堆栈内存溢出
  简体   繁体   English

如何从 pem 文件加载公共证书?

[英]How to load public certificate from pem file?

 原文  2014-06-10 09:28:02       java/ ssl/ cryptography/ bouncycastle/ public-key

问题描述

I was trying to extract RES public key from the file below我试图从下面的文件中提取 RES 公钥

-----BEGIN CERTIFICATE-----
MIIGwTCCBamgAwIBAgIQDlV4zznmQiVeF45Ipc0k7DANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTEyMTAzMDAwMDAwMFoXDTE1MTEwNDEyMDAwMFowgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEQMA4GA1UEBxMHSG91c3RvbjEpMCcGA1UEChMgVmFsZXJ1cyBDb21wcmVzc2lvbiBTZXJ2aWNlcywgTFAxCzAJBgNVBAsTAklUMRkwFwYDVQQDDBAqLnZhbGVydXMtY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GR2NKV9GwVHBtpvgBUdVVbd6qeh6aKOS/r5TIKFd3vFBGjC7cWYwF26F0YFvrAP262Yu+oDRTeuSKwyHmegD7aTSOyCTOva69WcnKYRmNfHsnnGRa5z4v9EKc1RbNcwIrDUz8zcdHdP6AO8JJgLreWyBl15WXdxAr3yNbwoyJTbWk2ToC64LASP+8SQQTRszg762FIbhZ8xda8KKGAyC29/FOcLIttoBANT4hEwvcRLKOxAA8tg322Dla1XU2gnxWP2dSuLEflGRcEovPjGqxCzuGe0aN8Lg7aKwgCR1OYXmGiKCNHupHkN7A+QrD8zrxKUFd1UiyLcIovYhadcdQIDAQABo4IDTDCCA0gwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFKKX1d9m6kHUjxQ1OpzXgNRbNGR4MCsGA1UdEQQkMCKCECoudmFsZXJ1cy1jby5jb22CDnZhbGVydXMtY28uY29tMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATBhBgNVHR8EWjBYMCqgKKAmhiRodHRwOi8vY3JsMy5kaWdpY2VydC5jb20vY2EzLWcxNi5jcmwwKqAooCaGJGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9jYTMtZzE2LmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAEBMIIBpDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1yZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMAZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjB7BggrBgEFBQcBAQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggrBgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGlnaEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBALdCoLlXX4Sg8pKcqlT8l1MHbS2rsnw03R8lVQBQqcJimE9VZqDdoLfEPASIEMQbl40T6RHb4tFuZNjP2y4Fy3jMAYf1yajZAtAd5OLOMU39cgZQY2J8QCeEVKt8qbH6P32/2yyuh4hcNL4Vz8G0MTzwVUjz8WVmUBHAQSpS0T9oDKkwvmrkPGJFVuBxCRDKYb/23O8EKKzSTiO37VbCaeFUrTuWc8tGP8XDqRdj2yefiVqcNp4xr2tq9ZhJcISWODqO4fzt6vPOwgdnY3fbPLeH2tZoZTSCPURAadoNOAIC6fCLFlHjLuRGkxWIHMX3QnrrVD8pC7FnDO09q/aADew=
-----END CERTIFICATE-----

Here is the code i did..这是我做的代码..

public static PublicKey loadPublicKeyFromFile(File publicKeyFile) throws Exception {

    FileReader file = new FileReader(publicKeyFile);
    PemReader reader = new PemReader(file);
    X509EncodedKeySpec caKeySpec = new X509EncodedKeySpec(reader.readPemObject().getContent());
    KeyFactory kf = KeyFactory.getInstance("RSA");
    PublicKey caKey = kf.generatePublic(caKeySpec);
    return caKey;
}

But It throws out但它抛出

java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID java.security.InvalidKeyException: IOException: ObjectIdentifier() -- 数据不是对象 ID

What's the appropriate way to extract RES Public key from a file..从文件中提取 RES 公钥的合适方法是什么..

2 个解决方案

解决方案1
 104 已采纳  2014-06-10 11:14:53

An X.509 certificate and an X509EncodedKeySpec are quite different structures, and trying to parse a cert as a key won't work. X.509 证书和 X509EncodedKeySpec 是完全不同的结构,尝试将证书解析为密钥是行不通的。 Java's X509EncodedKeySpec is actually SubjectPublicKeyInfo from X.509 or equivalent and more convenient PKIX also linked from Key , which is only a small part of a certificate. Java 的X509EncodedKeySpec实际上是来自 X.509 的X509EncodedKeySpec或更方便的PKIX也从Key链接,它只是证书的一小部分。

What you need to do is read and parse the cert and then extract the pubkey from the cert.您需要做的是读取并解析证书,然后从证书中提取公钥。 Standard SunJCE CertificateFactory can do it (and can read either PEM or DER to boot) like this:标准 SunJCE CertificateFactory可以这样做(并且可以读取 PEM 或 DER 来启动),如下所示:

CertificateFactory fact = CertificateFactory.getInstance("X.509");
FileInputStream is = new FileInputStream (args[0]);
X509Certificate cer = (X509Certificate) fact.generateCertificate(is);
PublicKey key = cer.getPublicKey();
is.close();
// add error handling as appropriate, try-with-resources is often good

If you have BouncyCastle you can use its provider the same way (just add a second argument to .getInstance or set the default provider list order), or you can use PEMParser with JcaX509CertificateConverter -- which effectively does the same thing, internally running the data through a CertificateFactory .如果你有BouncyCastle的,你可以使用它提供的相同的方式处理(添加第二个参数.getInstance或设置默认的提供者列表的顺序),或者您可以使用PEMParserJcaX509CertificateConverter -这有效地做同样的事情,在内部运行数据通过CertificateFactory

解决方案2
 0  2021-12-05 00:19:41

With Sun JVM it is also possible with使用 Sun JVM 也可以使用

import java.security.cert.X509Certificate;
import sun.security.x509.X509CertImpl;

InputStream is = ...
X509Certificate crt = new X509CertImpl(is);

, although I'd prefer the accepted answer as JVM implementation-independent one. ,尽管我更喜欢接受的答案作为与 JVM 实现无关的答案。

Under the hood, in Sun JVM, CertificateFactory (more precisely, X509Factory ) does instantiate X509CertImpl , but there is very subtle difference between the two approaches: CertificateFactory caches X509 Certificate instances by binary content of the input stream, the one that can be retrieved by cer.getEncoded() .X509Factory ,在 Sun JVM 中, CertificateFactory (更准确地说, X509Factory )确实实例化X509CertImpl ,但是两种方法之间有非常细微的区别: CertificateFactory通过输入流的二进制内容缓存 X509 Certificate 实例,可以通过cer.getEncoded()

The cache can be cleared by缓存可以通过

fact.generateCertificate(null);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从ASN1加密的pem证书中获取公钥和私钥 - Get public and private key from ASN1 encrypted pem certificate 如何在 java 中使用 .pem 文件证书发布数据 - How to post data with .pem file certificate in java 如何将信任证书从.jks转换为.pem? - How to convert trust certificate from .jks to .pem? 如何加载文件privakey文件类型是Pem - How to load file privakey file types is pem 如何从java中的pfx文件/pem文件获取RSA公钥的指数和模数值 - How to get exponent and modulus value of RSA public key from pfx file/pem file in java 如何将PEM编码的椭圆曲线公钥加载到Bouncy Castle? - How to load PEM encoded Elliptic Curve public keys into Bouncy Castle? 如何从证书颁发机构提供的PEM文件正确创建Java密钥库文件? - How to correctly create a java keystore file from PEM files provided by a Certificate Authority? java:使用从PEM文件读取的RSA公钥解密数据时,如何避免IllegalBlockSizeException? - java: How to avoid IllegalBlockSizeException when decrypting data with RSA public key read from PEM file? 从证书别名到带有Java的包含私钥的PEM文件 - From certificate Alias to PEM File with private key included using Java 将证书链写入PEM文件 - Write certificate chain to a PEM file
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM