堆栈内存溢出
  简体   繁体   English

在 BouncyCastle BCFKS 密钥库中存储 X25519 密钥对

[英]Storing a X25519 key pair in a BouncyCastle BCFKS keystore

 原文  2021-04-25 09:43:05       java/ bouncycastle/ keystore/ curve-25519/ x25519

问题描述

For the purposes of performing a Diffie-Hellman key agreement with Curve25519 , I am generating the following key pair using BouncyCastle 1.68 :为了与Curve25519执行 Diffie-Hellman 密钥协议,我使用BouncyCastle 1.68生成以下密钥对:

// Generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("X25519", BouncyCastleProvider.PROVIDER_NAME);
keyPairGenerator.initialize(new XDHParameterSpec(XDHParameterSpec.X25519));
KeyPair keyPair = keyPairGenerator.generateKeyPair();

Using this key pair I am now successfully able to perform a key agreement:使用这个密钥对,我现在可以成功地执行密钥协议:

// Perform a (dummy) key agreement
KeyAgreement keyAgreement = KeyAgreement.getInstance("X25519", BouncyCastleProvider.PROVIDER_NAME);
keyAgreement.init(keyPair.getPrivate());
keyAgreement.doPhase(keyPair.getPublic(), true);
byte[] secret = keyAgreement.generateSecret();

Now I would like to securely store this keypair in a BCFKS keystore for future use, something like this:现在我想将此密钥对安全地存储在 BCFKS 密钥库中以供将来使用,如下所示:

// Create a key store for the key pair
KeyStore keyStore = KeyStore.getInstance("BCFKS", BouncyCastleProvider.PROVIDER_NAME);
keyStore.load(null, "keyStorePassword".toCharArray());

// Put the key pair in the key store as a PrivateKeyEntry
final X509Certificate selfSignedCertificate = generateSelfSignedCertificate(keyPair); // TODO: How to generate a certificate?
final KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{selfSignedCertificate});
keyStore.setEntry("alias", entry, new KeyStore.PasswordProtection("keyEntryPassword".toCharArray()));

... except the KeyStore.PrivateKeyEntry constructor expects a certificate (as opposed to a public key), and X25519 cannot by definition be used to sign a certificate. ...除了KeyStore.PrivateKeyEntry构造函数需要证书(而不是公钥),并且X25519根据定义不能用于签署证书。 (Attempting to create a Signer using it naturally fails with java.lang.IllegalArgumentException: Unknown signature type requested: X25519 ) (尝试使用它创建签名者自然会失败,并java.lang.IllegalArgumentException: Unknown signature type requested: X25519

Am I missing something obvious here, or is there currently no simple way to put a X25519 key pair in a BCFKS keystore?我在这里遗漏了一些明显的东西,还是目前没有简单的方法将X25519密钥对放入BCFKS密钥库? Is there maybe a workaround I can apply, considering I don't really need a certificate, just a way to store the private/public keys in the keystore?考虑到我真的不需要证书,是否可以应用一种解决方法,只是一种将私钥/公钥存储在密钥库中的方法?

1 个解决方案

解决方案1
 0 已采纳  2021-04-27 21:13:03

The thing is that the X25519 certificate doesn't need to be self-signed.问题是X25519证书不需要自签名。

Signing the certificate using a 2nd bogus/throwaway key (fi RSA) works just fine.使用第二个伪造/一次性密钥(fi RSA)签署证书就可以了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 X25519 中为 PrivateKey 生成 PublicKey? - How to generate PublicKey for PrivateKey in X25519? java.security.NoSuchAlgorithmException:算法 x25519 不可用 - java.security.NoSuchAlgorithmException: Algorithm x25519 not available 在 Java 的 KeyStore 中存储 Diffie-Hellman 密钥对以供重复使用 - Storing a Diffie-Hellman key pair for reuse in a KeyStore in Java 使用密钥库存储密钥 - Storing key using Keystore KeyStore Explorer - 创建密钥对? - KeyStore Explorer - Created key pair? 在Android密钥库中存储hmac密钥 - Storing a hmac key in Android keystore 如何为diffie hellman算法生成curve25519密钥对? - How to generate curve25519 key pair for diffie hellman algorithm? 在Android中使用KeyStore存储密钥 - Storing key using KeyStore in Android 将公共私钥对导入密钥库 - Import Public Private key pair to a Keystore 使用java中的密钥库存储AES密钥 - Storing AES Secret key using keystore in java
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM