读取DER格式java中的私钥
我有以下代码来读取PKCS#8格式的私钥
public void encryptHash(String hashToEncrypt, String pathOfKey, String Algorithm) { FileInputStream fis = null; byte[] encodedKey = null; try { File f = new File(pathOfKey); encodedKey = new byte[(int)f.length()]; fis = new FileInputStream(f); fis.read(encodedKey); fis.close(); KeyFactory kf = KeyFactory.getInstance("RSA"); PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey)); Signature rsaSigner = Signature.getInstance("SHA1withRSA"); rsaSigner.initSign(privateKey); fis = new FileInputStream(hashToEncrypt); BufferedInputStream bis = new BufferedInputStream(fis); byte[] buffer = new byte[1024]; int len = 0; while ((len = bis.read(buffer)) >= 0) { try { rsaSigner.update(buffer, 0, len); } catch (SignatureException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } } bis.close(); byte[] signature = rsaSigner.sign(); System.out.println(new String(signature)); } catch (SignatureException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeyException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (InvalidKeySpecException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (FileNotFoundException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (IOException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } catch (NoSuchAlgorithmException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } finally { try { fis.close(); } catch (IOException ex) { Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex); } } } 但我得到以下例外。
dic 09, 2011 1:59:59 PM firmaelectronica.DataEncryptor encryptHash Grave: null java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217) at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) at firmaelectronica.DataEncryptor.encryptHash(DataEncryptor.java:40) at firmaelectronica.FirmaElectronica.main(FirmaElectronica.java:39) Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:361) at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:367) at sun.security.rsa.RSAPrivateCrtKeyImpl.(RSAPrivateCrtKeyImpl.java:91) at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75) at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316) at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213) ... 3 more
知道什么是错的吗? 我试过OpenSSL openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem并且它可以工作但是当我想读取DER格式的密钥时它只发送该exception。
好吧,最后看看这个线程用Java中的RSA私钥加密找到了答案。
首先,我必须取消保护密钥,如下所示
openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -out myPEMPrivate.key
它告诉我我的密码然后我有文件myPEMPrivate.key一旦完成这个继续摆脱密码保护密钥如下
openssl pkcs8 -topk8 -nocrypt -in myPEMPrivate.key -outform DER -out myNotAnyMoreProtectedPrivate.key
有了这个我现在能够用上面的代码加载密钥。 如果我们想在java中使用传递保护密钥,则建议使用密钥库。
PS我试图避免使用openssl pkcs8 -topk8 -nocrypt -inform der -in myDERPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key来摆脱保护密钥的密码的两个步骤但我不知道为什么我有错误解密密码错误我使用WinOpenSSL也许这就是我收到错误的原因。
用这个:
-passin arg
输入文件密码源。 有关arg格式的更多信息,请参阅openssl(1)中的PASS PHRASE ARGUMENTS部分。
命令应如下所示:
openssl pkcs8 -inform DER -in myderPassProtectedPrivate.key -outform PEM -passin pass:12345678a -out myPEMPrivate.key
OpenSSL网站https://www.openssl.org/docs/apps/pkcs8.html