Java 无法生成PKCS#12密钥库以在Chrome中使用
我正在尝试使用Java和BouncyCastle生成PKCS#12密钥库:Java 无法生成PKCS#12密钥库以在Chrome中使用,java,security,x509certificate,bouncycastle,Java,Security,X509certificate,Bouncycastle,我正在尝试使用Java和BouncyCastle生成PKCS#12密钥库: // yesterday Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); // in 2 years Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000); // GEN
// yesterday
Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
// in 2 years
Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000);
// GENERATE THE PUBLIC/PRIVATE RSA KEY PAIR
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// GENERATE THE X509 CERTIFICATE
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=" + username);
certGen.setSerialNumber(serial);
certGen.setSubjectDN(dnName);
certGen.setIssuerDN(dnName); // use the same
certGen.setNotBefore(validityBeginDate);
certGen.setNotAfter(validityEndDate);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
KeyStore clientKeystore = KeyStore.getInstance("PKCS12", "BC");
clientKeystore.load(null, null);
clientKeystore.setKeyEntry("mkey", keyPair.getPrivate(), null, new X509Certificate[] { cert });
clientKeystore.store(new FileOutputStream("admin.pkcs"), "pass".toCharArray());
密钥库生成得很好,但当我尝试将其加载到Chrome时,它显示未知错误
。我尝试用pk12util
加载它,并得到了更详细的错误消息:
pk12util: PKCS12 decode import bags failed: SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY: Unable to import. Error attempting to import private key.
如何生成有效的PKCS#12密钥库,以便在浏览器中使用它?以下内容对我很有用(Win7、Jdk7、bcprov-jdk16 1.46)。我可以生成一个pkcs12文件并导入它。与您的代码的差异可能在于OS/JRE/BC的版本、行:Security.addProvider(new BouncyCastleProvider())和一些编译修复程序
public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, InvalidKeyException, IllegalStateException, SignatureException, KeyStoreException, CertificateException, FileNotFoundException, IOException
{
Security.addProvider(new BouncyCastleProvider());
// yesterday
Date validityBeginDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
// in 2 years
Date validityEndDate = new Date(System.currentTimeMillis() + 2 * 365 * 24 * 60 * 60 * 1000);
// GENERATE THE PUBLIC/PRIVATE RSA KEY PAIR
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(1024, new SecureRandom());
KeyPair keyPair = keyPairGenerator.generateKeyPair();
// GENERATE THE X509 CERTIFICATE
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=" + "username");
certGen.setSerialNumber(new BigInteger("100"));
certGen.setSubjectDN(dnName);
certGen.setIssuerDN(dnName); // use the same
certGen.setNotBefore(validityBeginDate);
certGen.setNotAfter(validityEndDate);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
X509Certificate cert = certGen.generate(keyPair.getPrivate(), "BC");
KeyStore clientKeystore = KeyStore.getInstance("PKCS12", "BC");
clientKeystore.load(null, null);
clientKeystore.setKeyEntry("mkey", keyPair.getPrivate(), null, new X509Certificate[] { cert });
clientKeystore.store(new FileOutputStream("admin.pkcs"), "pass".toCharArray());
}
我已找到问题的错误源—
KeyEntry
和keystore的密码必须相同