Java开发网 Java开发网
注册 | 登录 | 帮助 | 搜索 | 排行榜 | 发帖统计  

您没有登录

» Java开发网 » Java Security  

按打印兼容模式打印这个话题 打印话题    把这个话题寄给朋友 寄给朋友    该主题的所有更新都将Email到你的邮箱 订阅主题
flat modethreaded modego to previous topicgo to next topicgo to back
作者 JAVA如何从一个.p12或.pfx文件中获取公钥和私钥?
njord



发贴: 0
积分: 0
于 2003-09-10 15:16 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
JAVA可以做到吗?


作者 Re:JAVA如何从一个.p12或.pfx文件中获取公钥和私钥? [Re:njord]
njord



发贴: 0
积分: 0
于 2003-09-11 11:16 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
这个OK了

现在问题是不知道怎么从.pem或.key文件中获取私钥
后缀名不一定,是用openssl -genrsa产生的
有密钥保护口令


作者 Re:JAVA如何从一个.p12或.pfx文件中获取公钥和私钥? [Re:njord]
floater

Java Jedi

总版主


发贴: 3233
积分: 421
于 2003-09-11 22:16 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
Could you please share what you did?

Search Sun's site

http://forum.java.sun.com/thread.jsp?forum=2&thread=418860
http://forum.java.sun.com/thread.jsp?forum=2&thread=154587
http://forum.java.sun.com/thread.jsp?forum=9&thread=427694

make sure you really want to do this.

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code
作者 Re:JAVA如何从一个.p12或.pfx文件中获取公钥和私钥? [Re:njord]
njord



发贴: 0
积分: 0
于 2003-09-12 08:48 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
java.security.KeyStore也支持PKCS12编码格式的文件解析
从.pfx或.p12文件中获取证书和私钥可以通过java.security.KeyStore来进行操作

要注意的地方是有关密钥的别名(alias)
我们用keytool工具产生证书和密钥时会被要求定义一个别名。

但用openssl之类的工具产生证书和密钥时,别名不是必须的。
获取密钥和证书时,需要指定别名。

String keystorefile = "c:\\test.p12";
String keypasswd = "mypasswd";
String keyalias = "alias";
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fin = new FileInputStream(keystorefile);
ks.load(fin,keypasswd.toCharArray());
PrivateKey prikey = (PrivateKey)ks.getKey(keyalias,keypasswd.toCharArray());
Certificate cert = ks.getCertificate(keyalias);
PublicKey pubkey = cert.getPublicKey();

当你不知道别名时,可以通过KeyStore的aliases()方法获取该文件包含的所有别名。
openssl产生的.p12文件,别名是诸如1,2,3.....
而通过导入IE再导出的.pfx文件,别名则是{xxxxx-xxxxx...}之类的。


作者 Re:JAVA如何从一个.p12或.pfx文件中获取公钥和私钥? [Re:njord]
floater

Java Jedi

总版主


发贴: 3233
积分: 421
于 2003-10-17 02:23 user profilesend a private message to usersearch all posts byselect and copy to clipboard. ie only, sorry for netscape users:-)add this post to my favorite list
Be careful about the password. It can *not* be empty

/**
 * Read a p12 format digital certificate. Be careful about the file format.
 * Sometimes, it might be incompatible. If it happens, import/export again
 * using netscape(p12) or IE(pfx).
 */
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Key;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;

import java.io.*;
import java.util.*;

public class ReadP12Cert
{
    public static void main(String[] args)
    {
        final String KEYSTORE_FILE     = "cert/dev_coo1.p12";
        final String KEYSTORE_PASSWORD = "123";
        final String KEYSTORE_ALIAS    = "alias";

        try
        {
            KeyStore ks = KeyStore.getInstance("PKCS12");
            FileInputStream fis = new FileInputStream(KEYSTORE_FILE);

            // If the keystore password is empty(""), then we have to set
            // to null, otherwise it won't work!!!
            char[] nPassword = null;
            if ((KEYSTORE_PASSWORD == null) || KEYSTORE_PASSWORD.trim().equals(""))
            {
                nPassword = null;
            }
            else
            {
                nPassword = KEYSTORE_PASSWORD.toCharArray();
            }
            ks.load(fis, nPassword);
            fis.close();

            System.out.println("keystore type=" + ks.getType());

            // Now we loop all the aliases, we need the alias to get keys.
            // It seems that this value is the "Friendly name" field in the
            // detals tab <-- Certificate window <-- view <-- Certificate
            // Button <-- Content tab <-- Internet Options <-- Tools menu
            // In MS IE 6.
            Enumeration enum = ks.aliases();
            String keyAlias = null;
            if (enum.hasMoreElements()) // we are readin just one certificate.
            {
                keyAlias = (String)enum.nextElement();
                System.out.println("alias=[" + keyAlias + "]");
            }

            // Now once we know the alias, we could get the keys.
            System.out.println("is key entry=" + ks.isKeyEntry(keyAlias));
            PrivateKey prikey = (PrivateKey) ks.getKey(keyAlias, nPassword);
            Certificate cert = ks.getCertificate(keyAlias);
            PublicKey pubkey = cert.getPublicKey();

            System.out.println("cert class = " + cert.getClass().getName());
            System.out.println("cert = " + cert);
            System.out.println("public key = " + pubkey);
            System.out.println("private key = " + prikey);
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }
    }
}

"Any fool can write code that a computer can understand. Good programmers write code that humans can understand."
- Martin Fowler, Refactoring - Improving the Design of Existing Code

flat modethreaded modego to previous topicgo to next topicgo to back
  已读帖子
  新的帖子
  被删除的帖子
Jump to the top of page

   Powered by Jute Powerful Forum® Version Jute 1.5.6 Ent
Copyright © 2002-2021 Cjsdn Team. All Righits Reserved. 闽ICP备05005120号-1
客服电话 18559299278    客服信箱 714923@qq.com    客服QQ 714923