stackoom
  简体   繁体   中英

Encrypt a private key with Password using BouncyCastle

 原文  2013-01-30 05:33:31       java/ ssl/ ssl-certificate/ bouncycastle/ private-key

Question

I am new to BouncyCastle. I have a private key generated using the below code. 

     final CertAndKeyGen keypair = new CertAndKeyGen("RSA", "SHA1WithRSA", null);
     keypair.generate(1024);
     final PrivateKey privKey = keypair.getPrivateKey();

I would to encrypt it with a password using AES or some openssl supported algorithm using BouncyCastle. Can some one help me out how to start, where I am not able to find any good tutorial on this. Please help me out. Thanks in advance.

2 answers

solution1
 4  2013-09-24 19:49:51

If you just want to output your private key to a passphrase "12345" protected PEM formatted and file "privatekey.pem" you can use this BC code: 

JceOpenSSLPKCS8EncryptorBuilder encryptorBuilder = new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.PBE_SHA1_3DES);
    encryptorBuilder.setRandom(EntropySource.getSecureRandom());
    encryptorBuilder.setPasssword("12345".toCharArray());
    OutputEncryptor oe = encryptorBuilder.build();
    JcaPKCS8Generator gen = new JcaPKCS8Generator(privKey,oe);
    PemObject obj = gen.generate();

    PEMWriter pemWrt = new PEMWriter( new FileWriter("privatekey.pem"));
    pemWrt.writeObject(obj);
    pemWrt.close();

then afterwards you can get at the private key with openssl with 

$ openssl rsa -in privatekey.pem -check
Enter pass phrase for privatekey.pem:
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
.....
-----END RSA PRIVATE KEY-----

The "standard" use of PEMWriter will not passphrase protect your private key:(

solution2
 0  2018-12-13 10:48:12

If you'd prefer to protect your private keys with AES-256 instead of one of the old DES variants supported by PKCS8, this will work: 

public String toPem(String password) throws IOException {

  StringWriter sw = new StringWriter();

  try (JcaPEMWriter pemWriter = new JcaPEMWriter(sw)) {

    PEMEncryptor encryptor =
        new JcePEMEncryptorBuilder("AES-256-CBC").build(password);

    // privateKey is a java.security.PrivateKey
    JcaMiscPEMGenerator gen = new JcaMiscPEMGenerator(privateKey, encryptor);
    pemWriter.writeObject(gen);
  }

  return sw.toString();
}

You can verify the output with openssl. In my case the key is EC so this command is used: 

$ openssl ec -in key.txt -passin pass:password -text

Adapt as required for RSA keys.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Bouncycastle: encrypt with a public key CSR generation using java or BouncyCastle without using Private key Issues using BouncyCastle to encrypt a String How to generate Private key from string using BouncyCastle PGP Encrypt using BouncyCastle in Java Using BouncyCastle to encrypt with ECIES in Java How do I use scrypt to encrypt a private key with a password KeyStore not applying / enforcing private key password for PKCS12 file in Android with BouncyCastle How do I RSA encrypt a string with a plaintext key using Java BouncyCastle API on Android How to encrypt arbitrary data types using BouncyCastle?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM