堆栈内存溢出
  简体   繁体   English

我如何从pfx证书中读取java中的私钥

[英]How do i read the private key in java from a pfx certificate

 原文  2012-09-10 21:10:45       java/ security/ openssl/ private-key/ pem

问题描述

I am trying to read a private key i java .I learned inorder to do that i have to extract private key from my full certificate in pfx format. 我试图读取私钥我java。我学会了为了做到这一点我必须从我的完整证书中提取私有密钥的pfx格式。 I have tried the below open ssl command to convert pfx to pem and then to pk8 , but when i tried to read the key in java , it says invalid key format 我已经尝试了下面的open ssl命令将pfx转换为pem然后再转换为pk8,但是当我尝试在java中读取密钥时,它表示无效的密钥格式

convert pfx to pem 将pfx转换为pem 

      openssl pkcs12 -in C:\Documents\xbox-token\conversion\xbox
  token-FullCert.pfx -nocerts -out C:\Documents\xbox-token\conversion\xboxkey.pem

Removing password protection 删除密码保护 

openssl rsa -in C:\Documents\xbox-token\conversion\xboxkey.pem  -out C:\Documents\xbox-token\conversion\xboxkey.pem

Convert pem to pk8 将pem转换为pk8 

openssl pkcs8 -topk8 -in C:\Documents\xbox-token\conversion\xboxkey.pem -out C:\Documents\xbox-token\conversion\xboxprv.pk8

In the java code 在java代码中 

  byte[] encodedPrivateKey=null;
    File privateKeyFile = new File("C:/Documents/xbox-token/conversion/xboxprv.pk8");
    FileInputStream inputStreamPrivateKey = null;
    try {
        inputStreamPrivateKey = new FileInputStream(privateKeyFile);
          encodedPrivateKey = new byte[(int)privateKeyFile.length()];
            inputStreamPrivateKey.read(encodedPrivateKey);
            inputStreamPrivateKey.close();
    } catch (FileNotFoundException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }


    // Create the private key.
    PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedPrivateKey);
    System.out.println(encodedPrivateKey);
    System.out.println(privateKeySpec);
    RSAPrivateKey privateKey = null;
    try {
        privateKey = (RSAPrivateKey)KeyFactory.getInstance("RSA").generatePrivate(privateKeySpec);
    } catch (InvalidKeySpecException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

I am getting an java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format 我收到了java.security.spec.InvalidKeySpecException:java.security.InvalidKeyException:无效的密钥格式

Can any one help 任何人都可以帮忙

2 个解决方案

解决方案1
 3  2012-09-10 22:16:14

I think the trick is to do a little bit with openssl and then get keytool to do all the real work. 我认为诀窍是用openssl做一点,然后让keytool做所有真正的工作。 So with openssl convert your existing certificate and key into a PKCS12 file. 因此,使用openssl将您现有的证书和密钥转换为PKCS12文件。 Using openssl you'd have something like. 使用openssl你会有类似的东西。 

openssl pkcs12 \
  -export -in cert.crt \
  -inkey cert.key \
  -certfile ica.crt \
  -name "yourKey" \
  -out cert.p12

And then the magic is to import the .p12 into your keystore as if it was another keystore. 然后神奇的是将.p12导入到您的密钥库中,就像它是另一个密钥库一样。 

$JAVA_HOME/bin/keytool \
  -importkeystore -deststorepass secret \
  -destkeypass secret -destkeystore $KEYSTORE \
  -srckeystore cert.p12 \
  -srcstoretype PKCS12 \
  -srcstorepass secret \
  -alias "yourKey"

You have options for using this within java but I would expect a full answer to involve the following. 您可以选择在java中使用它,但我希望完整的答案涉及以下内容。 

import java.security.KeyStore;
KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
FileInputStream instream = new FileInputStream(new File("/your/keystore"));
trustStore.load(instream, "secret".toCharArray());

Hope it works! 希望它有效!

解决方案2
 0  2013-01-09 05:00:39

Given that you don't specify an output format for your OpenSSL commands you will get a PEM-encoded file. 如果您没有为OpenSSL命令指定输出格式,您将获得PEM编码的文件。 Java will expect DER encoding. Java将期待DER编码。 Instead of your last openssl call try: 而不是你上次的openssl调用尝试: 

openssl pkcs8 -topk8 -inform=PEM -outform=DER
              -in C:\Documents\xbox-token\conversion\xboxkey.pem 
              -out C:\Documents\xbox-token\conversion\xboxprv.pk8

The '-inform' parameter shouldn't be required (it seems the default), but the '-outform' probably is. 不应该要求'-inform'参数(似乎是默认值),但'-outform'可能是。

If you want to check what format you have: PEM files are ASCII (Base64 encoded), DER files are binary. 如果要检查您的格式:PEM文件是ASCII(Base64编码),DER文件是二进制文件。 If your text editor likes it, Java probably won't. 如果您的文本编辑器喜欢它,Java可能不会。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 从PFX文件中读取私钥,并使用该私钥解密密文 - Read private key from PFX file, decrypt the ciphertext with that private key 如何从java中的PFX文件中读取公钥 - How to read public key from PFX file in java pfx证书中的Java密钥库 - Java keystore from pfx certificate 我怎么知道Java密钥库中哪个别名包含证书和私钥? - How do I know which alias contains the certificate and private key in a Java keystore? 如何用证书和私钥在Java中签名XML文档? - How can I sign an XML Document in java with certificate and private key? 如何将Java的私钥文件转换为.net x509Certificate2 - How can I convert a private key file from Java into .net x509Certificate2 从.pfx文件检索的证书私钥与个人“我的商店”之间有什么区别? - What differences between certificate private key that retrieved from .pfx file and personal My Store? 如何使用私钥将 .pfx 文件转换为密钥库? - How to convert .pfx file to keystore with private key? 如何使用Bouncy Castle从Java中的ECDSA私钥中获取公钥? - How do I obtain the public key from an ECDSA private key in Java with Bouncy Castle? 如何在Java中读取.pfx文件的内容? - How can I read the content of a .pfx file in Java?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM