[英]Importing PEM encrypted key pair in java using bouncycastle
I'm writing a program that uses RSA for various tasks.我正在编写一个使用 RSA 执行各种任务的程序。
I know how to generate and write the key pair to file, but I cannot load the encrypted (AES-256-CFB) key pair to a KeyPair object.我知道如何生成密钥对并将其写入文件,但我无法将加密的 (AES-256-CFB) 密钥对加载到 KeyPair 对象。
So the question is: how do I load/decrypt an encrypted PEM key pair as a java.security.KeyPair object using the BouncyCastle library?所以问题是:如何使用 BouncyCastle 库将加密的 PEM 密钥对加载/解密为 java.security.KeyPair 对象?
Thanks.谢谢。
Generation/export code:生成/导出代码:
public void generateKeyPair(int keysize, File publicKeyFile, File privateKeyFile, String passphrase) throws FileNotFoundException, IOException, NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
SecureRandom random = new SecureRandom();
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA", "BC");
generator.initialize(keysize, random);
KeyPair pair = generator.generateKeyPair();
Key pubKey = pair.getPublic();
PEMWriter pubWriter = new PEMWriter(new FileWriter(publicKeyFile));
pubWriter.writeObject(pubKey);
pubWriter.close();
PEMWriter privWriter = new PEMWriter(new FileWriter(privateKeyFile));
if (passphrase == null) {
privWriter.writeObject(pair);
} else {
PEMEncryptor penc = (new JcePEMEncryptorBuilder("AES-256-CFB"))
.build(passphrase.toCharArray());
privWriter.writeObject(pair, penc);
}
privWriter.close();
}
I am assuming that you have set BouncyCastle as the security provider, for example with:我假设您已将 BouncyCastle 设置为安全提供者,例如:
Security.addProvider(new BouncyCastleProvider());
The code you provided creates two key files, one for the private key and one for the public key.您提供的代码创建了两个密钥文件,一个用于私钥,一个用于公钥。 However, the public key is implicitly contained in the private key, so we only have to read the private key file to reconstruct the key pair.
但是,公钥隐含在私钥中,因此我们只需读取私钥文件即可重构密钥对。
The main steps then are:然后主要步骤是:
Creating a PEMParser
to read from the key file.创建一个
PEMParser
以从密钥文件中读取。
Create a JcePEMDecryptorProvider
with the passphrase required to decrypt the key.使用解密密钥所需的密码创建一个
JcePEMDecryptorProvider
。
Create a JcaPEMKeyConverter
to convert the decrypted key to a KeyPair
.创建
JcaPEMKeyConverter
以将解密的密钥转换为KeyPair
。
KeyPair loadEncryptedKeyPair(File privateKeyFile, String passphrase)
throws FileNotFoundException, IOException {
FileReader reader = new FileReader(privateKeyFile);
PEMParser parser = new PEMParser(reader);
Object o = parser.readObject();
if (o == null) {
throw new IllegalArgumentException(
"Failed to read PEM object from file!");
}
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
if (o instanceof PEMKeyPair) {
PEMKeyPair keyPair = (PEMKeyPair)o;
return converter.getKeyPair(keyPair);
}
if (o instanceof PEMEncryptedKeyPair) {
PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair)o;
PEMDecryptorProvider decryptor =
new JcePEMDecryptorProviderBuilder().build(passphrase.toCharArray());
return converter.getKeyPair(encryptedKeyPair.decryptKeyPair(decryptor));
}
throw new IllegalArgumentException("Invalid object type: " + o.getClass());
}
Example usage:用法示例:
File privKeyFile = new File("priv.pem");
String passphrase = "abc";
try {
KeyPair keyPair = loadEncryptedKeyPair(privKeyFile, passphrase);
} catch (IOException ex) {
System.err.println(ex);
}
Reference: BouncyCastle unit test for key parsing ( link ).参考:用于密钥解析的 BouncyCastle 单元测试( 链接)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.