java – 如何在keystore中存储密钥
发布时间:2020-12-14 17:43:11 所属栏目:Java 来源:网络整理
导读:我需要将2个密钥存储到KeyStore中 以下是相关代码: KeyStore ks = KeyStore.getInstance("JKS");String password = "password";char[] ksPass = password.toCharArray();ks.load(null,ksPass);ks.setKeyEntry("keyForSeckeyDecrypt",privateKey,null,null);
|
我需要将2个密钥存储到KeyStore中
以下是相关代码: KeyStore ks = KeyStore.getInstance("JKS");
String password = "password";
char[] ksPass = password.toCharArray();
ks.load(null,ksPass);
ks.setKeyEntry("keyForSeckeyDecrypt",privateKey,null,null);
ks.setKeyEntry("keyForDigitalSignature",priv,null);
FileOutputStream writeStream = new FileOutputStream("key.store");
ks.store(writeStream,ksPass);
writeStream.close();
虽然我得到一个执行“私钥必须附有证书链” 那是什么呢?我将如何生成它? 解决方法
您还需要为私钥输入提供证书(公开密钥).对于由CA签发的证书,该链是CA的证书和结束证书.对于自签名证书,您只能拥有自签名证书
例: KeyPair keyPair = ...;//You already have this
X509Certificate certificate = generateCertificate(keyPair);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null,null);
Certificate[] certChain = new Certificate[1];
certChain[0] = certificate;
keyStore.setKeyEntry("key1",(Key)keyPair.getPrivate(),pwd,certChain);
要生成证书,请遵循link: public X509Certificate generateCertificate(KeyPair keyPair){
X509V3CertificateGenerator cert = new X509V3CertificateGenerator();
cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number
cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc
cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed
cert.setPublicKey(keyPair.getPublic());
cert.setNotBefore(<date>);
cert.setNotAfter(<date>);
cert.setSignatureAlgorithm("SHA1WithRSAEncryption");
PrivateKey signingKey = keyPair.getPrivate();
return cert.generate(signingKey,"BC");
}
(编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |