    sign(byte[] data)
    Sign data and return signature bytes 签名数据并返回签名字节
    byte[]
    sign(InputStream input)
    Sign data from input stream 从输入流签名数据
    byte[]
    sign(String data)
    Sign UTF-8 encoded string data 签名 UTF-8 编码的字符串数据
    String
    signBase64(byte[] data)
    Sign data and return Base64 encoded signature 签名数据并返回 Base64 编码的签名
    String
    signBase64(String data)
    Sign UTF-8 encoded string and return Base64 signature 签名 UTF-8 编码字符串并返回 Base64 签名
    byte[]
    signFile(Path file)
    Sign file content 签名文件内容
    String
    signHex(byte[] data)
    Sign data and return hexadecimal encoded signature 签名数据并返回十六进制编码的签名
    SignatureEngine
    update(byte[] data)
    Update the signature with additional data (for multi-part signing) 使用额外数据更新签名(用于多部分签名)
    SignatureEngine
    update(String data)
    Update the signature with UTF-8 encoded string 使用 UTF-8 编码字符串更新签名
    boolean
    verify(byte[] data, byte[] signature)
    Verify signature for given data 验证给定数据的签名
    boolean
    verify(String data, byte[] signature)
    Verify signature for UTF-8 encoded string 验证 UTF-8 编码字符串的签名
    boolean
    verifyBase64(byte[] data, String base64Signature)
    Verify Base64 encoded signature 验证 Base64 编码的签名
    boolean
    verifyBase64(String data, String base64Signature)
    Verify Base64 encoded signature for string data 验证字符串数据的 Base64 编码签名
    boolean
    verifyFile(Path file, byte[] signature)
    Verify signature for file content 验证文件内容的签名
    boolean
    verifyHex(byte[] data, String hexSignature)
    Verify hexadecimal encoded signature 验证十六进制编码的签名
    EddsaSignature
    withGeneratedKeyPair()
    Generate a new EdDSA key pair for the configured algorithm 为配置的算法生成新的 EdDSA 密钥对

    Methods inherited from class Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Method Details

    • ed25519

      public static EddsaSignature ed25519()
      Create EdDSA signature with Ed25519 curve (recommended for most uses) 创建使用 Ed25519 曲线的 EdDSA 签名(推荐用于大多数场景)

      Ed25519 provides 128-bit security with 256-bit keys and 512-bit signatures. It is fast, secure, and widely supported. Ed25519 提供 128 位安全性,密钥为 256 位,签名为 512 位。 它快速、安全且广泛支持。

      Returns:
      EdDSA Ed25519 signature instance

    • ed448

      public static EddsaSignature ed448()
      Create EdDSA signature with Ed448 curve (higher security) 创建使用 Ed448 曲线的 EdDSA 签名(更高安全性)

      Ed448 provides 224-bit security with 456-bit keys and 912-bit signatures. Use when higher security margins are required. Ed448 提供 224 位安全性,密钥为 456 位,签名为 912 位。 当需要更高安全边际时使用。

      Returns:
      EdDSA Ed448 signature instance

    • ed25519WithGeneratedKeyPair

      public static EddsaSignature ed25519WithGeneratedKeyPair()
      Create EdDSA Ed25519 signature with generated key pair 创建带有生成密钥对的 EdDSA Ed25519 签名
      Returns:
      EdDSA Ed25519 signature with generated keys

    • ed448WithGeneratedKeyPair

      public static EddsaSignature ed448WithGeneratedKeyPair()
      Create EdDSA Ed448 signature with generated key pair 创建带有生成密钥对的 EdDSA Ed448 签名
      Returns:
      EdDSA Ed448 signature with generated keys

    • withGeneratedKeyPair

      public EddsaSignature withGeneratedKeyPair()
      Generate a new EdDSA key pair for the configured algorithm 为配置的算法生成新的 EdDSA 密钥对
      Returns:
      this signature instance with generated keys

    • setPrivateKey

      public SignatureEngine setPrivateKey(PrivateKey privateKey)
      Description copied from interface: SignatureEngine
      Set the private key for signing operations 设置用于签名操作的私钥
      Specified by:
      setPrivateKey in interface SignatureEngine
      Parameters:
      privateKey - the private key
      Returns:
      this engine instance for method chaining

    • setPrivateKey

      public SignatureEngine setPrivateKey(byte[] encodedKey)
      Description copied from interface: SignatureEngine
      Set the private key from encoded bytes 从编码字节设置私钥
      Specified by:
      setPrivateKey in interface SignatureEngine
      Parameters:
      encodedKey - encoded private key bytes
      Returns:
      this engine instance for method chaining

    • setPrivateKeyPem

      public SignatureEngine setPrivateKeyPem(String pem)
      Description copied from interface: SignatureEngine
      Set the private key from PEM format 从 PEM 格式设置私钥
      Specified by:
      setPrivateKeyPem in interface SignatureEngine
      Parameters:
      pem - PEM formatted private key
      Returns:
      this engine instance for method chaining

    • setPublicKey

      public SignatureEngine setPublicKey(PublicKey publicKey)
      Description copied from interface: SignatureEngine
      Set the public key for verification operations 设置用于验证操作的公钥
      Specified by:
      setPublicKey in interface SignatureEngine
      Parameters:
      publicKey - the public key
      Returns:
      this engine instance for method chaining

    • setPublicKey

      public SignatureEngine setPublicKey(byte[] encodedKey)
      Description copied from interface: SignatureEngine
      Set the public key from encoded bytes 从编码字节设置公钥
      Specified by:
      setPublicKey in interface SignatureEngine
      Parameters:
      encodedKey - encoded public key bytes
      Returns:
      this engine instance for method chaining

    • setPublicKeyPem

      public SignatureEngine setPublicKeyPem(String pem)
      Description copied from interface: SignatureEngine
      Set the public key from PEM format 从 PEM 格式设置公钥
      Specified by:
      setPublicKeyPem in interface SignatureEngine
      Parameters:
      pem - PEM formatted public key
      Returns:
      this engine instance for method chaining

    • setKeyPair

      public SignatureEngine setKeyPair(KeyPair keyPair)
      Description copied from interface: SignatureEngine
      Set both keys from a key pair 从密钥对设置公私钥
      Specified by:
      setKeyPair in interface SignatureEngine
      Parameters:
      keyPair - the key pair
      Returns:
      this engine instance for method chaining

    • sign

      public byte[] sign(byte[] data)
      Description copied from interface: SignatureEngine
      Sign data and return signature bytes 签名数据并返回签名字节
      Specified by:
      sign in interface SignatureEngine
      Parameters:
      data - data to sign
      Returns:
      signature bytes

    • sign

      public byte[] sign(String data)
      Description copied from interface: SignatureEngine
      Sign UTF-8 encoded string data 签名 UTF-8 编码的字符串数据
      Specified by:
      sign in interface SignatureEngine
      Parameters:
      data - string data to sign
      Returns:
      signature bytes

    • signBase64

      public String signBase64(byte[] data)
      Description copied from interface: SignatureEngine
      Sign data and return Base64 encoded signature 签名数据并返回 Base64 编码的签名
      Specified by:
      signBase64 in interface SignatureEngine
      Parameters:
      data - data to sign
      Returns:
      Base64 encoded signature

    • signBase64

      public String signBase64(String data)
      Description copied from interface: SignatureEngine
      Sign UTF-8 encoded string and return Base64 signature 签名 UTF-8 编码字符串并返回 Base64 签名
      Specified by:
      signBase64 in interface SignatureEngine
      Parameters:
      data - string data to sign
      Returns:
      Base64 encoded signature

    • signHex

      public String signHex(byte[] data)
      Description copied from interface: SignatureEngine
      Sign data and return hexadecimal encoded signature 签名数据并返回十六进制编码的签名
      Specified by:
      signHex in interface SignatureEngine
      Parameters:
      data - data to sign
      Returns:
      hexadecimal encoded signature

    • signFile

      public byte[] signFile(Path file)
      Description copied from interface: SignatureEngine
      Sign file content 签名文件内容
      Specified by:
      signFile in interface SignatureEngine
      Parameters:
      file - file to sign
      Returns:
      signature bytes

    • sign

      public byte[] sign(InputStream input)
      Description copied from interface: SignatureEngine
      Sign data from input stream 从输入流签名数据
      Specified by:
      sign in interface SignatureEngine
      Parameters:
      input - input stream to read data from
      Returns:
      signature bytes

    • verify

      public boolean verify(byte[] data, byte[] signature)
      Description copied from interface: SignatureEngine
      Verify signature for given data 验证给定数据的签名
      Specified by:
      verify in interface SignatureEngine
      Parameters:
      data - data that was signed
      signature - signature bytes
      Returns:
      true if signature is valid

    • verify

      public boolean verify(String data, byte[] signature)
      Description copied from interface: SignatureEngine
      Verify signature for UTF-8 encoded string 验证 UTF-8 编码字符串的签名
      Specified by:
      verify in interface SignatureEngine
      Parameters:
      data - string data that was signed
      signature - signature bytes
      Returns:
      true if signature is valid

    • verifyBase64

      public boolean verifyBase64(byte[] data, String base64Signature)
      Description copied from interface: SignatureEngine
      Verify Base64 encoded signature 验证 Base64 编码的签名
      Specified by:
      verifyBase64 in interface SignatureEngine
      Parameters:
      data - data that was signed
      base64Signature - Base64 encoded signature
      Returns:
      true if signature is valid

    • verifyBase64

      public boolean verifyBase64(String data, String base64Signature)
      Description copied from interface: SignatureEngine
      Verify Base64 encoded signature for string data 验证字符串数据的 Base64 编码签名
      Specified by:
      verifyBase64 in interface SignatureEngine
      Parameters:
      data - string data that was signed
      base64Signature - Base64 encoded signature
      Returns:
      true if signature is valid

    • verifyHex

      public boolean verifyHex(byte[] data, String hexSignature)
      Description copied from interface: SignatureEngine
      Verify hexadecimal encoded signature 验证十六进制编码的签名
      Specified by:
      verifyHex in interface SignatureEngine
      Parameters:
      data - data that was signed
      hexSignature - hexadecimal encoded signature
      Returns:
      true if signature is valid

    • verifyFile

      public boolean verifyFile(Path file, byte[] signature)
      Description copied from interface: SignatureEngine
      Verify signature for file content 验证文件内容的签名
      Specified by:
      verifyFile in interface SignatureEngine
      Parameters:
      file - file that was signed
      signature - signature bytes
      Returns:
      true if signature is valid

    • update

      public SignatureEngine update(byte[] data)
      Description copied from interface: SignatureEngine
      Update the signature with additional data (for multi-part signing) 使用额外数据更新签名(用于多部分签名)
      Specified by:
      update in interface SignatureEngine
      Parameters:
      data - data to add
      Returns:
      this engine instance for method chaining

    • update

      public SignatureEngine update(String data)
      Description copied from interface: SignatureEngine
      Update the signature with UTF-8 encoded string 使用 UTF-8 编码字符串更新签名
      Specified by:
      update in interface SignatureEngine
      Parameters:
      data - string data to add
      Returns:
      this engine instance for method chaining

    • doSign

      public byte[] doSign()
      Description copied from interface: SignatureEngine
      Complete the multi-part signing operation 完成多部分签名操作
      Specified by:
      doSign in interface SignatureEngine
      Returns:
      signature bytes

    • doSignBase64

      public String doSignBase64()
      Description copied from interface: SignatureEngine
      Complete the multi-part signing and return Base64 signature 完成多部分签名并返回 Base64 签名
      Specified by:
      doSignBase64 in interface SignatureEngine
      Returns:
      Base64 encoded signature

    • doVerify

      public boolean doVerify(byte[] signature)
      Description copied from interface: SignatureEngine
      Complete the multi-part verification operation 完成多部分验证操作
      Specified by:
      doVerify in interface SignatureEngine
      Parameters:
      signature - signature to verify
      Returns:
      true if signature is valid

    • getAlgorithm

      public String getAlgorithm()
      Description copied from interface: SignatureEngine
      Get the signature algorithm name 获取签名算法名称
      Specified by:
      getAlgorithm in interface SignatureEngine
      Returns:
      algorithm name

    • getPublicKey

      public PublicKey getPublicKey()
      Get the public key 获取公钥
      Returns:
      the public key, or null if not set

    • getPrivateKey

      public PrivateKey getPrivateKey()
      Get the private key 获取私钥
      Returns:
      the private key, or null if not set