java – 如何在密钥库中存储密钥
我需要将2个密钥存储到KeyStore这里是相关的代码:
KeyStore ks = KeyStore.getInstance("JKS"); String password = "password"; char[] ksPass = password.toCharArray(); ks.load(null, ksPass); ks.setKeyEntry("keyForSeckeyDecrypt", privateKey, null, null); ks.setKeyEntry("keyForDigitalSignature", priv, null, null); FileOutputStream writeStream = new FileOutputStream("key.store"); ks.store(writeStream, ksPass); writeStream.close(); 虽然我得到了一个execption“私钥必须伴随证书链”
那究竟是什么? 我将如何生成它?
您还需要提供私钥输入的证书(公钥)。 对于由CA签名的证书,该链是CA的证书和最终证书。 对于自签名证书,您只拥有自签名证书
例:
KeyPair keyPair = ...;//You already have this X509Certificate certificate = generateCertificate(keyPair); KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(null,null); Certificate[] certChain = new Certificate[1]; certChain[0] = certificate; keyStore.setKeyEntry("key1", (Key)keyPair.getPrivate(), pwd, certChain);
要生成证书,请点击以下链接 :
例:
public X509Certificate generateCertificate(KeyPair keyPair){ X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed cert.setPublicKey(keyPair.getPublic()); cert.setNotBefore(); cert.setNotAfter( ); cert.setSignatureAlgorithm("SHA1WithRSAEncryption"); PrivateKey signingKey = keyPair.getPrivate(); return cert.generate(signingKey, "BC"); }