基于国密(SM2,SM3,SM4)的数字信封加密加签实现

数字信封加密业务流程

SM2


import org.bouncycastle.asn1.gm.GMNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.engines.SM2Engine;
import org.bouncycastle.crypto.params.ECDomainParameters;
import org.bouncycastle.crypto.params.ECPrivateKeyParameters;
import org.bouncycastle.crypto.params.ECPublicKeyParameters;
import org.bouncycastle.crypto.params.ParametersWithRandom;
import org.bouncycastle.crypto.signers.SM2Signer;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey;
import org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.math.ec.ECPoint;
import org.bouncycastle.util.encoders.Hex;

import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.*;
import java.security.spec.ECGenParameterSpec;
import java.util.Base64;

 
public class SM2Utils {

    /**
     * 生成 SM2 公私钥对
     *
     * @return
     * @throws NoSuchAlgorithmException
     * @throws InvalidAlgorithmParameterException
     */
    public static KeyPair geneSM2KeyPair() throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
        final ECGenParameterSpec sm2Spec = new ECGenParameterSpec("sm2p256v1");
        // 获取一个椭圆曲线类型的密钥对生成器
        final KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", new BouncyCastleProvider());
        // 产生随机数
        SecureRandom secureRandom = new SecureRandom();
        // 使用SM2参数初始化生成器
        kpg.initialize(sm2Spec, secureRandom);
        // 获取密钥对
        KeyPair keyPair = kpg.generateKeyPair();
        return keyPair;
    }

    /**
     * 生产hex秘钥对
     */
    public static void geneSM2HexKeyPair(){
        try {
            KeyPair keyPair = geneSM2KeyPair();
            PrivateKey privateKey = keyPair.getPrivate();
            PublicKey publicKey = keyPair.getPublic();
            System.out.println("========  EC X Y keyPair    ========");
            System.out.println(privateKey.toString());
            System.out.println(publicKey.toString());
            System.out.println("========  hex keyPair       ========");
            System.out.println("hex priKey: " + getPriKeyHexString(privateKey));
            System.out.println("hex pubKey: " + getPubKeyHexString(publicKey));
            System.out.println("========  base64 keyPair    ========");
            System.out.println("base64 priKey: " + new String(Base64.getEncoder().encode(privateKey.getEncoded())));
            System.out.println("base64 pubKey: " + new String(Base64.getEncoder().encode(publicKey.getEncoded())));
            System.out.println("========  generate finished ========");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    /**
     * 获取私钥(16进制字符串,头部不带00长度共64)
     *
     * @param privateKey 私钥PrivateKey型
     * @return
     */
    public static String getPriKeyHexString(PrivateKey privateKey) {
        // OK
//	        BCECPrivateKey s=(BCECPrivateKey)privateKey;
//	        String priKeyHexString = Hex.toHexString(s.getD().toByteArray());
//	        if(null!= priKeyHexString && priKeyHexString.length()==66 && "00".equals(priKeyHexString.substring(0,2))){
//	            return priKeyHexString.substring(2);
//	        }
        // OK
        BCECPrivateKey key = (BCECPrivateKey) privateKey;
        BigInteger intPrivateKey = key.getD();
        String priKeyHexString = intPrivateKey.toString(16);
        return priKeyHexString;
    }
    /**
     * 获取私钥 base64字符串
     *
     * @param privateKey 私钥PrivateKey型
     * @return
     */
    public static String getPriKeyBase64String(PrivateKey privateKey) {
        return new String(Base64.getEncoder().encode(privateKey.getEncoded()));
    }

    /**
     * 获取公钥(16进制字符串,头部带04长度共130)
     *
     * @param publicKey 公钥PublicKey型
     * @return
     */
    public static String getPubKeyHexString(PublicKey publicKey) {
        BCECPublicKey key = (BCECPublicKey) publicKey;
        return Hex.toHexString(key.getQ().getEncoded(false));
    }
    /**
     * 获取公钥 base64字符串
     *
     * @param publicKey 公钥PublicKey型
     * @return
     */
    public static String getPubKeyBase64String(PublicKey publicKey) {
        return new String(Base64.getEncoder().encode(publicKey.getEncoded()));
    }

    /**
     * SM2加密算法
     *
     * @param publicKey 公钥
     * @param data      明文数据
     * @return
     */
    public static String encrypt(String data, PublicKey publicKey) {
        return encrypt(data.getBytes(StandardCharsets.UTF_8), publicKey);
    }

    /**
     * @param data
     * @param publicKey
     * @return
     * @author
     * @version 1.0
     * 2023年4月12日下午4:41:24
     */
    public static String encrypt(byte[] data, PublicKey publicKey) {
        BCECPublicKey key = (BCECPublicKey) publicKey;
        return encrypt(data, Hex.toHexString(key.getQ().getEncoded(false)));
    }

    /**
     * @param data
     * @param pubKeyHexString
     * @return
     * @author
     * @version 1.0
     * 2023年4月12日下午4:46:37
     */
    public static String encrypt(String data, String pubKeyHexString) {
        return encrypt(data.getBytes(StandardCharsets.UTF_8), pubKeyHexString);
    }

    /**
     * SM2加密算法
     *
     * @param pubKeyHexString 公钥(16进制字符串)
     * @param data            明文数据
     * @return hex字符串
     */
    public static String encrypt(byte[] data, String pubKeyHexString) {
        // 获取一条SM2曲线参数
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        // 构造ECC算法参数,曲线方程、椭圆曲线G点、大整数N
        ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
        //提取公钥点
        ECPoint pukPoint = sm2ECParameters.getCurve().decodePoint(Hex.decode(pubKeyHexString));
        // 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
        ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);

        SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
        // 设置sm2为加密模式
        sm2Engine.init(true, new ParametersWithRandom(publicKeyParameters, new SecureRandom()));

        byte[] arrayOfBytes = null;
        try {
            arrayOfBytes = sm2Engine.processBlock(data, 0, data.length);
        } catch (Exception e) {
            System.out.println("SM2加密时出现异常:" + e.getMessage());
        }
        String cipherData = Hex.toHexString(arrayOfBytes);
        return cipherData;
    }

    public static String encrypt2(String dataStr, String pubKeyHexString) {
        byte[] data = dataStr.getBytes(StandardCharsets.UTF_8);
        // 获取一条SM2曲线参数
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        // 构造ECC算法参数,曲线方程、椭圆曲线G点、大整数N
        ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
        //提取公钥点
        ECPoint pukPoint = sm2ECParameters.getCurve().decodePoint(Hex.decode(pubKeyHexString));
        // 公钥前面的02或者03表示是压缩公钥,04表示未压缩公钥, 04的时候,可以去掉前面的04
        ECPublicKeyParameters publicKeyParameters = new ECPublicKeyParameters(pukPoint, domainParameters);

        SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
        // 设置sm2为加密模式
        sm2Engine.init(true, new ParametersWithRandom(publicKeyParameters, new SecureRandom()));

        byte[] arrayOfBytes = null;
        try {
            arrayOfBytes = sm2Engine.processBlock(data, 0, data.length);
        } catch (Exception e) {
            System.out.println("SM2加密时出现异常:" + e.getMessage());
        }
        String cipherData = Hex.toHexString(arrayOfBytes);
        if (cipherData.startsWith("04")) {
            cipherData = cipherData.substring(2);
        }
        return cipherData;
    }

    /**
     * SM2解密算法
     * @param cipherData    hex格式密文
     * @param privateKey    密钥PrivateKey型
     * @return              明文
     */
    public static String decrypt(String cipherData, PrivateKey privateKey) {
        return decrypt(Hex.decode(cipherData), privateKey);
    }

    /**
     * @param cipherData
     * @param privateKey
     * @return
     * @author
     * @version 1.0
     * 2023年4月12日下午4:46:50
     */
    public static String decrypt(byte[] cipherData, PrivateKey privateKey) {
        BCECPrivateKey key = (BCECPrivateKey) privateKey;
        return decrypt(cipherData, Hex.toHexString(key.getD().toByteArray()));
    }

    /**
     * @param cipherData
     * @param priKeyHexString
     * @return
     * @author
     * @version 1.0
     * 2023年4月12日下午4:46:53
     */
    public static String decrypt(String cipherData, String priKeyHexString) {
        // 使用BC库加解密时密文以04开头,传入的密文前面没有04则补上
       // if (!cipherData.startsWith("04")) {
       //     cipherData = "04" + cipherData;
       // }
        // cipherData = "04" + cipherData;
        return decrypt(Hex.decode(cipherData), priKeyHexString);
    }

    /**
     * SM2解密算法
     *
     * @param cipherData      密文数据
     * @param priKeyHexString 私钥(16进制字符串)
     * @return
     */
    public static String decrypt(byte[] cipherData, String priKeyHexString) {
        //获取一条SM2曲线参数
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        //构造domain参数
        ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());

        BigInteger privateKeyD = new BigInteger(priKeyHexString, 16);
        ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(privateKeyD, domainParameters);

        SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
        // 设置sm2为解密模式
        sm2Engine.init(false, privateKeyParameters);

        String result = "";
        try {
            byte[] arrayOfBytes = sm2Engine.processBlock(cipherData, 0, cipherData.length);
            return new String(arrayOfBytes);
        } catch (Exception e) {
            System.out.println("SM2解密时出现异常:" + e.getMessage());
        }
        return result;
    }

    /**
     * SM2解密算法 - 解密前端传的密文
     * @param decryptData      密文数据
     * @param priKeyHexString 私钥(16进制字符串)
     * @return
     */
    public static String decrypt2(String decryptData, String priKeyHexString) {
        // 使用BC库加解密时密文以04开头,传入的密文前面没有04则补上
        if (!decryptData.startsWith("04")) {
            decryptData = "04" + decryptData;
        }
        byte[] cipherData = Hex.decode(decryptData);
        //获取一条SM2曲线参数
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        //构造domain参数
        ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());

        BigInteger privateKeyD = new BigInteger(priKeyHexString, 16);
        ECPrivateKeyParameters privateKeyParameters = new ECPrivateKeyParameters(privateKeyD, domainParameters);

        SM2Engine sm2Engine = new SM2Engine(SM2Engine.Mode.C1C3C2);
        // 设置sm2为解密模式
        sm2Engine.init(false, privateKeyParameters);

        String result = "";
        try {
            byte[] arrayOfBytes = sm2Engine.processBlock(cipherData, 0, cipherData.length);
            //processBlock得到Base64格式,记得解码,不然前端传过来的密文无法解密
            arrayOfBytes = Base64.getDecoder().decode(arrayOfBytes);
            return new String(arrayOfBytes);
        } catch (Exception e) {
            System.out.println("SM2解密时出现异常:" + e.getMessage());
        }
        return result;
    }

    /**
     * @param data
     * @param priKeyHexString hex私钥,长度64
     * @return hex格式签名值
     * @throws Exception
     */
    public static String sign(String data, String priKeyHexString) throws Exception {
        return sign(data.getBytes(StandardCharsets.UTF_8), priKeyHexString);
    }

    /**
     * 签名
     * @param data              原始数据,字节数组
     * @param priKeyHexString   hex私钥,64长度
     * @return                  Hex字符串
     * @throws Exception
     */
    public static String sign(byte[] data, String priKeyHexString) throws Exception {
        String signValue = null;
        SM2Signer signer = new SM2Signer();
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        //构造domain参数
        ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
        CipherParameters param = new ParametersWithRandom(new ECPrivateKeyParameters(new BigInteger(priKeyHexString, 16), domainParameters));
        signer.init(true, param);
        signer.update(data, 0, data.length);
        signValue = Hex.toHexString(signer.generateSignature());
        return signValue;
    }

    /**
     * 验签
     * @param data                  数据
     * @param signValue             签名值(hex型)
     * @param publicKeyHexString    hex130长度公钥
     * @return
     */
    public static boolean verify(String data, String signValue, String publicKeyHexString) throws Exception {
        return verify(data.getBytes(StandardCharsets.UTF_8), Hex.decode(signValue), publicKeyHexString);
    }

    /**
     * 验签
     * @param data                  原始数据字节数组
     * @param sign                  字节数组()
     * @param pKHexString    hex130长度公钥
     * @return                      true or false
     * @throws Exception
     */
    public static boolean verify(byte[] data, byte[] sign, String pKHexString) throws Exception {
        SM2Signer signer = new SM2Signer();
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        //构造domain参数
        ECDomainParameters domainParameters = new ECDomainParameters(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
        if (pKHexString.length() == 128) {
            pKHexString = "04" + pKHexString;
        }
        ECPoint ecPoint = sm2ECParameters.getCurve().decodePoint(Hex.decode(pKHexString));
        CipherParameters param = new ECPublicKeyParameters(ecPoint, domainParameters);
        signer.init(false, param);
        signer.update(data, 0, data.length);
        return signer.verifySignature(sign);
    }

    /**
     * 私钥生成公钥
     * @param priKeyHexString 私钥Hex格式,必须64位
     * @return 公钥Hex格式,04开头,130位
     * @throws Exception 例如:
     */
    public static String getPubKeyByPriKey(String priKeyHexString) throws Exception {
        if (priKeyHexString == null || priKeyHexString.length() != 64) {
            System.err.println("priKey 必须是Hex 64位格式,例如:11d0a44d47449d48d614f753ded6b06af76033b9c3a2af2b8b2239374ccbce3a");
            return "";
        }
        String pubKeyHexString = null;
        X9ECParameters sm2ECParameters = GMNamedCurves.getByName("sm2p256v1");
        //构造domain参数
        BigInteger privateKeyD = new BigInteger(priKeyHexString, 16);

        ECParameterSpec ecParameterSpec = new ECParameterSpec(sm2ECParameters.getCurve(), sm2ECParameters.getG(), sm2ECParameters.getN());
        ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(privateKeyD, ecParameterSpec);
        PrivateKey privateKey = null;
        privateKey = KeyFactory.getInstance("EC", new BouncyCastleProvider()).generatePrivate(ecPrivateKeySpec);

        // 临时解决办法
        String pointString = privateKey.toString();
//	        System.out.println(pointString);
        String pointString_X = pointString.substring(pointString.indexOf("X: ") + "X: ".length(), pointString.indexOf("Y: ")).trim();
        String pointString_Y = pointString.substring(pointString.indexOf("Y: ") + "Y: ".length()).trim();
//	        System.out.println(pointString_X);
//	        System.out.println(pointString_Y);

        pubKeyHexString = "04" + pointString_X + pointString_Y;
        return pubKeyHexString;

    }


    public static void main(String[] args) throws Exception {
       geneSM2HexKeyPair();

        // String hexpriKey = "ec0ebed3a633dd0c72d139b319205c412e6800cd2e68a537e9b275c6557671f1";
        // String hexpubKey = "04bc8503945bd80ac2fb9a1abf1bd3e0489bc0d37b9b102ba3244f2b5233b7458039060c05efc9467beb72c27b617a5c4c1463269bfea5af3a85dd242dbeb67955";

        // String data = "59817a86a44ab6ae820928b91799cf3f356be32047e6265309d6f1082ffe529e2b45a1ff1503791201104983d8fa92038dc28ce9fb42ff3f3fa8b6fe2dafd361fc4bc3b5c2068b88ab491fbd6e886afdd5dc80cc316852d31f6b6735f20674e65c7ea2dc7285dc13ad842e3517487eb94b0c30ce68e919436b9c74ce62d833e88a4bc0b37037c2f1ad3c5909071af933a74e43597fd89d0bb2dc14e73f577c3573abe0cd9b4a8f27f92a15dd9781a41fa83056ddc19549119ed10ab0b3f78770";
        // String decryptData = decrypt(data, hexpriKey);
        // System.out.println("明文:" + decryptData);



    }
}

SM3

# 基于hutool工具
SmUtil.sm3
<dependency>
    <groupId>cn.hutool</groupId>
    <artifactId>hutool-crypto</artifactId>
</dependency>
<dependency>
    <groupId>org.bouncycastle</groupId>
    <artifactId>bcpkix-jdk18on</artifactId>
    <version>1.78.1</version>
</dependency>

SM4

package com.withdrawal.utils.smUtil.sm4;


import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Hex;

import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.security.Security;

public class sm4CbcUtilWithIv {

    static {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static byte[] encryptCbcPadding(byte[] key, byte[] iv, byte[] data) throws Exception {
        Cipher cipher = Cipher.getInstance("SM4/CBC/PKCS5Padding", "BC");
        SecretKeySpec keySpec = new SecretKeySpec(key, "SM4");
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);
        return cipher.doFinal(data);
    }

    public static byte[] decryptCbcPadding(byte[] key, byte[] iv, byte[] encryptedData) throws Exception {
        Cipher cipher = Cipher.getInstance("SM4/CBC/PKCS5Padding", "BC");
        SecretKeySpec keySpec = new SecretKeySpec(key, "SM4");
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
        return cipher.doFinal(encryptedData);
    }

    public static void main(String[] args) throws Exception {
        // SM4密钥
        // 16位字符密钥
        String keyString = "OFY2GP60WK9EHIVX";
        // 将16位字符转换为字节数组
        byte[] key = keyString.getBytes("UTF-8");
        // byte[] key = Hex.decode("0123456789ABCDEFFEDCBA9876543210");
        // 初始化向量
        // byte[] iv = Hex.decode("00000000000000000000000000000000");
        // 16位字符密钥
        String ivString = "HTPJXVE5MSFQYAOL";
        // 将16位字符转换为字节数组
        byte[] iv = ivString.getBytes("UTF-8");
        // 需要加密的数据
        String plainText = "161213";
        byte[] data = plainText.getBytes("UTF-8");

        // 加密
        byte[] encryptedData = encryptCbcPadding(key, iv, data);
        // 输出加密后的数据
        System.out.println("Encrypted data: " + Hex.toHexString(encryptedData));

        // 解密
        String desStr = new String (decryptCbcPadding(key, iv, encryptedData), "UTF-8");
        System.out.println("Decrypted data: " + desStr);
    }

}

工具类 SignUtil

package com.withdrawal.utils.smUtil;


import cn.hutool.crypto.SmUtil;
import com.withdrawal.utils.smUtil.sm2.SM2Utils;
import org.bouncycastle.util.encoders.Hex;

import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Base64;
import java.util.UUID;

import static com.withdrawal.utils.smUtil.sm2.SM2Utils.*;
import static com.withdrawal.utils.smUtil.sm4.sm4CbcUtilWithIv.decryptCbcPadding;
import static com.withdrawal.utils.smUtil.sm4.sm4CbcUtilWithIv.encryptCbcPadding;

/**
 * @desc 基于sm国密工具类实现数字信封
 * @author  
 * @date 2024/10/22
 * */
public class SmSignUtil {


    /**
     * @desc 生成服务端的sm2密钥对
     * */
    public static void initServer() throws Exception{
        KeyPair keyPair = geneSM2KeyPair();
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        System.out.println("========  hex keyPair       ========");
        System.out.println("server hex priKey: " + getPriKeyHexString(privateKey));
        System.out.println("server hex pubKey: " + getPubKeyHexString(publicKey));
    }

    /**
     * @desc 生成客户端的sm2密钥对
     * */
    public static void initClient() throws Exception{
        KeyPair keyPair = geneSM2KeyPair();
        PrivateKey privateKey = keyPair.getPrivate();
        PublicKey publicKey = keyPair.getPublic();
        System.out.println("========  hex keyPair       ========");
        System.out.println("client hex priKey: " + getPriKeyHexString(privateKey));
        System.out.println("client hex pubKey: " + getPubKeyHexString(publicKey));
    }

    /**
     * @desc 生成服务端的sm4-iv
     * */
    public static void initSm4Iv(){
        String sm4Iv =  UUID.randomUUID().toString().replaceAll("-","").substring(0,16).toUpperCase();
        System.out.println("========  sm4-Iv       ========");
        System.out.println("sm4Iv:"+sm4Iv);
    }

    /**
     * @desc 生成服务端的sm4-iv
     * */
    public static void initSm3Key(){
        String sm3Key =  UUID.randomUUID().toString().replaceAll("-","").substring(0,32).toUpperCase();
        System.out.println("========  sm3-Key      ========");
        System.out.println("sm3Key:"+sm3Key);
    }

    /**
     * @desc 加密原始数据,获取sm4加密后字符串
     * @author  
     * @date 2024/10/22
     * @param params 原始数据
     * @param sm4Iv sm4的IV偏移向量
     * @param sm4Key sm4的密钥
     * @return ciphertext 加密密文
     * */
    public static String ciphertext(
            String params,
            String sm4Key,
            String sm4Iv
    ) throws Exception {

        // sm4配置
        byte[] key = sm4Key.getBytes(StandardCharsets.UTF_8);
        byte[] iv = sm4Iv.getBytes(StandardCharsets.UTF_8);

        // 待加密数据
        byte[] data = params.getBytes(StandardCharsets.UTF_8);

        // 加密数据
        return Hex.toHexString(encryptCbcPadding(key, iv, data));
    }

    /**
     * @desc 通过sm3加密`ciphertext`得到摘要签名
     * @remark sm4的密钥,在数字信封是动态变化,通过sm2解密后获取,每次传递的sm4的密钥随机。
     * @author  
     * @date 2024/10/22
     * @param ciphertext 通过sm4加密后的数据
     * @param sm3Key sm4的密钥
     * */
    public static String digest(
            String ciphertext,
            String sm3Key
    ){
        // 生成基于sm3的摘要签名
        return SmUtil.sm3( new String (ciphertext.getBytes(StandardCharsets.UTF_8),StandardCharsets.UTF_8) + sm3Key);
    }

    /**
     * @desc 通过sm2加密sm4密钥,生成加密密文
     * @remark sm4的密钥,在数字信封是动态变化,通过sm2解密后获取,每次传递的sm4的密钥随机。
     * @author  
     * @date 2024/10/22
     * @param pubKeyHexString sm2的公钥
     * @param sm4Key sm4的密钥
     * */
    public static String encryption_SM4Key(
            String sm4Key,
            String pubKeyHexString
    ) throws Exception {
        return  SM2Utils.encrypt(sm4Key, pubKeyHexString);
    }

    /**
     * @desc 通过sm2加密sm4密钥,生成sign签名
     * @remark sm4的密钥,在数字信封是动态变化,通过sm2解密后获取,每次传递的sm4的密钥随机。
     * @author  
     * @date 2024/10/22
     * @param priKeyHexString sm2的公钥
     * @param digest sm3摘要
     * */
    public static String sign(
            String digest,
            String priKeyHexString
    ) throws Exception {
        return  SM2Utils.sign(digest, priKeyHexString);
    }


    /**
     * @desc 验签
     * @param data                  数据
     * @param signValue             签名值(hex型)
     * @param publicKeyHexString    hex130长度公钥
     */
    public static boolean verify(
            String data,
            String signValue,
            String publicKeyHexString
    ) throws Exception {
       return SM2Utils.verify(data,signValue,publicKeyHexString);
    }

    /**
     * @desc 通过sm2解密sm4密钥,获取sm4密钥,用于解密数据
     * @author  
     * @date 2024/10/22
     * @param cipherData 加密密文
     * @param priKeyHexString sm2的私钥
     * */
    public static String decryption_SM4Key(
            String cipherData,
            String priKeyHexString
    ){
        return SM2Utils.decrypt(
                cipherData,
                priKeyHexString
        );
    }


    /**
     * @desc 通过sm4解密加密数据
     * @remark sm4Key密钥是通过sm2解密获取的,动态变化的sm4key密钥。
     * @author  
     * @date 2024/10/22
     * */
    public static String getParams(
            String ciphertext,
            String sm4Key,
            String sm4Iv
    ) throws Exception {
        // sm4配置
        byte[] key = sm4Key.getBytes(StandardCharsets.UTF_8);
        byte[] iv = sm4Iv.getBytes(StandardCharsets.UTF_8);

        // 待加密数据
        byte[] data = Hex.decode(ciphertext);

        // 已解密数据
        return new String(decryptCbcPadding(key, iv, data),StandardCharsets.UTF_8);
    }


    public static void main(String[] args) throws Exception {

        /*生成密钥文件*/
        // initServer();
        // initClient();
        // initSm4Iv();
        // initSm3Key();

        // ----------------------------------------------------------------------------------

        // 客户端向服务端请求
        String  server_hex_priKey = "e65601c82fecf1d8063f77be8024a4b1f8744164e0b3d17d7e1dbdc81a59ef60";
        String  server_hex_pubKey = "04eacb92a58039dd2d65385559d720cd8d20791f8f729ae6e5157d172b4c3becafe83e1a0ed28e05963f6ea4702dc047ceb9e1b0e48f6f0b39006692e8177488a5";
        // 服务端向客户端响应
        String  client_hex_priKey = "cfb3c8655fbe7d01983ab3a91929006d8adc6c5104e87ba1c8391850fcf5c318";
        String  client_hex_pubKey = "0455f42c49e96594e03f0b5779560e953bb956962ab57e072f65bc02eebc44d385214d2b7c2f9a02466fa54d8d0a36d90c463e55a3e0b5669108c8aaaec562ff91";
        String  sm4Iv = "A8F602FDE7654BD0";
        String sm3Key = "EDCA0B82870C4F69A17FC83722899F14";

        // 原始数据
        String params = "Hello World !";
        System.out.println("params:"+params);

        // 随机
        String sm4Key = UUID.randomUUID().toString().replaceAll("-","").substring(0,16).toUpperCase();
        System.out.println("sm4Key:"+sm4Key);

        // 加密密文
        String ciphertext = ciphertext(params,sm4Key,sm4Iv);
        System.out.println("ciphertext:"+ciphertext);

        // 通过sm3对加密密文进行获取摘要签名
        String digest = digest(ciphertext,sm3Key);
        System.out.println("digest:"+digest);

        // 对通过sm3摘要密文(sm4密钥)digest进行sm2签名(客户端的私钥)
        String sign = sign(digest,client_hex_priKey);
        System.out.println("sign:"+sign);

        // 对sm4密钥进行sm2加密(服务端的公钥)
        String encryption_SM4Key =  encryption_SM4Key(sm4Key,server_hex_pubKey);
        System.out.println("encryption_SM4Key:"+encryption_SM4Key);

        System.out.println("------------------------------------------------------------------------------");

        // 验证签名(客户端的公钥)
        boolean verify = verify(digest,sign,client_hex_pubKey);
        System.out.println("verify:"+verify);

        // 解密sm4密钥(服务端的私钥)
        String decryption_SM4Key = decryption_SM4Key(encryption_SM4Key,server_hex_priKey);
        System.out.println("decryption_SM4Key:"+decryption_SM4Key);


        // 解密原始数据
        String getParams = getParams(
                ciphertext,
                decryption_SM4Key,
                sm4Iv
        );
        System.out.println("getParams:"+getParams);



    }

}

yml中的sm国密配置

# 接口加密配置
encry:
  ## 国密加密配置
  ## sm2 非对称加密
  sm2:
    # 服务端
    server:
      # 用途:客户端,公钥加密
      hex_publicKey: 
      # 用途:服务端,私钥解密
      hex_privateKey: 
    # 客户端
    client:
      # 用途:服务器,签名验证
      hex_publicKey: 
      # 用途:客户端,私钥签名
      hex_privateKey: 
  ## sm3 生成摘要,类似于md5(32位)> 用于拼接待生成摘要的字符串后,提高安全性。
  sm3:
    key: EDCA0B82870C4F69A17FC83722899F14
  ## sm4 对称加密
  sm4:
    iv: A8F602FDE7654BD0