[英]Java self signed certificate and keystore usage
我需要沿着公共證書創建公共和私有密鑰。 我可以使用以下代碼生成自簽名證書...
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair KPair = keyPairGenerator.generateKeyPair();
PrivateKey privkey = KPair.getPrivate();
X509CertInfo info = new X509CertInfo();
Date from = new Date();
Date to = new Date(from.getTime() + days * 86400000l);
CertificateValidity interval = new CertificateValidity(from, to);
BigInteger sn = new BigInteger(64, new SecureRandom());
X500Name owner = new X500Name(dn);
info.set(X509CertInfo.VALIDITY, interval);
info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
// Sign the cert to identify the algorithm that's used.
X509CertImpl cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
// Update the algorith, and resign.
algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
cert = new X509CertImpl(info);
cert.sign(privkey, algorithm);
現在,我需要通過使用密鑰庫或其他方式來保存私鑰和公鑰,以便我可以檢索到那些用於簽署任何文件或對象的密鑰。 我嘗試使用簡單的文件流傳輸,但是它給了我錯誤,並且似乎不是正確的方法。 請指導我下一步該怎么做。 我想使用證書和私鑰對一些數據進行簽名,並且我想保存它們,以便我可以隨時使用驗證。
我找到了答案
private void savePublicKeyToFile(String fileName,
BigInteger mod, BigInteger exp) throws IOException {
ObjectOutputStream oout = new ObjectOutputStream(
new BufferedOutputStream(new FileOutputStream(fileName)));
try {
oout.writeObject(mod);
oout.writeObject(exp);
} catch (Exception e) {
// throw new SomeException(e);
} finally {
oout.close();
}
}
private void savePrivteKeyToFile(String fileName,
BigInteger mod, BigInteger PublicExponent, BigInteger PrivateExponent,
BigInteger PrimeP, BigInteger PrimeQ,BigInteger PrimeExponentP,BigInteger PrimeExponentQ,
BigInteger CrtCoefficient) throws IOException {
ObjectOutputStream oout = new ObjectOutputStream(
new BufferedOutputStream(new FileOutputStream(fileName)));
try {
oout.writeObject(mod);
oout.writeObject(PublicExponent);
oout.writeObject(PrivateExponent);
oout.writeObject(PrimeP);
oout.writeObject(PrimeQ);
oout.writeObject(PrimeExponentP);
oout.writeObject(PrimeExponentQ);
oout.writeObject(CrtCoefficient);
} catch (Exception e) {
// throw new SomeException(e);
} finally {
oout.close();
}
}
// To save in keystore here is the way
Certificate [] certChain = new Certificate[1];
certChain[0] = ca;
String strAlias = "abcalias", strPassword="mypass";
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(null,strPassword.toCharArray());
keyStore.setEntry(strAlias,
new KeyStore.PrivateKeyEntry((PrivateKey) KPair.getPrivate(), certChain),
new KeyStore.PasswordProtection(strPassword.toCharArray()));
FileOutputStream fkey = new FileOutputStream(strFilePath+".keystore");
keyStore.store(fkey, strPassword.toCharArray());
fkey.close();
在Java中創建密鑰庫文件(.jks)和自簽名證書(.cer / .crt)
[英]Create a keystore file (.jks) and a self signed certificate (.cer/.crt) in Java
使用BouncyCastle為java.security.Keystore生成自簽名證書的簡單方法
[英]Easy way to generate a self-signed certificate for java.security.Keystore using BouncyCastle
具有自簽名證書的Java SSL連接,無需將完整的密鑰庫復制到客戶端
[英]Java SSL connection with self-signed certificate without copying complete keystore to client
將SSL自簽名證書添加到Java密鑰庫中,以供Webstart應用程序中的JAX-RS使用
[英]Add SSL self signed certificate to Java keystore for use by JAX-RS in webstart app
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.