1. 首页
  2. 问答
  3. 如何以编程方式生成自签名证书?

如何以编程方式生成自签名证书?

2014-01-28 77 views
0

我有一个由HSM生成的RSA公钥(2048位),该密钥已被保存在一个文件中(大小为256字节)并被编码为DER。如何以编程方式生成自签名证书?

使用JDK API(无BouncyCastle)从该文件开始以编程方式创建自签名证书是否可能?

我坚持的第一步,因为我试图加载密钥文件创建一个公开对象:

import java.io.FileInputStream; 
import java.security.KeyFactory; 
import java.security.PublicKey; 
import java.security.spec.PKCS8EncodedKeySpec; 

import org.apache.commons.io.IOUtils; 

public class Crypto { 
public static void main(String[] args) throws Exception { 

    byte[] byteArray = IOUtils.toByteArray(new FileInputStream("/tmp/pub.key")); 

    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(byteArray); 
    KeyFactory kf = KeyFactory.getInstance("RSA"); 
    PublicKey pub = kf.generatePublic(spec); 
    .... 
} 
}

,但我得到这个异常:

Exception in thread "main" java.security.spec.InvalidKeySpecException: Only RSAPublicKeySpec and X509EncodedKeySpec supported for RSA public keys 
    at sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:289) 
    at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:184) 
    at java.security.KeyFactory.generatePublic(KeyFactory.java:304) 
    at org.alex.Crypto.main(Crypto.java:17)

是有办法做到这一点?

来源

2014-01-28 alexyz78

+0

链接可能有帮助:http://stackoverflow.com/questions/19512088/how-to-generate-apk-file-programmatically-through-java-code –

回答

0

例外是告诉你这个问题! =>Only RSAPublicKeySpec and X509EncodedKeySpec supported for RSA public keys

您正在尝试使用PKCS8EncodedKeySpec,它不被支持,创建RSAPublicKeySpecX509EncodedKeySpec

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); 

byte[] input = new byte[] { (byte) 0xbe, (byte) 0xef }; 
Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC"); 

KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC"); 
RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(
    "12345678", 16), new BigInteger("11", 16)); 
RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger(
    "12345678", 16), new BigInteger("12345678", 
    16)); 

RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec); 
RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec); 

cipher.init(Cipher.ENCRYPT_MODE, pubKey);

来源

2014-01-28 16:22:33

+2

和哪里是负责创建证书的代码? – niceman

1

使用X509EncodedKeySpec(其内部实际使用PKCS#1编码RSA密钥)代替。保持代码的其余部分相同。 PKCS#8用于私钥,而不是公用密钥(因为它使用PKCS#8内部结构来将密钥与另一个密钥包装起来,并且封装公钥没有意义)。

来源

2014-01-28 19:23:26

相关问题

 相关问题