如何在Java中为现有私钥添加密码
假设我使用openssl创建了以前创建的私钥,但我决定不使用密码来保护它:
-----BEGIN RSA PRIVATE KEY----- BASE64 ENCODED DATA -----END RSA PRIVATE KEY----- 但后来我意识到我想保护它。
我知道如何使用openssl保护它,但我需要用Java来实现它。 可能吗 ?
首先从pem文件加载并解压缩pkcs#1未加密密钥
String pem = new String(Files.readAllBytes(Paths.get("rsa.key"))); String privateKeyPEM = pem.replace( "-----BEGIN RSA PRIVATE KEY-----\n", "") .replace("-----END RSA PRIVATE KEY-----", ""); byte[] encodedPrivateKey = Base64.getDecoder().decode(privateKeyPEM);
然后使用此代码的第二部分加密密钥(我已经包含它)
// We must use a PasswordBasedEncryption algorithm in order to encrypt the private key, you may use any common algorithm supported by openssl, you can check them in the openssl documentation http://www.openssl.org/docs/apps/pkcs8.html String MYPBEALG = "PBEWithSHA1AndDESede"; String password = "pleaseChangeit!"; int count = 20;// hash iteration count SecureRandom random = new SecureRandom(); byte[] salt = new byte[8]; random.nextBytes(salt); // Create PBE parameter set PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count); PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray()); SecretKeyFactory keyFac = SecretKeyFactory.getInstance(MYPBEALG); SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec); Cipher pbeCipher = Cipher.getInstance(MYPBEALG); // Initialize PBE Cipher with key and parameters pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); // Encrypt the encoded Private Key with the PBE key byte[] ciphertext = pbeCipher.doFinal(encodedPrivateKey); // Now construct PKCS #8 EncryptedPrivateKeyInfo object AlgorithmParameters algparms = AlgorithmParameters.getInstance(MYPBEALG); algparms.init(pbeParamSpec); EncryptedPrivateKeyInfo encinfo = new EncryptedPrivateKeyInfo(algparms, ciphertext); // and here we have it! a DER encoded PKCS#8 encrypted key! byte[] encryptedPkcs8 = encinfo.getEncoded();
使用以下代码解密(从此处删除)
public static PrivateKey getPrivateKey(byte[] encryptedPkcs8, String passwd) throws Exception{ EncryptedPrivateKeyInfo encryptPKInfo = new EncryptedPrivateKeyInfo(encryptedPkcs8); Cipher cipher = Cipher.getInstance(encryptPKInfo.getAlgName()); PBEKeySpec pbeKeySpec = new PBEKeySpec(passwd.toCharArray()); SecretKeyFactory secFac = SecretKeyFactory.getInstance(encryptPKInfo.getAlgName()); Key pbeKey = secFac.generateSecret(pbeKeySpec); AlgorithmParameters algParams = encryptPKInfo.getAlgParameters(); cipher.init(Cipher.DECRYPT_MODE, pbeKey, algParams); KeySpec pkcs8KeySpec = encryptPKInfo.getKeySpec(cipher); KeyFactory kf = KeyFactory.getInstance(ALGORITHM); return kf.generatePrivate(pkcs8KeySpec); }