在充气城堡中生成ECDSA私钥会返回PUBLIC密钥
我试图使用充气城堡来生成ECDSA密钥。 代码似乎从Java的角度来看很好; 但是,当我转储文件并尝试validation数据时,OpenSSL不喜欢数据的格式。
经过一番研究,我认为充气城堡正在将私钥编码为公钥。
这是我的Java代码:
public class Test { public static void main(String[] args) { Security.addProvider(new BouncyCastleProvider()); System.out.println("Starting..."); String name = "prime256v1"; try { KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDSA", BouncyCastleProvider.PROVIDER_NAME); kpg.initialize(new ECGenParameterSpec(name)); KeyPair keyPair = kpg.generateKeyPair(); FileOutputStream writer = new FileOutputStream("private.key"); writer.write(keyPair.getPrivate().getEncoded()); writer.close(); } catch(Exception e) { e.printStackTrace(); } } }
private.key
文件以有效的DER格式生成; 但是,当我运行以下命令来查看密钥的ASN.1结构时:
$ openssl asn1parse -inform DER -in /my/path/private.key 0:d=0 hl=3 l= 147 cons: SEQUENCE 3:d=1 hl=2 l= 1 prim: INTEGER :00 6:d=1 hl=2 l= 19 cons: SEQUENCE 8:d=2 hl=2 l= 7 prim: OBJECT :id-ecPublicKey 17:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 27:d=1 hl=2 l= 121 prim: OCTET STRING [HEX DUMP]:
为了比较,如果我运行以下命令使用OpenSSL生成ECDSA密钥,我将获得以下ASN.1结构:
$ openssl ecparam -name prime256v1 -genkey -noout -outform DER -out private.key $ openssl asn1parse -inform DER -in private.key 0:d=0 hl=2 l= 119 cons: SEQUENCE 2:d=1 hl=2 l= 1 prim: INTEGER :01 5:d=1 hl=2 l= 32 prim: OCTET STRING [HEX DUMP]: 39:d=1 hl=2 l= 10 cons: cont [ 0 ] 41:d=2 hl=2 l= 8 prim: OBJECT :prime256v1 51:d=1 hl=2 l= 68 cons: cont [ 1 ] 53:d=2 hl=2 l= 66 prim: BIT STRING
所以,我想我的问题是
- 有什么我想念的吗?
- 或者这是一个已知的错误?
- 反正有没有绕过它?
Java以编码格式输出密钥。 你应该试试:
private String getPrivateKeyAsHex(PrivateKey privateKey) { ECPrivateKey ecPrivateKey = (ECPrivateKey) privateKey; byte[] privateKeyBytes = new byte[PRIVATE_KEY_LENGTH]; writeToStream(privateKeyBytes, 0, ecPrivateKey.getS(), PRIVATE_KEY_LENGTH); String hex = Hex.toHexString(privateKeyBytes); logger.debug("Private key bytes: " + Arrays.toString(privateKeyBytes)); logger.debug("Private key hex: " + hex); return hex; } private String getPublicKeyAsHex(PublicKey publicKey) { ECPublicKey ecPublicKey = (ECPublicKey) publicKey; ECPoint ecPoint = ecPublicKey.getW(); byte[] publicKeyBytes = new byte[PUBLIC_KEY_LENGTH]; writeToStream(publicKeyBytes, 0, ecPoint.getAffineX(), PRIVATE_KEY_LENGTH); writeToStream(publicKeyBytes, PRIVATE_KEY_LENGTH, ecPoint.getAffineY(), PRIVATE_KEY_LENGTH); String hex = Hex.toHexString(publicKeyBytes); logger.debug("Public key bytes: " + Arrays.toString(publicKeyBytes)); logger.debug("Public key hex: " + hex); return hex; } private void writeToStream(byte[] stream, int start, BigInteger value, int size) { byte[] data = value.toByteArray(); int length = Math.min(size, data.length); int writeStart = start + size - length; int readStart = data.length - length; System.arraycopy(data, readStart, stream, writeStart, length); }
- 来自bouncycastle RSAKeyParameters的Publickey
- ColdFusion 10中的BouncyCastle库
- validation在Java中的golang中生成的rsa.SignPKCS1v15签名
- 如何将.der文件中的私钥加载到java私钥对象中
- 如何将PEM编码的椭圆曲线公钥加载到Bouncy Castle?
- 带有Bouncy Castle的256位AES / CBC / PKCS5Padding
- 使用轻量级API生成Bouncy Castle RSA密钥对
- 使用bouncycastle / spongycastle读取加密的私钥
- Java BC SicBlockCipher直接输出等效于c#