Java 在Bouncy Castle中创建密钥使用离线CRL签名
如何通过bouncy casle创建密钥使用离线CRL签名? 我知道如何使用常量创建预定义的keyCertSign或其他Java 在Bouncy Castle中创建密钥使用离线CRL签名,java,x509certificate,bouncycastle,Java,X509certificate,Bouncycastle,如何通过bouncy casle创建密钥使用离线CRL签名? 我知道如何使用常量创建预定义的keyCertSign或其他 import org.bouncycastle.asn1.x509.KeyUsage; KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign); KeyUsage.cRLSign应包括CRL签名和脱机CRL签名。根据X.509规范,只有9种基本的关键用法 KeyUsage
import org.bouncycastle.asn1.x509.KeyUsage;
KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
KeyUsage.cRLSign应包括CRL签名和脱机CRL签名。根据X.509规范,只有9种基本的关键用法
KeyUsage ::= BIT STRING {
digitalSignature (0),
nonRepudiation (1), -- recent editions of X.509 have
-- renamed this bit to contentCommitment
keyEncipherment (2),
dataEncipherment (3),
keyAgreement (4),
keyCertSign (5),
cRLSign (6),
encipherOnly (7),
decipherOnly (8) }
如果设置了cRLSign位,并且您在IE中打开证书,您将看到“离线CRL签名,CRL签名”。其他证书查看器可能只会说“CRL签名”