[英]Encrypt a private key with Password using BouncyCastle
I am new to BouncyCastle. 我是BouncyCastle的新手。 I have a private key generated using the below code.
我有一个使用以下代码生成的私钥。
final CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
keypair.generate(1024);
final PrivateKey privKey = keypair.getPrivateKey();
I would to encrypt it with a password using AES or some openssl supported algorithm using BouncyCastle. 我将使用AES或使用BouncyCastle的一些openssl支持的算法使用密码对其进行加密。 Can some one help me out how to start, where I am not able to find any good tutorial on this.
有人可以帮我入门的地方吗,在这里我找不到任何好的教程。 Please help me out.
请帮帮我。 Thanks in advance.
提前致谢。
If you just want to output your private key to a passphrase "12345" protected PEM formatted and file "privatekey.pem" you can use this BC code: 如果仅要将私钥输出到密码短语“ 12345”受保护的PEM格式和文件“ privatekey.pem”,则可以使用以下BC代码:
JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES); encryptorBuilder.setRandom(EntropySource.getSecureRandom()); encryptorBuilder.setPasssword("12345".toCharArray()); OutputEncryptor oe = encryptorBuilder.build(); JcaPKCS8Generator gen = new JcaPKCS8Generator(privKey,oe); PemObject obj = gen.generate(); PEMWriter pemWrt = new PEMWriter( new FileWriter("privatekey.pem")); pemWrt.writeObject(obj); pemWrt.close();
then afterwards you can get at the private key with openssl with 然后,您可以使用openssl来获得私钥
$ openssl rsa -in privatekey.pem -check Enter pass phrase for privatekey.pem: RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- ..... -----END RSA PRIVATE KEY-----
The "standard" use of PEMWriter will not passphrase protect your private key:( PEMWriter的“标准”用法不会使用密码保护您的私钥:(
If you'd prefer to protect your private keys with AES-256 instead of one of the old DES variants supported by PKCS8, this will work: 如果您希望使用AES-256而不是PKCS8支持的旧DES变体之一来保护私钥,则可以使用:
public String toPem(String password) throws IOException {
StringWriter sw = new StringWriter();
try (JcaPEMWriter pemWriter = new JcaPEMWriter(sw)) {
PEMEncryptor encryptor =
new JcePEMEncryptorBuilder("AES-256-CBC").build(password);
// privateKey is a java.security.PrivateKey
JcaMiscPEMGenerator gen = new JcaMiscPEMGenerator(privateKey, encryptor);
pemWriter.writeObject(gen);
}
return sw.toString();
}
You can verify the output with openssl. 您可以使用openssl验证输出。 In my case the key is EC so this command is used:
在我的情况下,密钥是EC,因此使用以下命令:
$ openssl ec -in key.txt -passin pass:password -text
Adapt as required for RSA keys. 根据需要修改RSA密钥。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.