1. 首页
  2. 问答
  3. 在java中解析Armored ECC公钥/私钥(由gpg cli生成)

在java中解析Armored ECC公钥/私钥(由gpg cli生成)

2017-06-19 128 views
7

我试图将装甲ECC gpg密钥转换为相应的java类 ECPrivateKey/ECPublicKey。在java中解析Armored ECC公钥/私钥(由gpg cli生成)

为了生成我使用的密钥对:gpg --expert --full-generate-key

然后选择(9)ECC和ECC(或(10)ECC(只登录))

然后选择(3)NIST P- 256

,导致:

-----BEGIN PGP PUBLIC KEY BLOCK----- 

mFIEWUdzwhMIKoZIzj0DAQcCAwQkAvZC1PIJ8ke1myyKhNny9vN78TIYo2MuAOY+ 
F38L9S3+Za9cKV/iIHOqfapbMoqdSmSnqDkevwQSr5MF2UOXtCJzaWduZWNjIChF 
Q0Mgc2lnbiBvbmx5KSA8c3NAc3MuY28+iJAEExMIADgWIQRiC+kefVkjnjKovKy5 
XANFl5+n1gUCWUdzwgIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRC5XANF 
l5+n1mzGAQDsgutymxDTTXPKFfpFFVp4fxacx1MSqxP71gNJYjguXwD8CEXD20Vm 
aU1WMi2jU7JC6oJn94Y4vWHwTLOU1zmQ19o= 
=swfS 
-----END PGP PUBLIC KEY BLOCK----- 

-----BEGIN PGP PRIVATE KEY BLOCK----- 

lHcEWUdzwhMIKoZIzj0DAQcCAwQkAvZC1PIJ8ke1myyKhNny9vN78TIYo2MuAOY+ 
F38L9S3+Za9cKV/iIHOqfapbMoqdSmSnqDkevwQSr5MF2UOXAAD9FhS2HZoWOyIi 
l9nj+WPa9S1o50jM5bNIRALzcyS8SgoP97Qic2lnbmVjYyAoRUNDIHNpZ24gb25s 
eSkgPHNzQHNzLmNvPoiQBBMTCAA4FiEEYgvpHn1ZI54yqLysuVwDRZefp9YFAllH 
c8ICGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQuVwDRZefp9ZsxgEA7ILr 
cpsQ001zyhX6RRVaeH8WnMdTEqsT+9YDSWI4Ll8A/AhFw9tFZmlNVjIto1OyQuqC 
Z/eGOL1h8EyzlNc5kNfa 
=qHBB 
-----END PGP PRIVATE KEY BLOCK-----

如何从这个装甲文本格式得到有效java.security.interfaces.ECPrivateKey和java.security.interfaces.ECP ublicKey的java类?

我的最终目标是通过以下方式签署:

String createSignatureFromJson(String jsonPayload, byte[] privateKey) { 
     Payload payload = new Payload(jsonPayload) 
     def key = privateKeyParse(privateKey) 

     JWSSigner signer = new ECDSASigner((ECPrivateKey)key) 
     JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES256).build() 

     JWSObject jwsObject = new JWSObject(header, payload) 
     jwsObject.sign(signer) 
     jwsObject.signature 
    }

来源

2017-06-19 Tomer Mayost

回答

1 
public static ECPrivateKey privateKeyParse(byte[] privateKey) throws Exception { 

     InputStream pgpIn = PGPUtil.getDecoderStream(new ByteArrayInputStream(privateKey)); 

     PGPObjectFactory pgpFact = new PGPObjectFactory(pgpIn, new JcaKeyFingerprintCalculator()); 
     PGPSecretKeyRing pgpSecRing = (PGPSecretKeyRing) pgpFact.nextObject(); 
     PGPSecretKey pgpSec = pgpSecRing.getSecretKey(); 

     PGPPrivateKey pgpPriv = pgpSec.extractPrivateKey(null); 

     JcaPGPKeyConverter converter = new JcaPGPKeyConverter(); 
     // this is the part i was missing from Peter Dettman's answer. pass BC provider to the converter 
     converter.setProvider(new BouncyCastleProvider()); 
     PrivateKey key = converter.getPrivateKey(pgpPriv); 
     return (ECPrivateKey) key; 
    }

来源

2017-06-28 06:49:38

4

如果你只是通过在“私有密钥块”,这将提取ECPrivateKey:

private static ECPrivateKey privateKeyParse(byte[] privateKey) throws Exception 
{ 
    InputStream pgpIn = PGPUtil.getDecoderStream(new ByteArrayInputStream(privateKey)); 

    PGPObjectFactory pgpFact = new PGPObjectFactory(pgpIn, new JcaKeyFingerprintCalculator()); 
    PGPSecretKeyRing pgpSecRing = (PGPSecretKeyRing)pgpFact.nextObject(); 
    PGPSecretKey pgpSec = pgpSecRing.getSecretKey(); 
    PGPPrivateKey pgpPriv = pgpSec.extractPrivateKey(null); 

    return (ECPrivateKey)new JcaPGPKeyConverter().getPrivateKey(pgpPriv); 
}

要回答评论问题如何获得'privateKey',如果整个:

-----BEGIN PGP PRIVATE KEY BLOCK----- 
... 
-----END PGP PRIVATE KEY BLOCK-----

是在一个文件,然后只是读取整个文件转换成一个byte []:

InputStream fIn = new BufferedInputStream(new FileInputStream(...)); 
byte[] privateKey = org.bouncycastle.util.io.Streams.readAll(fIn);

来源

2017-06-20 07:17:53

+0

你能具体谈谈如何从私有密钥块获取到的byte []专用密钥参数? –

+0

我得到java.io.IOException异常:未知的PGP公钥算法遇到了 :PGPSecretKeyRing pgpSecRing =(PGPSecretKeyRing)pgpFact.nextObject() 提供的私有密钥块的方法,通过以下方式时: privateKeyBlock。 split('\ n')。join()。bytes –

+0

你使用什么版本的BC?我认为PGP EC密钥只能在1.50左右支持。 –

相关问题

 相关问题