使用KeyStore -Java存储自己制作的密钥
[英]Store own made key using KeyStore -Java
问题描述
I have a simple RSA algorithm based on the basic technique of Clifford Cocks. 
我有一个基于Clifford Cocks基本技术的简单RSA算法。 I have it all working but I need to store my private and public key in the KeyStore so that a Server and a Client can share files using the keys. 我已经完成所有工作,但是我需要将私钥和公用密钥存储在KeyStore中,以便服务器和客户端可以使用密钥共享文件。
I did some research and I found out about the command 'keytool' but it creates the key for you using either RSA or DES, and I do not know how to use it to store my own keys. 我做了一些研究,发现了有关“ keytool”命令的信息,但是它使用RSA或DES为您创建了密钥,而且我不知道如何使用它来存储自己的密钥。 Is there any way to solver this? 有什么办法解决这个问题吗?
Or how can this problem be solved using the KeyStore class? 或者如何使用KeyStore类解决此问题?
Thanks. 谢谢。
PD: The keys are stored in BigIntegers right now. PD:密钥现在存储在BigIntegers中。 But I dont think that matters. 但是我不认为这很重要。
2 个解决方案
解决方案1
1 2014-04-09 07:35:57
It sounds like you've developed your own RSA algorithm implementation and have your own private and public key classes. 听起来您已经开发了自己的RSA算法实现,并且拥有自己的私有和公共密钥类。 I'm going to assume this is for educational purposes and avoid a rant about using existing implementations. 我将假设这是出于教育目的,并且避免使用现有的实现方式。
However, to use an existing KeyStore provider, you would need to convert your keys into the format required by that provider for storage. 但是,要使用现有的KeyStore提供程序,您需要将密钥转换为该提供程序要求的存储格式。 Once you retrieve the keys back from the key store, you'd need to perform the reverse conversion back into your own private/public key classes. 从密钥存储中检索回密钥后,您需要执行反向转换回您自己的私有/公共密钥类。
To me, that seems like an awful lot of effort to get the minimal benefits of shoving the keys into a KeyStore object. 在我看来,要获得将密钥推入KeyStore对象的最小好处,这似乎是一项巨大的工作。 I would suggest you consider making your own simple storage scheme using serialized data. 我建议您考虑使用序列化数据制作自己的简单存储方案。
解决方案2
1 2014-04-13 01:21:47
According to this article the public and private key are not that different from "normal" RSA keys. 根据本文 ,公共和私有密钥与“普通” RSA密钥没有什么不同。 So you can use the same RSAPublicKey and RSAPrivateCrtKey as containers. 所以,你可以使用相同的RSAPublicKey和RSAPrivateCrtKey作为容器。 The problem is that the KeyStore implementations are very limited (pkcs#12, jks, jceks) - they cannot be used to store a single private key. 问题在于KeyStore实现非常有限(pkcs#12,jks,jceks)-它们不能用于存储单个私钥。 You would need to create a certificate chain for the public key. 您将需要为公共密钥创建证书链。 This could be a self signed certificate, but it is quite a hassle just to store a key. 这可能是一个自签名证书,但是仅存储密钥是很麻烦的。
You could also create your own KeyStore implementation but that seems to be a huge load of work. 您也可以创建自己的KeyStore实现,但这似乎是一项繁重的工作。 Implementing KeyStoreSpi in your own provider is slightly less complicated, but it requires your provider to be signed with a private key and a certificate signed by Oracle. 在您自己的提供程序中实现KeyStoreSpi稍微复杂些,但是它要求您的提供程序使用私钥和Oracle签名的证书进行签名。
Basically I would go with the self signed certificate trick explained above or with the serialization scheme proposed by Duncan. 基本上,我会使用上面解释的自签名证书技巧或Duncan提出的序列化方案。
For non believers: 对于非信徒:
Exception in thread "main" java.lang.IllegalArgumentException: invalid zero-length input chain
at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:393)
and 和
Exception in thread "main" java.lang.NullPointerException: invalid null input
at java.security.KeyStore$PrivateKeyEntry.<init>(KeyStore.java:390)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.