Cryptography 如何从生成的ecdsa密钥填充jsonwebkey
我尝试生成一个公钥/私钥对,我将使用它对JWT进行数字签名。我用 我的问题是,我不知道如何获取表示edcsa密钥的参数,即:Cryptography 如何从生成的ecdsa密钥填充jsonwebkey,cryptography,public-key-encryption,jwt,ecdsa,jose4j,Cryptography,Public Key Encryption,Jwt,Ecdsa,Jose4j,我尝试生成一个公钥/私钥对,我将使用它对JWT进行数字签名。我用 我的问题是,我不知道如何获取表示edcsa密钥的参数,即: crv x y d KeyPairGenerator g=KeyPairGenerator.getInstance(“EC”); ECGenParameterSpec kpgparams=新的ECGenParameterSpec(“secp256r1”); g、 初始化(kpgparams); KeyPair=g.generateKeyPair(); //使用SHA25
- crv
- x
- y
- d
KeyPairGenerator g=KeyPairGenerator.getInstance(“EC”); ECGenParameterSpec kpgparams=新的ECGenParameterSpec(“secp256r1”); g、 初始化(kpgparams); KeyPair=g.generateKeyPair(); //使用SHA256withECDSA算法的签名类实例 Signature ecdsaSign=Signature.getInstance(“SHA256withECDSA”); ecdsaSign.initSign(pair.getPrivate()); System.out.println(“私钥是::”+pair.getPrivate()); System.out.println(“公钥是::”+pair.getPublic()); JsonWebKeySet JsonWebKeySet=新的JsonWebKeySet(); PrivateKey PrivateKey=pair.getPrivate(); JsonWebKey webKey=新的JsonWebKey(privateKey){ @凌驾 公共字符串getKeyType(){ //TODO自动生成的方法存根 返回“EC”; } @凌驾 受保护的void fillTypeSpecificParams(映射参数, OutputControlLevel(输出级别){ 参数put(“使用”、“信号”); 参数put(“键操作”、“符号”); 参数put(“alg”、“ES256”); 参数put(“kid”、“kukuPrivateKey”); } }; addJsonWebKey(webKey); System.out.println(“aaaa”+jsonWebKeySet.toJson());
private static String createWebKeySet() throws NoSuchAlgorithmException,
InvalidAlgorithmParameterException, InvalidKeyException {
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair pair = g.generateKeyPair();
// Instance of signature class with SHA256withECDSA algorithm
Signature ecdsaSign = Signature.getInstance("SHA256withECDSA");
ecdsaSign.initSign(pair.getPrivate());
System.out.println("Private Keys is::" + pair.getPrivate());
System.out.println("Public Keys is::" + pair.getPublic());
JsonWebKeySet jsonWebKeySet = new JsonWebKeySet();
final ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
final ECPublicKey publicKey = (ECPublicKey) pair.getPublic();
JsonWebKey privateWebKey = new JsonWebKey(privateKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "sign");
//params.put("alg", "ES256");
params.put("kid", "kukuPrivateKey");
ECParameterSpec paramSpec = privateKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
params.put("d",Base64.encode(privateKey.getS().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(privateWebKey);
JsonWebKey publicWebKey = new JsonWebKey(publicKey) {
@Override
public String getKeyType() {
// TODO Auto-generated method stub
return "EC";
}
@Override
protected void fillTypeSpecificParams(Map<String, Object> params,
OutputControlLevel outputLevel) {
params.put("use", "sig");
params.put("key_ops", "verify");
//params.put("alg", "ES256");
params.put("kid", "kukuPublicKey");
ECParameterSpec paramSpec = publicKey.getParams();
params.put("crv", "P-"+paramSpec.getCurve().getField().getFieldSize());
params.put("x", Base64.encode(publicKey.getW().getAffineX().toByteArray()));
params.put("y", Base64.encode(publicKey.getW().getAffineY().toByteArray()));
}
};
jsonWebKeySet.addJsonWebKey(publicWebKey);
return jsonWebKeySet.toJson();
}
private静态字符串createWebKeySet()抛出NoSuchAlgorithmException,
InvalidGorithmParameterException,InvalidKeyException{
KeyPairGenerator g=KeyPairGenerator.getInstance(“EC”);
ECGenParameterSpec kpgparams=新的ECGenParameterSpec(“secp256r1”);
g、 初始化(kpgparams);
KeyPair=g.generateKeyPair();
//使用SHA256withECDSA算法的签名类实例
Signature ecdsaSign=Signature.getInstance(“SHA256withECDSA”);
ecdsaSign.initSign(pair.getPrivate());
System.out.println(“私钥是::”+pair.getPrivate());
System.out.println(“公钥是::”+pair.getPublic());
JsonWebKeySet JsonWebKeySet=新的JsonWebKeySet();
最终ECPrivateKey privateKey=(ECPrivateKey)对。getPrivate();
最终的ECPublicKey公钥=(ECPublicKey)对。getPublic();
JsonWebKey privateWebKey=新的JsonWebKey(privateKey){
@凌驾
公共字符串getKeyType(){
//TODO自动生成的方法存根
返回“EC”;
}
@凌驾
受保护的void fillTypeSpecificParams(映射参数,
OutputControlLevel(输出级别){
参数put(“使用”、“信号”);
参数put(“键操作”、“符号”);
//参数put(“alg”、“ES256”);
参数put(“kid”、“kukuPrivateKey”);
ECParameterSpec paramSpec=privateKey.getParams();
参数put(“crv”,“P-”+参数spec.getCurve().getField().getFieldSize());
params.put(“x”,Base64.encode(publicKey.getW().getAffineX().toByteArray());
params.put(“y”,Base64.encode(publicKey.getW().getAffineY().toByteArray());
params.put(“d”,Base64.encode(privateKey.get().toByteArray());
}
};
addJsonWebKey(privateWebKey);
JsonWebKey publicWebKey=新的JsonWebKey(publicKey){
@凌驾
公共字符串getKeyType(){
//TODO自动生成的方法存根
返回“EC”;
}
@凌驾
受保护的void fillTypeSpecificParams(映射参数,
OutputControlLevel(输出级别){
参数put(“使用”、“信号”);
参数put(“键操作”、“验证”);
//参数put(“alg”、“ES256”);
params.put(“kid”、“kukuPublicKey”);
ECParameterSpec paramSpec=publicKey.getParams();
参数put(“crv”,“P-”+参数spec.getCurve().getField().getFieldSize());
params.put(“x”,Base64.encode(publicKey.getW().getAffineX().toByteArray());
params.put(“y”,Base64.encode(publicKey.getW().getAffineY().toByteArray());
}
};
addJsonWebKey(publicWebKey);
返回jsonWebKeySet.toJson();
}
您可以使用生成的公钥直接创建JsonWebKey,而jose4j将负责参数和编码
KeyPairGenerator g = KeyPairGenerator.getInstance("EC");
ECGenParameterSpec kpgparams = new ECGenParameterSpec("secp256r1");
g.initialize(kpgparams);
KeyPair keyPair = g.generateKeyPair();
PublicJsonWebKey jwk = PublicJsonWebKey.Factory.newPublicJwk(keyPair.getPublic());
jwk.setPrivateKey(keyPair.getPrivate());
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
您还可以使用jose4j中的EcJwkGenerator
实用程序生成密钥对,并将其包装在一个JsonWebKey中
EllipticCurveJsonWebKey jwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'
EllipticCurveJsonWebKey jwk = EcJwkGenerator.generateJwk(EllipticCurves.P256);
jwk.setUse(Use.SIGNATURE);
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
System.out.println(jwk.toJson(JsonWebKey.OutputControlLevel.INCLUDE_PRIVATE)); // to include the private key 'd'