堆栈内存溢出
  简体   繁体   English

证书与私钥匹配

[英]Certificate match to private key

 原文  2012-12-17 20:13:24       java/ cryptography/ public-key

问题描述

We are currently implementing a digital signature applet in java. 我们目前正在用Java实现数字签名小程序。 Users will have tokens containing keystores of private keys and their respective certificates. 用户将拥有包含私钥及其各自的证书的密钥库的令牌。 The certificates and private keys will have different aliases. 证书和私钥将具有不同的别名。

What I need to do is call/match the private key in the store to the certificate selected by the user at the time of signing. 我需要做的是将商店中的私钥调用/匹配到用户在签名时选择的证书。 How can I match a private key to its respective certificate in java? 如何在Java中将私钥与其各自的证书进行匹配? I need something like getkey(alias, password) where alias is derived from a match between the certificate selected and the key. 我需要类似getkey(alias,password)这样的东西,其中别名是从所选证书和密钥之间的匹配中得出的。

2 个解决方案

解决方案1
 0  2012-12-17 20:51:11

If you are using ECC then 如果您使用的是ECC, 

Q = k * P

Where Q is your public key, so when you know the private key k you also know the base point P and the curve so you can "easily" compute the public key. 其中Q是您的公钥,因此,当您知道私钥k时,您还知道基点P和曲线,因此您可以“轻松地”计算公钥。

The issue with RSA is also simple, when using well known implementations, where exponent e is fixed. 当使用众所周知的实现方式(指数e是固定的)时,RSA的问题也很简单。 If it's not fixed it can be tricky, but also not that hard. 如果不固定,可能会很棘手,但也不会那么难。

The completly other issue is... how would you match given pubkey with stored certificate? 另一个完全问题是...如何将给定的pubkey与存储的证书匹配? And the other question is why do something like this ? 另一个问题是为什么会这样? You should hold cert info after sign and access coresponding cert in java key store. 您应该在签名后保存证书信息,并在Java密钥存储区访问对应于内核的证书。 Ambiguity is always a problem, specially in crypto you should be as explicit as you can be. 模糊性始终是一个问题,特别是在加密中,您应尽可能明确。

解决方案2
 0  2012-12-17 20:59:45

If I understood your design - your idea is not something that you should proceed with, however java should support what you need: 如果我了解您的设计-您的想法不是您应该继续做的,但是java应该支持您所需要的:

Use this code: 使用此代码: 

 KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
 ks.getEntry("privateKeyAlias", password);
 Certificate certificateFromPrivateKey = pkEntry.getCertificate();
 KeyStore.TrustedCertificateEntry certEntry = (KeyStore.TrustedCertificateEntry)ks.getEntry("certificateAlias, password);
 Certificate certificateFromPublicKey = certEntry.getCertificate();

 if (certificateFromPrivateKey.equals(certificateFromPublicKey)) ...

Read more about it in the javadoc - but I really think you are going about this the wrong way. javadoc中阅读有关它的更多信息-但我真的认为您正在以错误的方式进行操作。

Also - a relevant API (I assume you are using it) - http://docs.oracle.com/javase/6/docs/api/java/security/Signature.html 另外-一个相关的API(我假设您正在使用它) -http://docs.oracle.com/javase/6/docs/api/java/security/Signature.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 私钥算法与最终实体证书中的公钥算法不匹配(索引 0) - Private key algorithm does not match algorithm of public key in end entity certificate (at index 0) 导入Java证书和私钥 - Import Certificate and Private Key for Java Keytool genkey创建证书还是私钥? - Keytool genkey creates certificate or private key? 如何验证私钥是否与证书匹配..? - How to verify if the private key matches with the certificate..? 如何将私钥与证书链绑定? - How to bind private key with certificate chain? 私钥和密钥库中签名证书之间的链接 - link between private key and signed certificate in keystore 将证书和私钥加载到 Java KeyStore - Load certificate and private key into Java KeyStore 从 PositiveSSL 证书创建私钥 - Create a private Key from a PositiveSSL Certificate 未找到证书链,但密钥库包含私钥 - Certificate chain not found, but keystore contains private key 无法从证书中找到私钥 - Can't find private key from certificate
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM