Fatal编程技术网
  • java/
  • java-如何在密钥库中存储密钥

java-如何在密钥库中存储密钥

java

java-如何在密钥库中存储密钥,java,keystore,Java,Keystore,我需要在密钥库中存储2个密钥 以下是相关代码: KeyStore ks = KeyStore.getInstance("JKS"); String password = "password"; char[] ksPass = password.toCharArray(); ks.load(null, ksPass); ks.setKeyEntry("keyForSeckeyDecrypt", privateKey, null, null); ks.setKeyEntry("keyForDigit

我需要在密钥库中存储2个密钥 以下是相关代码:

KeyStore ks = KeyStore.getInstance("JKS");
String password = "password";
char[] ksPass = password.toCharArray();
ks.load(null, ksPass);
ks.setKeyEntry("keyForSeckeyDecrypt", privateKey, null, null);
ks.setKeyEntry("keyForDigitalSignature", priv, null, null);
FileOutputStream writeStream = new FileOutputStream("key.store");
ks.store(writeStream, ksPass);
writeStream.close();
虽然我得到了一个执行选项“私钥必须伴随证书链”

那到底是什么?如何生成它?

您还需要为私钥条目提供证书(公钥)。对于由CA签名的证书,链是CA的证书和结束证书。对于自签名证书,您只有自签名证书
例如:

KeyPair keyPair = ...;//You already have this  
X509Certificate certificate = generateCertificate(keyPair);  
KeyStore keyStore = KeyStore.getInstance("JKS");  
keyStore.load(null,null);  
Certificate[] certChain = new Certificate[1];  
certChain[0] = certificate;  
keyStore.setKeyEntry("key1", (Key)keyPair.getPrivate(), pwd, certChain);  

public X509Certificate generateCertificate(KeyPair keyPair){  
   X509V3CertificateGenerator cert = new X509V3CertificateGenerator();   
   cert.setSerialNumber(BigInteger.valueOf(1));   //or generate a random number  
   cert.setSubjectDN(new X509Principal("CN=localhost"));  //see examples to add O,OU etc  
   cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed  
   cert.setPublicKey(keyPair.getPublic());  
   cert.setNotBefore(<date>);  
   cert.setNotAfter(<date>);  
   cert.setSignatureAlgorithm("SHA1WithRSAEncryption");   
    PrivateKey signingKey = keyPair.getPrivate();    
   return cert.generate(signingKey, "BC");  
}
要生成证书,请执行以下操作:
例如:

KeyPair keyPair = ...;//You already have this  
X509Certificate certificate = generateCertificate(keyPair);  
KeyStore keyStore = KeyStore.getInstance("JKS");  
keyStore.load(null,null);  
Certificate[] certChain = new Certificate[1];  
certChain[0] = certificate;  
keyStore.setKeyEntry("key1", (Key)keyPair.getPrivate(), pwd, certChain);  

public X509Certificate generateCertificate(KeyPair keyPair){  
   X509V3CertificateGenerator cert = new X509V3CertificateGenerator();   
   cert.setSerialNumber(BigInteger.valueOf(1));   //or generate a random number  
   cert.setSubjectDN(new X509Principal("CN=localhost"));  //see examples to add O,OU etc  
   cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed  
   cert.setPublicKey(keyPair.getPublic());  
   cert.setNotBefore(<date>);  
   cert.setNotAfter(<date>);  
   cert.setSignatureAlgorithm("SHA1WithRSAEncryption");   
    PrivateKey signingKey = keyPair.getPrivate();    
   return cert.generate(signingKey, "BC");  
}

public X509证书生成证书(密钥对密钥对){
X509V3CertificateGenerator证书=新X509V3CertificateGenerator();
cert.setSerialNumber(BigInteger.valueOf(1));//或生成一个随机数
cert.setSubjectDN(新的X509Principal(“CN=localhost”);//参见添加O、OU等的示例
cert.setIssuerDN(新的X509Principal(“CN=localhost”);//相同,因为它是自签名的
cert.setPublicKey(keyPair.getPublic());
证书setNotBefore();
证书setNotAfter();
证书设置签名算法(“SHA1带RSA加密”);
PrivateKey signingKey=keyPair.getPrivate();
返回证书生成(签名密钥,“BC”);
}
公钥类型为key,它们请求证书[]。我将如何将公钥强制转换为证书链难道您没有
X509Certificate
?您从哪里获得私钥?您需要使用
X509V3CertificateGenerator
创建一个证书,该证书将作为私钥项@Cratylus的一部分作为参数传递给密钥库,您可以说
KeyPair KeyPair=//您已经有了这个
。我没有!我想要它!我在哪里可以得到它?这是一个很好的解决方案。但是,我不允许使用bouncy castle,只能使用标准的Java8JCE库。怎么办?