在 java 中获取带有充气城堡的 .cer 文件
get .cer file with bouncy castel in java
我必须生成 x509 自签名证书
如何从这段代码中分散证书和私钥文件的注意力?可能吗?还有其他方法如何生成 x509 自签名证书吗?
请帮助我。
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintWriter;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.x509.X509V3CertificateGenerator;
public class javaskods {
public static X509Certificate generateV3Certificate(KeyPair pair) throws InvalidKeyException,
NoSuchProviderException, SignatureException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
| KeyUsage.keyEncipherment));
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(
KeyPurposeId.id_kp_serverAuth));
certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(
new GeneralName(GeneralName.rfc822Name, "test@test.test")));
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
public static void main(String[] args) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPair pair = generateRSAKeyPair();
X509Certificate cert = generateV3Certificate(pair);
cert.checkValidity(new Date());
cert.verify(cert.getPublicKey());
}
public static KeyPair generateRSAKeyPair() throws Exception {
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
kpGen.initialize(1024, new SecureRandom());
return kpGen.generateKeyPair();
}
}
您可以使用 keytool(JDK 的一部分)或其他实用程序生成自签名证书。
Java 密钥工具:http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html
Keytool-ui: https://code.google.com/p/keytool-iui/
keytool -genkey -keystore ./myjks -keyalg RSA -keysize 2048 -validity 999 -alias mykey
这将在 myjks 文件中为您创建一个新的私钥。
然后在您的代码中您可以通过别名和 jks 文件引用证书。
如果您正在加密,您将需要使用 keytool 导出 public 密钥并与加密数据的接收者共享。
keytool -export -keystore ./myjks -file mykey_pub.cer -alias mykey
以上命令将导出包含 public 密钥的证书。
我必须生成 x509 自签名证书 如何从这段代码中分散证书和私钥文件的注意力?可能吗?还有其他方法如何生成 x509 自签名证书吗? 请帮助我。
import java.io.PrintWriter;
import java.math.BigInteger;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.SignatureException;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintWriter;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.asn1.x509.X509Extensions;
import org.bouncycastle.jcajce.provider.asymmetric.x509.CertificateFactory;
import org.bouncycastle.x509.X509V3CertificateGenerator;
public class javaskods {
public static X509Certificate generateV3Certificate(KeyPair pair) throws InvalidKeyException,
NoSuchProviderException, SignatureException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
certGen.setIssuerDN(new X500Principal("CN=Test Certificate"));
certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000));
certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000));
certGen.setSubjectDN(new X500Principal("CN=Test Certificate"));
certGen.setPublicKey(pair.getPublic());
certGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature
| KeyUsage.keyEncipherment));
certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(
KeyPurposeId.id_kp_serverAuth));
certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(
new GeneralName(GeneralName.rfc822Name, "test@test.test")));
return certGen.generateX509Certificate(pair.getPrivate(), "BC");
}
public static void main(String[] args) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPair pair = generateRSAKeyPair();
X509Certificate cert = generateV3Certificate(pair);
cert.checkValidity(new Date());
cert.verify(cert.getPublicKey());
}
public static KeyPair generateRSAKeyPair() throws Exception {
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC");
kpGen.initialize(1024, new SecureRandom());
return kpGen.generateKeyPair();
}
}
您可以使用 keytool(JDK 的一部分)或其他实用程序生成自签名证书。
Java 密钥工具:http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html
Keytool-ui: https://code.google.com/p/keytool-iui/
keytool -genkey -keystore ./myjks -keyalg RSA -keysize 2048 -validity 999 -alias mykey
这将在 myjks 文件中为您创建一个新的私钥。
然后在您的代码中您可以通过别名和 jks 文件引用证书。
如果您正在加密,您将需要使用 keytool 导出 public 密钥并与加密数据的接收者共享。
keytool -export -keystore ./myjks -file mykey_pub.cer -alias mykey
以上命令将导出包含 public 密钥的证书。