stackoom
  简体   繁体   中英

Certificate match to private key

 原文  2012-12-17 20:13:24       java/ cryptography/ public-key

Question

We are currently implementing a digital signature applet in java. Users will have tokens containing keystores of private keys and their respective certificates. The certificates and private keys will have different aliases.

What I need to do is call/match the private key in the store to the certificate selected by the user at the time of signing. How can I match a private key to its respective certificate in java? I need something like getkey(alias, password) where alias is derived from a match between the certificate selected and the key.

2 answers

solution1
 0  2012-12-17 20:51:11

If you are using ECC then 

Q = k * P

Where Q is your public key, so when you know the private key k you also know the base point P and the curve so you can "easily" compute the public key.

The issue with RSA is also simple, when using well known implementations, where exponent e is fixed. If it's not fixed it can be tricky, but also not that hard.

The completly other issue is... how would you match given pubkey with stored certificate? And the other question is why do something like this ? You should hold cert info after sign and access coresponding cert in java key store. Ambiguity is always a problem, specially in crypto you should be as explicit as you can be.

solution2
 0  2012-12-17 20:59:45

If I understood your design - your idea is not something that you should proceed with, however java should support what you need:

Use this code: 

 KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
 ks.getEntry("privateKeyAlias", password);
 Certificate certificateFromPrivateKey = pkEntry.getCertificate();
 KeyStore.TrustedCertificateEntry certEntry = (KeyStore.TrustedCertificateEntry)ks.getEntry("certificateAlias, password);
 Certificate certificateFromPublicKey = certEntry.getCertificate();

 if (certificateFromPrivateKey.equals(certificateFromPublicKey)) ...

Read more about it in the javadoc - but I really think you are going about this the wrong way.

Also - a relevant API (I assume you are using it) - http://docs.oracle.com/javase/6/docs/api/java/security/Signature.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Private key algorithm does not match algorithm of public key in end entity certificate (at index 0) Import Certificate and Private Key for Java Keytool genkey creates certificate or private key? How to verify if the private key matches with the certificate..? How to bind private key with certificate chain? link between private key and signed certificate in keystore Load certificate and private key into Java KeyStore Create a private Key from a PositiveSSL Certificate Certificate chain not found, but keystore contains private key Can't find private key from certificate
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM