[英]Store PGP (public) keys in java keystore - Bouncycastle
I am using bouncycastle (JAVA) for signing, encryption, decryption and signatures' verification in implementation of SSO.我在 SSO 的实现中使用 bouncycastle (JAVA) 进行签名、加密、解密和签名验证。 I have raw PGP public and private keys and I need to store them in Java keystore.我有原始 PGP 公钥和私钥,我需要将它们存储在 Java 密钥库中。 These PGP public keys have no certificate.这些 PGP 公钥没有证书。
I understand that for public keys (according to javadoc of Keystore: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html ) I have to create certificate.我知道对于公钥(根据 Keystore 的 javadoc: http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html )我必须创建证书。 Once certificate is created I can import it to the keystore as KeyStore.TrustedCertificateEntry.创建证书后,我可以将其作为 KeyStore.TrustedCertificateEntry 导入密钥库。 However, I am not able to create certificate entry for type org.bouncycastle.openpgp.PGPPublicKey.但是,我无法为类型 org.bouncycastle.openpgp.PGPPublicKey 创建证书条目。
I have searched through the web but could not find any valid example:我搜索了 web 但找不到任何有效的示例:
Bouncycastle examples - org.bouncycastle.openpgp.examples.DirectKeySignature: Add certificat (object of type PGPSignature) directly to the PGPPublicKey. Bouncycastle 示例 - org.bouncycastle.openpgp.examples.DirectKeySignature:将证书(PGPSignature 类型的对象)直接添加到 PGPPublicKey。 To conclude - I have signed (certified) PGPPublicKey but I am not able to store this type of Key into the java keystore.总而言之——我已经签署(认证)PGPPublicKey,但我无法将这种类型的密钥存储到 java 密钥库中。
OutputStream out = new ByteArrayOutputStream(); if (armor) { out = new ArmoredOutputStream(out); } PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(secretKeyPass.toCharArray(), "BC"); PGPSignatureGenerator sGen = new PGPSignatureGenerator(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC"); sGen.initSign(PGPSignature.DIRECT_KEY, pgpPrivKey); BCPGOutputStream bOut = new BCPGOutputStream(out); sGen.generateOnePassVersion(false).encode(bOut); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); boolean isHumanReadable = true; spGen.setNotationData(true, isHumanReadable, notationName, notationValue); PGPSignatureSubpacketVector packetVector = spGen.generate(); sGen.setHashedSubpackets(packetVector); bOut.flush(); return PGPPublicKey.addCertification(keyToBeSigned, sGen.generate()).getEncoded();
I am mainly interested in programatic solution (java source code) but examples that use some tools will be helpful too.我主要对编程解决方案(java 源代码)感兴趣,但使用某些工具的示例也会有所帮助。
Thanks!谢谢!
I think you should extract a java.security.PublicKey
from your PGPPublicKey
and use that to construct an X509Certificate
which can be stored in a keystore.我认为您应该从您的PGPPublicKey
中提取一个java.security.PublicKey
并使用它来构建一个可以存储在密钥库中的X509Certificate
。
JcaPGPKeyConverter c = new JcaPGPKeyConverter();
PublicKey publicKey = c.getPublicKey(pgpPublicKey);
// ... Use Bouncy's X509V3CertificateGenerator or X509v3CertificateBuilder
// ... to construct a self-signed cert
X509Certificate x509Certificate = // ...
// ... add cert to KeyStore
To create an X509Certificate
from a PublicKey
see: Generate random certificates .要从PublicKey
创建X509Certificate
,请参阅: 生成随机证书。
If you only want to save the public key, why cannot you just save the key content into Java keystore?如果只想保存公钥,为什么不能直接将密钥内容保存到Java keystore中呢? Then retrieve the content and convert into a PGPPublicKey object when you need it.然后检索内容并在需要时转换为 PGPPublicKey object。
Create a wrapper class first首先创建一个包装器 class
public class PgpPublicKeyWrapper implements Key {
private final String keyContent;
public PgpPublicKeyWrapper(final String keyContent) {
this.keyContent = keyContent;
}
@Override
public String getAlgorithm() {
return "PGP-PublicKey"; // you can call whatever you want
}
@Override
public String getFormat() {
return "RAW"; // has to be raw format
}
@Override
public byte[] getEncoded() {
return keyContent.getBytes();
}
}
Then you can do this to save it然后你可以这样做来保存它
keyStore.setKeyEntry("think a name for alias", new PgpPublicKeyWrapper(key), PASSWORD, null);
When you want to retrieve it当你想找回它
Key key = this.keyStore.getKey(alias, PASSWORD);
InputStream is = new ByteArrayInputStream(key.getEncoded());
PGPPublicKey publicKey = readPublicKey(is);
For readPublicKey(), you can find a lot of examples online about how to read InputStream to a PGPPublicKey object.对于readPublicKey(),你可以在网上找到很多关于如何读取InputStream到一个PGPPublicKey object的例子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.