Class RsaSignature
java.lang.Object
cloud.opencode.base.crypto.signature.RsaSignature
- All Implemented Interfaces:
SignatureEngine
RSA signature implementation - RSA digital signature with SHA hash algorithms
RSA 签名实现 - 使用 SHA 哈希算法的 RSA 数字签名
Supports SHA-256, SHA-384, and SHA-512 with RSA signing. This implementation
uses traditional PKCS#1 v1.5 padding scheme. For modern applications requiring
stronger security guarantees, consider using RsaPssSignature.
支持使用 SHA-256、SHA-384 和 SHA-512 的 RSA 签名。此实现使用传统的
PKCS#1 v1.5 填充方案。对于需要更强安全保证的现代应用,建议使用 RsaPssSignature。
Features | 主要功能:
- RSA signatures with SHA-256/384/512 - RSA 签名(SHA-256/384/512)
Usage Examples | 使用示例:
RsaSignature rsa = RsaSignature.sha256();
rsa.setPrivateKey(privateKey);
byte[] sig = rsa.sign(data);
Security | 安全性:
- Thread-safe: No - 线程安全: 否
- Null-safe: Yes - 空值安全: 是
- Since:
- JDK 25, opencode-base-crypto V1.0.0
- Author:
- Leon Soo www.LeonSoo.com
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionbyte[]doSign()Complete the multi-part signing operation 完成多部分签名操作Complete the multi-part signing and return Base64 signature 完成多部分签名并返回 Base64 签名booleandoVerify(byte[] signature) Complete the multi-part verification operation 完成多部分验证操作Get the signature algorithm name 获取签名算法名称Get the private key 获取私钥Get the public key 获取公钥setKeyPair(KeyPair keyPair) Set both keys from a key pair 从密钥对设置公私钥setPrivateKey(byte[] encodedKey) Set the private key from encoded bytes 从编码字节设置私钥setPrivateKey(PrivateKey privateKey) Set the private key for signing operations 设置用于签名操作的私钥setPrivateKeyPem(String pem) Set the private key from PEM format 从 PEM 格式设置私钥setPublicKey(byte[] encodedKey) Set the public key from encoded bytes 从编码字节设置公钥setPublicKey(PublicKey publicKey) Set the public key for verification operations 设置用于验证操作的公钥setPublicKeyPem(String pem) Set the public key from PEM format 从 PEM 格式设置公钥static RsaSignaturesha1()Create RSA signature with SHA-1 — legacy opt-in, deprecated.static RsaSignaturesha256()Create RSA signature with SHA-256 (2048-bit key recommended) 创建使用 SHA-256 的 RSA 签名(推荐 2048 位密钥)static RsaSignatureCreate RSA signature with SHA-256 and generated 2048-bit key pair 创建使用 SHA-256 和生成的 2048 位密钥对的 RSA 签名static RsaSignaturesha384()Create RSA signature with SHA-384 (3072-bit key recommended) 创建使用 SHA-384 的 RSA 签名(推荐 3072 位密钥)static RsaSignaturesha512()Create RSA signature with SHA-512 (4096-bit key recommended) 创建使用 SHA-512 的 RSA 签名(推荐 4096 位密钥)static RsaSignatureCreate RSA signature with SHA-512 and generated 4096-bit key pair 创建使用 SHA-512 和生成的 4096 位密钥对的 RSA 签名byte[]sign(byte[] data) Sign data and return signature bytes 签名数据并返回签名字节byte[]sign(InputStream input) Sign data from input stream 从输入流签名数据byte[]Sign UTF-8 encoded string data 签名 UTF-8 编码的字符串数据signBase64(byte[] data) Sign data and return Base64 encoded signature 签名数据并返回 Base64 编码的签名signBase64(String data) Sign UTF-8 encoded string and return Base64 signature 签名 UTF-8 编码字符串并返回 Base64 签名byte[]Sign file content 签名文件内容signHex(byte[] data) Sign data and return hexadecimal encoded signature 签名数据并返回十六进制编码的签名update(byte[] data) Update the signature with additional data (for multi-part signing) 使用额外数据更新签名(用于多部分签名)Update the signature with UTF-8 encoded string 使用 UTF-8 编码字符串更新签名booleanverify(byte[] data, byte[] signature) Verify signature for given data 验证给定数据的签名booleanVerify signature for UTF-8 encoded string 验证 UTF-8 编码字符串的签名booleanverifyBase64(byte[] data, String base64Signature) Verify Base64 encoded signature 验证 Base64 编码的签名booleanverifyBase64(String data, String base64Signature) Verify Base64 encoded signature for string data 验证字符串数据的 Base64 编码签名booleanverifyFile(Path file, byte[] signature) Verify signature for file content 验证文件内容的签名booleanVerify hexadecimal encoded signature 验证十六进制编码的签名withGeneratedKeyPair(int keySize) Generate a new RSA key pair of specified size 生成指定大小的新 RSA 密钥对
-
Method Details
-
sha1
Create RSA signature with SHA-1 — legacy opt-in, deprecated. SHA1withRSA is cryptographically weak (SHA-1 collision attacks are feasible); only use for interop with payment channels or APIs that still mandate it (e.g. Braintree legacy signing). Prefersha256()for anything new. 使用 SHA-1 的 RSA 签名——遗留 opt-in,已不安全。 SHA1withRSA 抗碰撞性已被攻破,仅用于仍强制要求的支付渠道/外部 API 的互通 (例如 Braintree 旧版签名)。新业务请使用sha256()。- Returns:
- RSA-SHA1 signature instance
-
sha256
Create RSA signature with SHA-256 (2048-bit key recommended) 创建使用 SHA-256 的 RSA 签名(推荐 2048 位密钥)- Returns:
- RSA-SHA256 signature instance
-
sha384
Create RSA signature with SHA-384 (3072-bit key recommended) 创建使用 SHA-384 的 RSA 签名(推荐 3072 位密钥)- Returns:
- RSA-SHA384 signature instance
-
sha512
Create RSA signature with SHA-512 (4096-bit key recommended) 创建使用 SHA-512 的 RSA 签名(推荐 4096 位密钥)- Returns:
- RSA-SHA512 signature instance
-
sha256WithKeyPair
Create RSA signature with SHA-256 and generated 2048-bit key pair 创建使用 SHA-256 和生成的 2048 位密钥对的 RSA 签名- Returns:
- RSA-SHA256 signature with generated keys
-
sha512WithKeyPair
Create RSA signature with SHA-512 and generated 4096-bit key pair 创建使用 SHA-512 和生成的 4096 位密钥对的 RSA 签名- Returns:
- RSA-SHA512 signature with generated keys
-
withGeneratedKeyPair
Generate a new RSA key pair of specified size 生成指定大小的新 RSA 密钥对- Parameters:
keySize- the key size in bits (minimum 2048 recommended)- Returns:
- this signature instance with generated keys
- Throws:
IllegalArgumentException- if keySize is invalid
-
setPrivateKey
Description copied from interface:SignatureEngineSet the private key for signing operations 设置用于签名操作的私钥- Specified by:
setPrivateKeyin interfaceSignatureEngine- Parameters:
privateKey- the private key- Returns:
- this engine instance for method chaining
-
setPrivateKey
Description copied from interface:SignatureEngineSet the private key from encoded bytes 从编码字节设置私钥- Specified by:
setPrivateKeyin interfaceSignatureEngine- Parameters:
encodedKey- encoded private key bytes- Returns:
- this engine instance for method chaining
-
setPrivateKeyPem
Description copied from interface:SignatureEngineSet the private key from PEM format 从 PEM 格式设置私钥- Specified by:
setPrivateKeyPemin interfaceSignatureEngine- Parameters:
pem- PEM formatted private key- Returns:
- this engine instance for method chaining
-
setPublicKey
Description copied from interface:SignatureEngineSet the public key for verification operations 设置用于验证操作的公钥- Specified by:
setPublicKeyin interfaceSignatureEngine- Parameters:
publicKey- the public key- Returns:
- this engine instance for method chaining
-
setPublicKey
Description copied from interface:SignatureEngineSet the public key from encoded bytes 从编码字节设置公钥- Specified by:
setPublicKeyin interfaceSignatureEngine- Parameters:
encodedKey- encoded public key bytes- Returns:
- this engine instance for method chaining
-
setPublicKeyPem
Description copied from interface:SignatureEngineSet the public key from PEM format 从 PEM 格式设置公钥- Specified by:
setPublicKeyPemin interfaceSignatureEngine- Parameters:
pem- PEM formatted public key- Returns:
- this engine instance for method chaining
-
setKeyPair
Description copied from interface:SignatureEngineSet both keys from a key pair 从密钥对设置公私钥- Specified by:
setKeyPairin interfaceSignatureEngine- Parameters:
keyPair- the key pair- Returns:
- this engine instance for method chaining
-
sign
public byte[] sign(byte[] data) Description copied from interface:SignatureEngineSign data and return signature bytes 签名数据并返回签名字节- Specified by:
signin interfaceSignatureEngine- Parameters:
data- data to sign- Returns:
- signature bytes
-
sign
Description copied from interface:SignatureEngineSign UTF-8 encoded string data 签名 UTF-8 编码的字符串数据- Specified by:
signin interfaceSignatureEngine- Parameters:
data- string data to sign- Returns:
- signature bytes
-
signBase64
Description copied from interface:SignatureEngineSign data and return Base64 encoded signature 签名数据并返回 Base64 编码的签名- Specified by:
signBase64in interfaceSignatureEngine- Parameters:
data- data to sign- Returns:
- Base64 encoded signature
-
signBase64
Description copied from interface:SignatureEngineSign UTF-8 encoded string and return Base64 signature 签名 UTF-8 编码字符串并返回 Base64 签名- Specified by:
signBase64in interfaceSignatureEngine- Parameters:
data- string data to sign- Returns:
- Base64 encoded signature
-
signHex
Description copied from interface:SignatureEngineSign data and return hexadecimal encoded signature 签名数据并返回十六进制编码的签名- Specified by:
signHexin interfaceSignatureEngine- Parameters:
data- data to sign- Returns:
- hexadecimal encoded signature
-
signFile
Description copied from interface:SignatureEngineSign file content 签名文件内容- Specified by:
signFilein interfaceSignatureEngine- Parameters:
file- file to sign- Returns:
- signature bytes
-
sign
Description copied from interface:SignatureEngineSign data from input stream 从输入流签名数据- Specified by:
signin interfaceSignatureEngine- Parameters:
input- input stream to read data from- Returns:
- signature bytes
-
verify
public boolean verify(byte[] data, byte[] signature) Description copied from interface:SignatureEngineVerify signature for given data 验证给定数据的签名- Specified by:
verifyin interfaceSignatureEngine- Parameters:
data- data that was signedsignature- signature bytes- Returns:
- true if signature is valid
-
verify
Description copied from interface:SignatureEngineVerify signature for UTF-8 encoded string 验证 UTF-8 编码字符串的签名- Specified by:
verifyin interfaceSignatureEngine- Parameters:
data- string data that was signedsignature- signature bytes- Returns:
- true if signature is valid
-
verifyBase64
Description copied from interface:SignatureEngineVerify Base64 encoded signature 验证 Base64 编码的签名- Specified by:
verifyBase64in interfaceSignatureEngine- Parameters:
data- data that was signedbase64Signature- Base64 encoded signature- Returns:
- true if signature is valid
-
verifyBase64
Description copied from interface:SignatureEngineVerify Base64 encoded signature for string data 验证字符串数据的 Base64 编码签名- Specified by:
verifyBase64in interfaceSignatureEngine- Parameters:
data- string data that was signedbase64Signature- Base64 encoded signature- Returns:
- true if signature is valid
-
verifyHex
Description copied from interface:SignatureEngineVerify hexadecimal encoded signature 验证十六进制编码的签名- Specified by:
verifyHexin interfaceSignatureEngine- Parameters:
data- data that was signedhexSignature- hexadecimal encoded signature- Returns:
- true if signature is valid
-
verifyFile
Description copied from interface:SignatureEngineVerify signature for file content 验证文件内容的签名- Specified by:
verifyFilein interfaceSignatureEngine- Parameters:
file- file that was signedsignature- signature bytes- Returns:
- true if signature is valid
-
update
Description copied from interface:SignatureEngineUpdate the signature with additional data (for multi-part signing) 使用额外数据更新签名(用于多部分签名)- Specified by:
updatein interfaceSignatureEngine- Parameters:
data- data to add- Returns:
- this engine instance for method chaining
-
update
Description copied from interface:SignatureEngineUpdate the signature with UTF-8 encoded string 使用 UTF-8 编码字符串更新签名- Specified by:
updatein interfaceSignatureEngine- Parameters:
data- string data to add- Returns:
- this engine instance for method chaining
-
doSign
public byte[] doSign()Description copied from interface:SignatureEngineComplete the multi-part signing operation 完成多部分签名操作- Specified by:
doSignin interfaceSignatureEngine- Returns:
- signature bytes
-
doSignBase64
Description copied from interface:SignatureEngineComplete the multi-part signing and return Base64 signature 完成多部分签名并返回 Base64 签名- Specified by:
doSignBase64in interfaceSignatureEngine- Returns:
- Base64 encoded signature
-
doVerify
public boolean doVerify(byte[] signature) Description copied from interface:SignatureEngineComplete the multi-part verification operation 完成多部分验证操作- Specified by:
doVerifyin interfaceSignatureEngine- Parameters:
signature- signature to verify- Returns:
- true if signature is valid
-
getAlgorithm
Description copied from interface:SignatureEngineGet the signature algorithm name 获取签名算法名称- Specified by:
getAlgorithmin interfaceSignatureEngine- Returns:
- algorithm name
-
getPublicKey
-
getPrivateKey
Get the private key 获取私钥- Returns:
- the private key, or null if not set
-