java – 证书注册过程
我正在寻找一个注册证书的程序.
我已经搜索了很多,但没有找到一个好的答案.到目前为止,我首先要生成一个密钥库(用于创建公钥和私钥),然后私钥应该保密,公钥发送与CA的其他信息(如姓名,组织).然后CA将生成一些内容,并返回包含公钥和信息的内容. 直到现在我得到了这个但是CA产生了什么?什么是P12文件,什么是.cer文件包含? 任何人都可以帮我解决这个问题,我真的感到无助. 解决方法
在公钥基础设施中颁发证书的一般程序如下.
1)客户端生成密钥对,私有和公共密钥对 2)客户端生成CSR(证书签名请求),其包括诸如公共名称和公钥之类的属性.使用私钥对其进行签名并将其发送到服务器 3)服务器使用CSR数据构建X509证书,使用CA私钥对其进行处理并将X509返回给客户端 4)客户端将私钥和证书存储在KeyStore中
x509证书
包含密钥库的PKCS#12格式(.pfx,.p12)文件
DER或PEM格式的证书(非私钥)的公共部分 已编辑 – Android上的CSR生成 Gradle依赖项 compile 'com.madgag.spongycastle:core:1.51.0.0' compile 'com.madgag.spongycastle:pkix:1.51.0.0' 生成KeyPair和CSR //Generate KeyPair KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(KEY_SIZE,new SecureRandom()); KeyPair keyPair = keyGen.generateKeyPair(); //Generate CSR in PKCS#10 format encoded in DER PKCS10CertificationRequest csr = CsrHelper.generateCSR(keyPair,commonname); byte CSRder[] = csr.getEncoded(); 公用事业 public class CsrHelper { private final static String DEFAULT_SIGNATURE_ALGORITHM = "SHA256withRSA"; private final static String CN_PATTERN = "CN=%s,O=Aralink,OU=OrgUnit"; private static class JCESigner implements ContentSigner { private static Map<String,AlgorithmIdentifier> ALGOS = new HashMap<String,AlgorithmIdentifier>(); static { ALGOS.put("SHA256withRSA".toLowerCase(),new AlgorithmIdentifier( new ASN1ObjectIdentifier("1.2.840.113549.1.1.11"))); ALGOS.put("SHA1withRSA".toLowerCase(),new AlgorithmIdentifier( new ASN1ObjectIdentifier("1.2.840.113549.1.1.5"))); } private String mAlgo; private Signature signature; private ByteArrayOutputStream outputStream; public JCESigner(PrivateKey privateKey,String sigAlgo) { //Utils.throwIfNull(privateKey,sigAlgo); mAlgo = sigAlgo.toLowerCase(); try { this.outputStream = new ByteArrayOutputStream(); this.signature = Signature.getInstance(sigAlgo); this.signature.initSign(privateKey); } catch (GeneralSecurityException gse) { throw new IllegalArgumentException(gse.getMessage()); } } @Override public AlgorithmIdentifier getAlgorithmIdentifier() { AlgorithmIdentifier id = ALGOS.get(mAlgo); if (id == null) { throw new IllegalArgumentException("Does not support algo: " + mAlgo); } return id; } @Override public OutputStream getOutputStream() { return outputStream; } @Override public byte[] getSignature() { try { signature.update(outputStream.toByteArray()); return signature.sign(); } catch (GeneralSecurityException gse) { gse.printStackTrace(); return null; } } } //Create the certificate signing request (CSR) from private and public keys public static PKCS10CertificationRequest generateCSR(KeyPair keyPair,String cn) throws IOException,OperatorCreationException { String principal = String.format(CN_PATTERN,cn); ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM); PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder( new X500Name(principal),keyPair.getPublic()); ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator(); extensionsGenerator.addExtension(Extension.basicConstraints,true,new BasicConstraints( true)); csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,extensionsGenerator.generate()); PKCS10CertificationRequest csr = csrBuilder.build(signer); return csr; } } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |