問題描述

我需要java中的非對稱加密.我使用 http://www.imacat.idv.tw/tech/sslcerts.html .
如何使用這些 .key 和 .crt 文件提取 Java 中的公鑰和私鑰?

I need asymmetric encryption in java. I generate .key and .crt files with own password and .crt file by openssl that said in http://www.imacat.idv.tw/tech/sslcerts.html .
How to use these .key and .crt file to extract publickey and private key in Java?

推薦答案

您的 .key 和 .crt 文件可能是 PEM 格式.要檢查這一點，請使用文本編輯器打開它們并檢查內容是否類似于 -----BEGIN CERTIFICATE----- (或開始 RSA 私鑰"...).這通常是 OpenSSL 使用的默認格式，除非您明確指定 DER.

Your .key and .crt files may be in PEM format. To check this open them with a text editor and check whether the content looks like ------BEGIN CERTIFICATE------ (or "begin RSA private key"...). This is generally the default format used by OpenSSL, unless you've explicitly specified DER.

這可能不是必需的(見下文)，但如果您的證書是 DER 格式(二進制格式)，您可以使用以下方法將它們轉換為 PEM 格式:

It's probably not required (see below), but if your certificate is in DER format (a binary format), you can convert them in PEM format using:

openssl x509 -inform DER -in cert.crt -outform PEM -out cert.pem

(如果需要，請查看 openssl rsa 的幫助以使用私鑰執行類似操作.)

(Check the help for openssl rsa for doing something similar with the private key if needed.)

然后你有兩個選擇:

• 構建一個 PKCS#12 文件

• Build a PKCS#12 file

openssl pkcs12 -export -in myhost.crt -inkey myhost.key -out myhost.p12

然后，您可以直接從 Java 中將其用作PKCS12"類型的密鑰庫.除文件位置外，大多數 Java 應用程序都應允許您指定密鑰庫類型.對于默認系統屬性，這是通過 javax.net.ssl.keyStoreType 完成的(但您正在使用的應用程序可能不使用它).否則，如果您想顯式加載它，請使用以下內容:

You can then use it directly from Java as a keystore of type "PKCS12". Most Java applications should allow you to specify a keystore type in addition to the file location. For the default system properties, this is done with javax.net.ssl.keyStoreType (but the application you're using might not be using this). Otherwise, if you want to load it explicitly, use something like this:

KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis =
    new FileInputStream("/path/to/myhost.p12");
ks.load(fis, "password".toCharArray()); // There are other ways to read the password.
fis.close();

(然后，您應該能夠遍歷 aliases()/security/KeyStore.html" rel="noreferrer">KeyStore 并使用 getCertificate (然后使用 getPublicKey()公鑰)和 getKey().

(Then, you should be able to iterate through the aliases() of the KeyStore and use getCertificate (and then getPublicKey() for the public key) and getKey().

• 使用 BouncyCastle 的 PEMReader.

 FileReader fr = ... // Create a FileReader for myhost.crt
 PEMReader pemReader = new PEMReader(fr);
 X509Certificate cert = (X509Certificate)pemReader.readObject();
 PublicKey pk = cert.getPublicKey();
 // Close reader...

對于私鑰，如果私鑰受密碼保護，則需要實現 PasswordFinder(請參閱 PEMReader 文檔中的鏈接)來構建 PEMReader.(您需要將 readObject() 的結果轉換為 Key 或 PrivateKey.)

For the private key, you'll need to implement a PasswordFinder (see link from PEMReader doc) for constructing the PEMReader if the private key is password-protected. (You'll need to cast the result of readObject() into a Key or PrivateKey.)

這篇關于如何在openssl生成的java中使用.key和.crt文件?的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！