從給定的私鑰和公鑰創建 Java RSAKey 作為字符串變量

Question

對於初始實現，我使用 RSEKeyGenerator 為我的項目生成隨機密鑰，但現在我想使用正確的密鑰構建 RSAKey，我可以在兩個變量中作為字符串使用。

try {
    RSAKey rsaJWK = new RSAKeyGenerator(RSA_KEY_SIZE_BITS).generate();

    Map<String, Object> header = new HashMap<>();
    header.put("alg", "RS256");
    header.put("x5t#S256", "hash256");

    Map<String, Object> payload = new HashMap<>();
    payload.put("iss", "issuer");
    payload.put("aud", "audience");
    payload.put("exp", Long.toString(Instant.now().plus(8,ChronoUnit.HOURS).getEpochSecond()));
    payload.put("iat", Long.toString(Instant.now().minus(4, ChronoUnit.HOURS).getEpochSecond()));
    payload.put("nbf", Long.toString(Instant.now().minus(3, ChronoUnit.HOURS).getEpochSecond()));
    payload.put("jti", "jtiId");

    JWSSigner signer = new RSASSASigner(rsaJWK);
    JWSObject jwsObject = new JWSObject(
                    JWSHeader.parse(header),
                    new Payload(payload));
    jwsObject.sign(signer);
    jwt2 = jwsObject.serialize();
 } catch (JOSEException | ParseException e) {
    e.printStackTrace();
 }

密鑰作為形式的字符串接收

-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDWvChzPXBs9aA3
VlCKSG5z/EaTgpXlSDqiBVmoUKVFTIvK+mj72QYZLIXwp8GimNJAK+atUdH5YfNN
B8x2eQg2NLYigdnv5/lADI8gAcUVf1cKSwt9kgpLv2CURBBIlMh9eg3ofN9eCRm7
rbsVULOtYjpMe2nbLNdmdBtuVcjpKfN8nC4uWcoogK0jJ4ijBNmsIqAFCcIFWMuG
z2HENSFSbx+XOavsOaxrfsQpZI5IqiZMAR3GXCFkYu2nPrpUAhAElBql0TE/xr7l
dxfm5wwTPMbcUvBvIskYUqMkhc+LeO1zC0GNYhJju2Y6Ur3MJf0ztewwj1HOqD2b
Q3pAHjO9AgMBAAECggEATus8Go5cAU+MoInSc+AG6A2xiokVufx/wAgjWV66PuvQ
/LpnVxf9y8a3OykMW0u7CeaYkt5dQ0AigQ76sBfvUqywu6HpjOg+jLGQ8Hx2CF6S
iK/n+zBvJEOjpRoWufYkcSkob2dlWFQT5wwEk+LjBjfxoSZCU1D5oSfO5RAWFMqv
UWFQjlhpgtFWzBNtZIMBetWUeHuNJNYSCA2Gu2tv4yQqHgxcwScM596OXErduZc1
OZQ9Kwxe9AE6pFryxcxyngJWOKky668JwUdc/IKDzsg4O5uodZabtR1aAsX6IMAQ
ylRZeCnV/BHSljoS0wAXvUNcC4KsuFUiROIoGNfCaQKBgQD+J5quLr+Exso1KvZZ
3X4lK+hWx+7uSOr5j0No6Y+u5X98whbGqwXPFpjLFqQlcpx0DKbl4Od0FqeKBTdv
qiL3b2CRp4w+AgHjfM2ENg5XgkQDZXwToQy8ZIQvL82QMnZMYYrVoV6PfCIs7+/t
rWL+25IrP/NB9jGRKFCCBWz1ewKBgQDYS0jcaC11BvT4AfJfmZVZ8nPQuy5IB6Uq
I++5PhtTRxOW/XS/kiblp5grVmD8ZgSyIgCBU3zcZ9AF5KyN2Xl7fM8oB1owxXmi
SZgEA9b66elR7nnMRmPsDeeA0LBfasIIlifNdzEVyuy3BrI38zIuj/h1zs2WsLbX
tQh4smoKJwKBgQCYmMTZsj3Rhd3g4GO7fy5/OQauHCsMLQHQR0FNG3bmpurNyGcO
b570QPgKcBSsW00urG4E9e1iGTwMtaccR4XpFJlhuryMen4RzVxD9oTT6+XUODmw
O3E/KAbpogUFgBbhM2u9ar8w3XJTkth21zTqGoF/sEzpHN2T7yWve3x5QwKBgQCB
ZJhT8qavCdhmvZNniZOFWbvbNP887AXsrc7tfLAQI8ceXsYHDMHkRVyNIIGovMc2
YYz30SAzIo+Z1vE7csxwCXxMMAnOf3SCl5AvZrSnKmQANa/7emiwgKjrsOyySEWH
qXxqOFHO/bSa0ZCwU/bDUDGNGIh5C4J2jMBipCk3pQKBgAfrM+zHmXxkTMUtFeZT
OuZVv/4NEQYI0Sb243K/+PVw0c0VjIzp6SuDGvVhzcXV+0K8AhFaYBoAp4BSL11M
fcmlSTMA1Zi6xOlgwuRDvsw03pRLBD8cJ7YzYau0UTqSWa+/ojXpuSdN4o5ZOsDJ
tpl2RanF4WWFPPMrGYoPZ0f4
-----END PRIVATE KEY-----

和

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1rwocz1wbPWgN1ZQikhu
c/xGk4KV5Ug6ogVZqFClRUyLyvpo+9kGGSyF8KfBopjSQCvmrVHR+WHzTQfMdnkI
NjS2IoHZ7+f5QAyPIAHFFX9XCksLfZIKS79glEQQSJTIfXoN6HzfXgkZu627FVCz
rWI6THtp2yzXZnQbblXI6SnzfJwuLlnKKICtIyeIowTZrCKgBQnCBVjLhs9hxDUh
Um8flzmr7Dmsa37EKWSOS83mTAEdxlwhZGLtpz66VAIQBJQapdExP8a+5XcX5ucM
EzzG3FLwbyLJGFKjJIXPi3jtcwtBjWISY7tmOlK9zCX9M7XsMI9Rzqg9m0N6QB4z
vQIDAQAB
-----END PUBLIC KEY-----

任何關於構建 RSAKey 變量以在代碼行“jwsObject.sign(signer)”中使用的想法都值得贊賞

Answer 1

直接支持 PEM 密鑰的導入，例如對於私鑰：

String pkcs8Pem = "-----BEGIN PRIVATE KEY-----\r\n"
        + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC6cXloNrocJ8sw\r\n"
        ...
        + "BviZm5AFCQWfke4LZo5mOS10\r\n"
        + "-----END PRIVATE KEY-----";
RSAKey privRsaJWK = RSAKey.parseFromPEMEncodedObjects(pkcs8Pem).toRSAKey();
...
JWSSigner signer = new RSASSASigner(privRsaJWK);

並且類似地對於公鑰：

String x509Pem = "-----BEGIN PUBLIC KEY-----\r\n"
        + "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunF5aDa6HCfLMMI/MZLT\r\n"
        ...
        + "GwIDAQAB\r\n"
        + "-----END PUBLIC KEY-----";
RSAKey pubRsaJWK = RSAKey.parseFromPEMEncodedObjects(x509Pem).toRSAKey();
...
JWSVerifier verifier = new RSASSAVerifier(pubRsaJWK);

對於有效（和相關的密鑰）簽名和驗證以這種方式工作。

---

但是，您的私鑰似乎已損壞並引發異常。 您可以通過以下方式檢查您的私鑰：

openssl rsa -in <path to private pem file> -check

這將給出以下錯誤：

RSA key error: iqmp not inverse of q