为什么Java KeyStore在加载OpenPGP密钥时失败?
[英]Why does the Java KeyStore fail at loading an OpenPGP key?
问题描述
I am willing to spend some amount of time developing yet another license manager for desktop Java application. 
我愿意花一些时间为桌面Java应用程序开发另一个许可管理器。 After some looking around I discovered JCPUID by Iakin that is free to use and should work at most operating systems with native libs that I found here . 经过一番环顾,我发现Iakin的JCPUID可以免费使用,并且应该可以在我在这里找到的本机库的大多数操作系统上运行。
My idea is to do two modules: main application that will show popup window with CPU ID and verification text field and key generator app. 我的想法是做两个模块:主应用程序将显示带有CPU ID和验证文本字段和密钥生成器应用程序的弹出窗口。 User will pass CPU ID to keygen owner, who will return verification code (generated with keygen) to user. 用户将CPU ID传递给keygen所有者,后者将向用户返回验证码(使用keygen生成)。 After user submits correct verification code, license file with that code will be created at filesystem. 用户提交正确的验证码后,将在文件系统中创建具有该代码的许可证文件。 Every time the application starts up, it will check the existence and correctness of that file and load main application screen after that. 每次应用程序启动时,它都会检查该文件的存在和正确性,然后加载主应用程序屏幕。
What about code verification, I think the best option will be to use asymmetric cryptography, in particular RSA. 那么代码验证呢,我认为最好的选择是使用非对称加密技术,特别是RSA。 The public key will be built-in into application and secret will be built-in into key generator. 公钥将内置到应用程序中,秘密将内置到密钥生成器中。 So CPUID will be passed to key generator owner and then signed with RSA. 因此CPUID将传递给密钥生成器所有者,然后与RSA签名。 That signature will be transferred back to user, who will verify its validity with built-in public key. 该签名将被转移回用户,用户将使用内置公钥验证其有效性。
I generated gpg key pairs using Kleopatra and gpg Linux command line tool itself. 我使用Kleopatra和gpg Linux命令行工具本身生成了gpg密钥对。 Then I tried to sign something using this method: 然后我尝试用这种方法签名:
private byte[] createSignature(byte[] file) {
byte[] signature = null;
try {
java.security.KeyStore keyStoreFile = java.security.KeyStore
.getInstance("PKCS12");
keyStoreFile.load(getClass().getClassLoader().getResourceAsStream("/secret.asc"),
"******".toCharArray());
PrivateKey privateKey = (PrivateKey) keyStoreFile.getKey(
"My Name Here", "******".toCharArray());
Signature dsa = Signature.getInstance("SHA1withRSA");
dsa.initSign(privateKey);
dsa.update(file, 0, file.length);
signature = dsa.sign();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return signature;
}
But the privateKey initialization throws exception: 但privateKey初始化抛出异常:
java.security.InvalidKeyException: Key must not be null
I guess it's because of wrong instance format here: 我猜这是因为错误的实例格式:
java.security.KeyStore keyStoreFile = java.security.KeyStore
.getInstance("PKCS12");
I would like to know: 我想知道:
How good is this approach at all?
这种方法有多好? What difference exists between different OpenPGP key formats and which will be the best to use at this case?
不同的OpenPGP密钥格式之间存在什么区别?在这种情况下最好使用哪种格式? How to know the format of existing OpenPGP file? 如何知道现有OpenPGP文件的格式?
1 个解决方案
解决方案1
1 已采纳 2016-01-26 20:17:44
The Java crypto framework does not support OpenPGP. Java加密框架不支持OpenPGP。 X.509 keys, for example in the PKCS12 format, are incompatible with OpenPGP -- although they rely on (mostly) the same cryptographic algorithms. X.509密钥(例如PKCS12格式)与OpenPGP不兼容 - 尽管它们(大多数)依赖于(大多数)相同的加密算法。
Either use X.509 certificates (you could also create your own CA for this purpose), or rely on an implementation of OpenPGP for Java. 使用X.509证书(您也可以为此目的创建自己的CA),或者依赖OpenPGP for Java的实现。 In terms of open source libraries, you can choose between the native Java implementation BouncyCastle (MIT license), or interface GnuPG (GPL) through the Java GPGME binding (LGPL). 在开源库方面,您可以通过Java GPGME绑定 (LGPL)在本机Java实现BouncyCastle (MIT许可证)或接口GnuPG (GPL)之间进行选择。
BouncyCastle is probably the better way to go, as all you need to do is add another Java library, not install another software into the system. BouncyCastle可能是更好的方法,因为您需要做的就是添加另一个Java库,而不是在系统中安装另一个软件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.