如何从pem文件加载公共证书?
我试图从下面的文件中提取RES公钥
-----BEGIN CERTIFICATE----- MIIGwTCCBamgAwIBAgIQDlV4zznmQiVeF45Ipc0k7DANBgkqhkiG9w0BAQUFADBmMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBDQS0zMB4XDTEyMTAzMDAwMDAwMFoXDTE1MTEwNDEyMDAwMFowgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVUZXhhczEQMA4GA1UEBxMHSG91c3RvbjEpMCcGA1UEChMgVmFsZXJ1cyBDb21wcmVzc2lvbiBTZXJ2aWNlcywgTFAxCzAJBgNVBAsTAklUMRkwFwYDVQQDDBAqLnZhbGVydXMtY28uY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1GR2NKV9GwVHBtpvgBUdVVbd6qeh6aKOS/r5TIKFd3vFBGjC7cWYwF26F0YFvrAP262Yu+oDRTeuSKwyHmegD7aTSOyCTOva69WcnKYRmNfHsnnGRa5z4v9EKc1RbNcwIrDUz8zcdHdP6AO8JJgLreWyBl15WXdxAr3yNbwoyJTbWk2ToC64LASP+8SQQTRszg762FIbhZ8xda8KKGAyC29/FOcLIttoBANT4hEwvcRLKOxAA8tg322Dla1XU2gnxWP2dSuLEflGRcEovPjGqxCzuGe0aN8Lg7aKwgCR1OYXmGiKCNHupHkN7A+QrD8zrxKUFd1UiyLcIovYhadcdQIDAQABo4IDTDCCA0gwHwYDVR0jBBgwFoAUUOpzidsp+xCPnuUBINTeeZlIg/cwHQYDVR0OBBYEFKKX1d9m6kHUjxQ1OpzXgNRbNGR4MCsGA1UdEQQkMCKCECoudmFsZXJ1cy1jby5jb22CDnZhbGVydXMtY28uY29tMA4GA1UdDwEB/wQEAwIFoDATBgNVHSUEDDAKBggrBgEFBQcDATBhBgNVHR/wQCMAAwDQYJKoZIhvcNAQEFBQADggEBALdCoLlXX4Sg8pKcqlT8l1MHbS2rsnw03R8lVQBQqcJimE9VZqDdoLfEPASIEMQbl40T6RHb4tFuZNjP2y4Fy3jMAYf1yajZAtAd5OLOMU39cgZQY2J8QCeEVKt8qbH6P32/2yyuh4hcNL4Vz8G0MTzwVUjz8WVmUBHAQSpS0T9oDKkwvmrkPGJFVuBxCRDKYb/23O8EKKzSTiO37VbCaeFUrTuWc8tGP8XDqRdj2yefiVqcNp4xr2tq9ZhJcISWODqO4fzt6vPOwgdnY3fbPLeH2tZoZTSCPURAadoNOAIC6fCLFlHjLuRGkxWIHMX3QnrrVD8pC7FnDO09q/aADew= -----END CERTIFICATE-----
这是我做的代码..
public static PublicKey loadPublicKeyFromFile(File publicKeyFile) throws Exception { FileReader file = new FileReader(publicKeyFile); PemReader reader = new PemReader(file); X509EncodedKeySpec caKeySpec = new X509EncodedKeySpec(reader.readPemObject().getContent()); KeyFactory kf = KeyFactory.getInstance("RSA"); PublicKey caKey = kf.generatePublic(caKeySpec); return caKey; }
但它抛弃了
java.security.InvalidKeyException: IOException: ObjectIdentifier() -- data isn't an object ID
从文件中提取RES公钥的适当方法是什么?
X.509证书和X509EncodedKeySpec是完全不同的结构,并且尝试将证书解析为密钥将不起作用。 Java的X509EncodedKeySpec
实际上是X.509的SubjectPublicKeyInfo,它只是证书的一小部分。
您需要做的是读取并解析证书,然后从证书中提取pubkey。 我不知道这样做的BC方法,但是标准的SunJCE CertificateFactory
可以这样做(并且可以读取PEM或DER来启动)这样(调整错误清理和error handling以尝试):
CertificateFactory fact = CertificateFactory.getInstance("X.509"); FileInputStream is = new FileInputStream (args[0]); X509Certificate cer = (X509Certificate) fact.generateCertificate(is); PublicKey key = cer.getPublicKey();
- 使用bouncycastle / spongycastle读取加密的私钥
- 使用充气城堡在Java中加密xml文件的示例
- 为什么桌面AES文件IO与Android AES文件IO不兼容?
- 如何使用密码加密的Privatekey生成RSA keyPair?
- 使用BouncyCastlevalidationJava中的ECDSA签名时出错
- 使用“RSA / ECB / PKCS7Padding”与Bouncy Castle
- 使用bouncycastle签署和validation签名的正确方法
- Java Diffie-Hellman密钥交换
- 使用Java和Bouncycastle进行X.509证书validation