碼上快樂

相關內容    簡體    繁體

Java 密鑰庫 證書 公鑰 私鑰

本文轉載自   查看原文   2021-01-25 16:09   510    java/ keystore

Java 密鑰庫 證書 公鑰 私鑰

1.密鑰庫

密鑰庫keystore是存儲一個或多個密鑰條目的文件,每個密鑰條目以一個別名標識,它包含密鑰和證書相關信息。可以使用java自帶工具keytool生成,也可以通過程序編碼實現。

  • 密鑰庫文件格式(實際上,擴展名並不重要),比較常用的是jks和pkcs12。
格式 擴展名 描述 特點
JKS .jks/.ks 密鑰庫的Java實現版本,provider為SUN 密鑰庫和私鑰用不同的密碼進行保護
JCEKS .jce 密鑰庫的JCE實現版本,provider為SUN JCE 相對於JKS安全級別更高,保護Keystore私鑰時采用3DES
PKCS12 .p12/.pfx 個人信息交換語法標准 包含私鑰、公鑰及其證書,密鑰庫和私鑰用相同密碼進行保護
BKS .bks 密鑰庫的BC實現版本,provider為BC 基於JCE實現

2.使用Java的keytool工具生成密鑰庫

keytool -genkeypair -alias fire -storetype PKCS12  -keyalg RSA -keystore fire.pkcs12 -storepass 13987664391 -validity 3650 -keysize 2048
您的名字與姓氏是什么?
  [Unknown]:  xu.dm
您的組織單位名稱是什么?
  [Unknown]:  com.home
您的組織名稱是什么?
  [Unknown]:  home
您所在的城市或區域名稱是什么?
  [Unknown]:  km
您所在的省/市/自治區名稱是什么?
  [Unknown]:  yn
該單位的雙字母國家/地區代碼是什么?
  [Unknown]:  cn
CN=xu.dm, OU=com.home, O=home, L=km, ST=yn, C=cn是否正確?
  [否]:  y

3.查看密鑰庫keystore證書BASE64信息

keytool -list -rfc -keystore fire.pkcs12 -storepass 13987664391

密鑰庫類型: PKCS12
密鑰庫提供方: SUN

您的密鑰庫包含 1 個條目

別名: fire
創建日期: 2021-1-25
條目類型: PrivateKeyEntry
證書鏈長度: 1
證書[1]:
-----BEGIN CERTIFICATE-----
MIIDUTCCAjmgAwIBAgIEKcHXqjANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJj
bjELMAkGA1UECBMCeW4xCzAJBgNVBAcTAmttMQ0wCwYDVQQKEwRob21lMREwDwYD
VQQLEwhjb20uaG9tZTEOMAwGA1UEAxMFeHUuZG0wHhcNMjEwMTI1MDM0MDM1WhcN
MzEwMTIzMDM0MDM1WjBZMQswCQYDVQQGEwJjbjELMAkGA1UECBMCeW4xCzAJBgNV
BAcTAmttMQ0wCwYDVQQKEwRob21lMREwDwYDVQQLEwhjb20uaG9tZTEOMAwGA1UE
AxMFeHUuZG0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSPMos3BDL
SPHyS7dg+X6G1ce2vcEvXCbeGaptl7qs7kE78iHjXJd6lGLPwAn0iwNz+mEyqC94
jHFORypFlVHHExKvCe71u1TAxcEFc3ngGyJCxzPw2+1ET7EW0nQYlqM0ZKgqL+Tr
qCuYs+mJWmdqg4S+hXLi3f8heLTIA5+QAxucWwtVJyH0SF+5A+qWlF/Tk90+b8E5
Iv1d0bNZV7phwztgvJA7YlYrlo/lRUw4DQh+bqNmxjGApCN7rMVmICliYJJsLJZh
hIY98cscZ0A2buMXZIHkIWs9ThpJNpU4RQa6dZx17VaDiVfNa49r8Aj1RTApMz3/
WsiSuaKpkgHhAgMBAAGjITAfMB0GA1UdDgQWBBQdi78WTJWP9dYCc08GSHfdUPLD
xDANBgkqhkiG9w0BAQsFAAOCAQEAItCX9SN7/2rkvPoP51I9sap+TjjIwEQU6oEy
2B6toOCBx3akN0Kme5enLkmp2hU33R+FJhjUgXUrePlLz+yW/frE1Wi0YI+KdWZr
Fs0g7He0eRCZDMjkfnY6Pb2WHIaRJFNWwQ9Wf+7dOE9GfsgS3uVQjtpvfOAmjXlt
IerB4xbGydPsI4JnjXvyN4T6+18VT4PLnoosdSZ0bta0ZXIy3kN5GNlr9Y+Hp42c
Slenle06FQSczfb+1C/87rST20VCy0YmPq4SDdQSsiCZWAj4dWI7mJYkXnhH6AAm
QeXmUIZVmpRkPEvXIBLL3qZt7jv3Xlv65VfDsJmtNMRfC7KhbQ==
-----END CERTIFICATE-----


*******************************************
*******************************************

4.使用java代碼生成密鑰庫

    public static void createKeyStoreFile() throws Exception {
        String filePath = "e:/myProgram/key/home.keystore";
        final int keySize = 2048;
        final String commonName = "xu.dm";
        final String organizationalUnit = "com.home";
        final String organization = "home";
        final String city = "km";
        final String state = "yn";
        final String country = "cn";
        final long validity = 3650; // 10 years
        final String alias = "home";
        final String keyPassword = "13987664391";
        // keytool工具
        CertAndKeyGen keyGen = new CertAndKeyGen("RSA", "SHA1WithRSA");
        // 通用信息
        X500Name x500Name = new X500Name(commonName, organizationalUnit, organization, city, state, country);
        // 根據密鑰長度生成公鑰和私鑰
        keyGen.generate(keySize);

        PrivateKey privateKey = keyGen.getPrivateKey();

        // 證書
        X509Certificate certificate = keyGen.getSelfCertificate(x500Name, new Date(), (long) validity * 24 * 60 * 60);


        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null,null);
        keyStore.setKeyEntry(alias,privateKey,keyPassword.toCharArray(),new Certificate[]{certificate});

        FileOutputStream outputStream = new FileOutputStream(filePath);
        keyStore.store(outputStream,keyPassword.toCharArray());

        outputStream.close();
        System.out.println("keyStore file created ...");
    }

5.從密鑰庫keystore里提取私鑰和證書

    public static PrivateKey getPrivateKey() throws Exception {
        String storepass = "13987664391";
        String keyAlias = "honor";
        BASE64Encoder base64Encoder = new BASE64Encoder();
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(KeyTools.class.getResourceAsStream("/key/home.pkcs12"), storepass.toCharArray());
        PrivateKey key = (PrivateKey) keystore.getKey(keyAlias, storepass.toCharArray());
        System.out.println(key.toString());
        String privateKeyStr = base64Encoder.encode(key.getEncoded());
        System.out.println();
        System.out.println("-----BEGIN PRIVATE KEY-----");
        System.out.println(privateKeyStr);
        System.out.println("-----END PRIVATE KEY-----");

        Certificate certificate = keystore.getCertificate(keyAlias);
        PublicKey publicKey = certificate.getPublicKey();
        System.out.println(publicKey);

        // 打印certificate的base64編碼
        String certificateString = base64Encoder.encode(certificate.getEncoded());
        System.out.println();
        System.out.println("-----BEGIN CERTIFICATE-----");
        System.out.println(certificateString);
        System.out.println("-----END CERTIFICATE-----");

        return key;
    }

6.從證書中提取公鑰BASE64編碼字符串

    /**
     * 從CERTIFICATE文本中提取public key字符串
     * CERTIFICATE本質是文本以"-----BEGIN CERTIFICATE-----"
     * 並以"-----END CERTIFICATE-----"結束
     */
    public static String getPublicKeyFromCertificate() throws CertificateException {
        InputStream inputStream = KeyTools.class.getResourceAsStream("/key/home.PKCS12.cer");
        CertificateFactory ft = CertificateFactory.getInstance("X.509");
        X509Certificate certificate = (X509Certificate) ft.generateCertificate(inputStream);
        PublicKey publicKey = certificate.getPublicKey();
        BASE64Encoder b64 = new BASE64Encoder();
        String result = b64.encode(publicKey.getEncoded());
        System.out.println("-----BEGIN PUBLIC KEY-----");
        System.out.println(result);
        System.out.println("-----END PUBLIC KEY-----");
        return result;
    }

7.從公鑰BASE64字符串生成PublicKey對象

    /**
     * 從public key字符串中創建PublicKey對象
     *
     * @param signingKey 不包括"-----BEGIN PUBLIC KEY-----"和"-----END PUBLIC KEY-----"
     */
    public static PublicKey getRsaPublicKey(String signingKey) {
        try {
            X509EncodedKeySpec keySpec = new X509EncodedKeySpec(new BASE64Decoder().decodeBuffer(signingKey));
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            PublicKey publicKey = keyFactory.generatePublic(keySpec);
            return publicKey;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

8.從密鑰庫keystore中提取密鑰對,密鑰對可以提取公鑰和私鑰對象

    /**
     * 根據Keystore生成密鑰對
     */
    public static KeyPair getKeyPair() throws Exception {
        String storepass = "13987664391";
        String keyAlias = "honor";
        KeyStore keystore = KeyStore.getInstance("PKCS12");
        keystore.load(KeyTools.class.getResourceAsStream("/key/home.pkcs12"), storepass.toCharArray());

        RSAPrivateCrtKey key = (RSAPrivateCrtKey) keystore.getKey(keyAlias, storepass.toCharArray());
        RSAPublicKeySpec spec = new RSAPublicKeySpec(key.getModulus(), key.getPublicExponent());
        PublicKey publicKey = KeyFactory.getInstance("RSA").generatePublic(spec);
        return new KeyPair(publicKey, key);
    }


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 密鑰,私鑰,公鑰的區分 圖解公鑰、私鑰、證書 Https 公鑰、私鑰、證書 公鑰、私鑰、簽名、證書 公鑰、私鑰和證書 java#keytool#生成私鑰證書庫、公鑰證書庫 PHP通過OpenSSL生成證書、密鑰並且加密解密數據,以及公鑰,私鑰和數字簽名的理解 PHP通過OpenSSL生成證書、密鑰並且加密解密數據,以及公鑰,私鑰和數字簽名的理解 快速了解公鑰、私鑰與證書 數字證書-公鑰、私鑰
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM