RSA密钥对生成并存储到密钥库

Question

我尝试生成RSA密钥对并将其存储在HSM密钥库中。该代码，我现在看起来是这样的：

String configName = "C:\\eTokenConfig.cfg"; 
    Provider p = new sun.security.pkcs11.SunPKCS11(configName); 
    Security.addProvider(p); 
    // Read the keystore form the smart card 
    char[] pin = { 'p', '4', 's', 's', 'w', '0', 'r', 'd' }; 
    KeyStore keyStore = KeyStore.getInstance("PKCS11",p); 
    keyStore.load(null, pin); 
    //generate keys 
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p); 
    kpg.initialize(512); 
    KeyPair pair = kpg.generateKeyPair(); 

    PrivateKey privateKey = pair.getPrivate(); 
    PublicKey publicKey = pair.getPublic(); 
    // Save Keys How ??? 

我试图用keyStore.setEntry方法，但问题是，它需要一个证书链，我不知道如何得到这个证书？

Answer 1

如果您在令牌中生成密钥，则不应该能够读取私钥。 您需要创建一个虚拟证书（例如自签名）并使用别名进行存储，密钥库模型依赖证书才能使用。

Answer 2

见http://docs.oracle.com/javase/tutorial/security/apisign/vstep2.html

把公钥：

X509EncodedKeySpec x509ks = new X509EncodedKeySpec(
      publicKey.getEncoded()); 
    FileOutputStream fos = new FileOutputStream(strPathFilePubKey); 
    fos.write(x509ks.getEncoded()); 

负载公钥：

byte[] encodedKey = IOUtils.toByteArray(new FileInputStream(strPathFilePubKey)); 
    KeyFactory keyFactory = KeyFactory.getInstance("RSA", p); 
    X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(
      encodedKey); 
    PublicKey publicKey = keyFactory.generatePublic(pkSpec); 

保存私钥：

PKCS8EncodedKeySpec pkcsKeySpec = new PKCS8EncodedKeySpec(
      privateKey.getEncoded()); 
    FileOutputStream fos = new FileOutputStream(strPathFilePrivbKey); 
    fos.write(pkcsKeySpec.getEncoded()); 

负载私钥：

byte[] encodedKey = IOUtils.toByteArray(new FileInputStream(strPathFilePrivKey)); 
    KeyFactory keyFactory = KeyFactory.getInstance("RSA", p); 
    PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
      encodedKey); 
    PrivateKey privateKey = keyFactory.generatePrivate(privKeySpec);