Java 加密将原始字节转换为公钥,反之亦然
Java crypto convert raw bytes to PublicKey and vise versa
我正在尝试从 byte[] 生成 java.security.PublicKey,它只是一个原始密钥 — 它不在 X.509 或 ASN.1 中。在其他语言中,人们使用的是 libsodium,它只是给他们一个原始字节[]。我还需要能够将我的 java.security.PublicKey 转换为 byte[] 供他们消费。似乎 java.security 不遗余力地使这个具有挑战性,而不是希望我依赖预编码的 X509 SubjectPublicKeyInfo。我在这里缺少一个简单的答案吗?
Libsodium, like all NaCl derivatives, uses Curve25519 用于其加密操作,即用于 DH 密钥交换的 X25519 和用于签名的 Ed25519。
Java 自 version 11, Ed25519 is supported since version 15 起支持 X25519。这两个功能均由 SunEC 提供商提供。
对于 import/export 原始键,使用一些 BouncyCastle 函数是最简单的。以下代码为 X25519(Java 11 及更高版本)创建 X.509 格式的 public 测试密钥,并从中导出原始的 32 字节密钥。然后将原始密钥再次导入 X.509 密钥:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.encoders.Hex;
...
// Generate public test key in X.509 format
PublicKey publicKey = loadPublicKey("X25519");
byte[] publicKeyBytes = publicKey.getEncoded();
System.out.println(Base64.getEncoder().encodeToString(publicKeyBytes)); // X.509-key, check this in an ASN.1 Parser, e.g. https://lapo.it/asn1js/
// PublicKey to raw key
X25519PublicKeyParameters x25519PublicKeyParameters = (X25519PublicKeyParameters)PublicKeyFactory.createKey(publicKeyBytes);
byte[] rawKey = x25519PublicKeyParameters.getEncoded();
System.out.println(Hex.toHexString(rawKey)); // equals the raw 32 bytes key from the X.509 key
// Raw key to PublicKey
KeyFactory keyFactory = KeyFactory.getInstance("X25519");
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), rawKey);
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded());
publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
publicKeyBytes = publicKey.getEncoded();
System.out.println(Base64.getEncoder().encodeToString(publicKeyBytes)); // equals the X.509 key from above
创建 X.509 测试密钥的位置:
private static PublicKey loadPublicKey(String algorithm) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
return keyPair.getPublic();
}
Ed25519 模拟(Java 15 及更高)。
X25519 和 Ed25519 也可以 单独 与来自 BouncyCastle 的 类 实现,例如org.bouncycastle.math.ec.rfc7748.X25519(密钥协议),org.bouncycastle.crypto.generators.X25519KeyPairGenerator(密钥生成),org.bouncycastle.crypto.params.X25519PublicKeyParameters(密钥容器),以及 Ed25519 的模拟 类。
我正在尝试从 byte[] 生成 java.security.PublicKey,它只是一个原始密钥 — 它不在 X.509 或 ASN.1 中。在其他语言中,人们使用的是 libsodium,它只是给他们一个原始字节[]。我还需要能够将我的 java.security.PublicKey 转换为 byte[] 供他们消费。似乎 java.security 不遗余力地使这个具有挑战性,而不是希望我依赖预编码的 X509 SubjectPublicKeyInfo。我在这里缺少一个简单的答案吗?
Libsodium, like all NaCl derivatives, uses Curve25519 用于其加密操作,即用于 DH 密钥交换的 X25519 和用于签名的 Ed25519。 Java 自 version 11, Ed25519 is supported since version 15 起支持 X25519。这两个功能均由 SunEC 提供商提供。
对于 import/export 原始键,使用一些 BouncyCastle 函数是最简单的。以下代码为 X25519(Java 11 及更高版本)创建 X.509 格式的 public 测试密钥,并从中导出原始的 32 字节密钥。然后将原始密钥再次导入 X.509 密钥:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.encoders.Hex;
...
// Generate public test key in X.509 format
PublicKey publicKey = loadPublicKey("X25519");
byte[] publicKeyBytes = publicKey.getEncoded();
System.out.println(Base64.getEncoder().encodeToString(publicKeyBytes)); // X.509-key, check this in an ASN.1 Parser, e.g. https://lapo.it/asn1js/
// PublicKey to raw key
X25519PublicKeyParameters x25519PublicKeyParameters = (X25519PublicKeyParameters)PublicKeyFactory.createKey(publicKeyBytes);
byte[] rawKey = x25519PublicKeyParameters.getEncoded();
System.out.println(Hex.toHexString(rawKey)); // equals the raw 32 bytes key from the X.509 key
// Raw key to PublicKey
KeyFactory keyFactory = KeyFactory.getInstance("X25519");
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), rawKey);
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded());
publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
publicKeyBytes = publicKey.getEncoded();
System.out.println(Base64.getEncoder().encodeToString(publicKeyBytes)); // equals the X.509 key from above
创建 X.509 测试密钥的位置:
private static PublicKey loadPublicKey(String algorithm) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
return keyPair.getPublic();
}
Ed25519 模拟(Java 15 及更高)。
X25519 和 Ed25519 也可以 单独 与来自 BouncyCastle 的 类 实现,例如org.bouncycastle.math.ec.rfc7748.X25519(密钥协议),org.bouncycastle.crypto.generators.X25519KeyPairGenerator(密钥生成),org.bouncycastle.crypto.params.X25519PublicKeyParameters(密钥容器),以及 Ed25519 的模拟 类。