The Java Tutorials have been written for JDK 8.Java教程是为JDK 8编写的。Examples and practices described in this page don't take advantage of improvements introduced in later releases and might use technology no longer available.本页中描述的示例和实践没有利用后续版本中引入的改进,并且可能使用不再可用的技术。See Java Language Changes for a summary of updated language features in Java SE 9 and subsequent releases.有关Java SE 9及其后续版本中更新的语言特性的摘要,请参阅Java语言更改。
See JDK Release Notes for information about new features, enhancements, and removed or deprecated options for all JDK releases.有关所有JDK版本的新功能、增强功能以及已删除或不推荐的选项的信息,请参阅JDK发行说明。
In order to be able to create a digital signature, you need a private key. (Its corresponding public key will be needed in order to verify the authenticity of the signature.)为了能够创建数字签名,您需要一个私钥。(需要相应的公钥来验证签名的真实性。)
In some cases the key pair (private key and corresponding public key) are already available in files. In that case the program can import and use the private key for signing, as shown in Weaknesses and Alternatives.在某些情况下,密钥对(私钥和相应的公钥)已经在文件中可用。在这种情况下,程序可以导入并使用私钥进行签名,如弱点和替代方案所示。
In other cases the program needs to generate the key pair. A key pair is generated by using the 在其他情况下,程序需要生成密钥对。使用KeyPairGenerator class.KeyPairGenerator类生成密钥对。
In this example you will generate a public/private key pair for the Digital Signature Algorithm (DSA). You will generate keys with a 1024-bit length.在这个例子中,您将为数字签名算法(DSA)生成一个公钥/私钥对。您将生成长度为1024位的密钥。
Generating a key pair requires several steps:生成密钥对需要几个步骤:
Create a Key Pair Generator创建密钥对生成器
The first step is to get a key-pair generator object for generating keys for the DSA signature algorithm.第一步是获取一个密钥对生成器对象,用于为DSA签名算法生成密钥。
As with all engine classes, the way to get a 与所有引擎类一样,为特定类型的算法获取KeyPairGenerator object for a particular type of algorithm is to call the getInstance static factory method on the KeyPairGenerator class. KeyPairGenerator对象的方法是调用KeyPairGgenerator类上的getInstance静态工厂方法。This method has two forms, both of which hava a 此方法有两种形式,都有一个String algorithm first argument; one form also has a String provider second argument.String algorithm的第一个参数;一个表单还有一个String provider第二个参数。
A caller may thus optionally specify the name of a provider, which will guarantee that the implementation of the algorithm requested is from the named provider. The sample code of this lesson always specifies the default SUN provider built into the JDK.因此,调用者可以选择指定提供者的名称,这将保证所请求的算法的实现来自指定的提供者。本课的示例代码始终指定JDK中内置的默认SUN提供程序。
Put the following statement after the在后面加上以下语句
else try {line in the file created in the previous step, Prepare Initial Program Structure:在上一步“准备初始程序结构”中创建的文件中的行:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("DSA", "SUN");Initialize the Key Pair Generator初始化密钥对生成器
The next step is to initialize the key pair generator. All key pair generators share the concepts of a keysize and a source of randomness. 下一步是初始化密钥对生成器。所有密钥对生成器都共享密钥大小和随机性来源的概念。The KeyPairGenerator class has an initialize method that takes these two types of arguments.KeyPairGenerator类有一个initialize方法,它接受这两种类型的参数。
The keysize for a DSA key generator is the key length (in bits), which you will set to 1024.DSA密钥生成器的密钥大小是密钥长度(以位为单位),您将其设置为1024。
The source of randomness must be an instance of the 随机性的来源必须是SecureRandom class that provides a cryptographically strong random number generator (RNG). SecureRandom类的一个实例,该类提供了一个加密强的随机数生成器(RNG)。For more information about 有关SecureRandom, see the SecureRandom API Specification and the Java Cryptography Architecture Reference Guide .SecureRandom的更多信息,请参阅SecureRandom API规范和Java加密体系结构参考指南。
The following example requests an instance of 以下示例请求一个使用SHA1PRNG算法的SecureRandom that uses the SHA1PRNG algorithm, as provided by the built-in SUN provider. The example then passes this SecureRandom instance to the key-pair generator initialization method.SecureRandom实例,该算法由内置的SUN提供程序提供。然后,该示例将此SecureRandom实例传递给密钥对生成器初始化方法。
SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);Some situations require strong random values, such as when creating high-value and long-lived secrets like RSA public and private keys. 某些情况需要强随机值,例如在创建RSA公钥和私钥等高价值和长寿命的秘密时。To help guide applications in selecting a suitable strong 为了帮助指导应用程序选择合适的强SecureRandom implementation, starting from JDK 8 Java distributions include a list of known strong SecureRandom implementations in the securerandom.strongAlgorithms property of the java.security.Security class. SecureRandom实现,从JDK 8开始,Java发行版在java.security.Security类的securerandom.strongAlgorithms属性中包含一个已知的强SecureRandom实现列表。When you are creating such data, you should consider using 当您创建此类数据时,您应该考虑使用SecureRandom.getInstanceStrong(), as it obtains an instance of the known strong algorithms.SecureRandom.getInstanceStrong(),因为它可以获得已知强算法的实例。
Generate the Pair of Keys生成密钥对
The final step is to generate the key pair and to store the keys in 最后一步是生成密钥对,并将密钥存储在PrivateKey and PublicKey objects.PrivateKey和PublicKey对象中。
KeyPair pair = keyGen.generateKeyPair(); PrivateKey priv = pair.getPrivate(); PublicKey pub = pair.getPublic();