[英]import encrypted private key to jks
I need use ssl(2 way handshake) socket for connection in my project. 我需要在项目中使用ssl(2握手)套接字进行连接。 So for creating keys, i used openssl with this comands :
因此,为了创建密钥,我使用了带有以下命令的openssl:
for server : 对于服务器:
req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout a_private.key -out a_certificate.cert
rsa -in a_private.key -des3 -out a_private_des.key
rsa -in a_private_des.key -pubout -out a_pub.key
for client : 对于客户:
req -x509 -days 3650 -nodes -newkey rsa:2048 -keyout b_private.key -out b_certificate.cert
rsa -in b_private.key -des3 -out b_private_des.key
rsa -in b_private_des.key -pubout -out b_pub.key
for import to jks file i used keytool: 导入到jks文件中,我使用了keytool:
keytool -import -alias a_private -file a_private_des.key -keystore a.jks
keytool error: java.lang.Exception: Input not an X.509 certificate
after that, I made der file with this command : 之后,我使用以下命令制作了der文件:
pkcs8 -topk8 -in a_private_des.key -out a_private_des.der -outform DER
and retry to import key to jks file: 并尝试将密钥导入到jks文件:
keytool -import -alias a_private -file a_private_des.der -keystore a.jks
keytool error: java.lang.Exception: Input not an X.509 certificate
and I get same exception with b_pub.key 我也得到了b_pub.key的异常
how can I import encrypted private key and public key in jks file ? 如何在jks文件中导入加密的私钥和公钥?
tanx alot. 坦克斯很多。
To import a key pair (key and cert) into a java keystore, you first need to create a p12 file. 要将密钥对(密钥和cert)导入到Java密钥库中,首先需要创建一个p12文件。 Whilst the question is "import encrypted private key to jks", I don't actually believe the key in question is encrypted as the "nodes" option is used.
虽然问题是“将加密的私钥导入到jks”,但实际上我不认为所讨论的密钥是加密的,因为使用了“ nodes”选项。
So to import a key, and cert into a JKS use: 因此,要导入密钥并将证书导入到JKS中,请使用:
# create p12
openssl pkcs12 -export \
-name a_private \
-out a_private.p12 \
-inkey a_private.key \
-in a_certificate.cert \
-passin "pass:changeit" \
-passout "pass:changeit"
# create jks
keytool -v -importkeystore -deststoretype pkcs12 -destkeystore \
"a.jks" \
-srckeystore "a_private.p12" -srcstoretype pkcs12 \
-alias "a_private" -srcstorepass "changeit" \
-deststorepass "changeit" -destkeypass "changeit"
Actually change the password "changeit" as well. 实际上也要更改密码“ changeit”。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.