• Java密钥库的不同类型 -- PKCS12


    原文:https://www.pixelstech.net/article/1420427307-Different-types-of-keystore-in-Java----PKCS12

    转载:https://www.cnblogs.com/yangchongxing/p/13837017.html

    Different types of keystore in Java -- PKCS12

    Java密钥库的不同类型 -- PKCS12

    JKCS12 is an active file format for storing cryptography objects as a single file. It can be used to store secret key, private key and certificate.It is a standardized format published by RSA Laboratories which means it can be used not only in Java but also in other libraries in C, C++ or C# etc. This file format is frequently used to import and export entries from or to other keystore types.

    JKCS12是一种活动文件格式,用于将加密对象存储为单个文件。它可以用来存储密钥、私钥和证书。它是RSA实验室发布的标准格式,它不仅可以用于java,而且可以用于C、C++或C等的其他库。这种文件格式经常用于从和向其他密钥存储类型导入和导出条目。

    Next we will explain the operations which can be performed on PKCS12 keystore.

    接下来我们将解释可以在PKCS12密钥库上执行的操作。

    Create PKCS12 keystore

    创建PKCS12密钥库

    Before storing an entry into a PKCS12 keystore, the keystore has to be loaded first. This means we have to have a keystore created first. The simplest way of creating a PKCS12 keystore is :

    在将条目存储到PKCS12密钥库之前,必须先加载密钥库。这意味着我们必须首先创建一个密钥库。创建PKCS12密钥库的最简单方法是:

    try{
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
         
        keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
    } catch (Exception ex){
        ex.printStackTrace();
    }

    Note, when calling keyStore.load(null, null), two nulls are passed as the input keystore stream and password. This is because we don't have the keystore available yet. After running this program, there should be a keystore file named output.p12 in current working directory.

    注意,当调用keyStore.load(null, null),传递两个null作为输入密钥库流和密码。这是因为我们还没有密钥库。运行此程序后,当前工作目录中应该有一个名为output.p12的密钥库文件。

    Store secret key

    存储密钥

    PKCS12 allows to store secret keys on a limited base. Secret keys are frequently used to encrypt/decrypt data. To transfer the keys conveniently, they can be stored in a keystore like PKCS12 and transferred.

    PKCS12允许在有限的基础上存储密钥。密钥经常用于加密/解密数据。为了方便地传输密钥,可以将它们存储在PKCS12这样的密钥库中并进行传输。

    try{
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
         
        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
        keyGen.init(128);
        Key key = keyGen.generateKey();
        keyStore.setKeyEntry("secret", key, "password".toCharArray(), null);
         
        keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
    } catch (Exception ex){
        ex.printStackTrace();
    }

    Some secret keys with algorithm AES stored on PKCS12 keystore cannot be extracted in Java. Since PKCS12 is a portable standard, other libraries may support extracting secret keys.

    在Java中无法提取PKCS12密钥库中存储的具有AES算法的密钥。由于PKCS12是一个可移植的标准,其他库可能支持提取密钥。

    Store private key

    存储私钥

    The private key and its associated certificate chain can be stored in PKCS12 keystore. The keystore contains private keys and certificates can be used in SSL communications across the web.

    私钥及其关联的证书链可以存储在PKCS12密钥库中。密钥库包含私钥,证书可用于跨web的SSL通信。

    try{
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
    //  keyStore.load(new FileInputStream("output.p12"),"password".toCharArray());
        keyStore.load(null, null);;
         
        CertAndKeyGen gen = new CertAndKeyGen("RSA","SHA1WithRSA");
        gen.generate(1024);
          
        Key key=gen.getPrivateKey();
        X509Certificate cert=gen.getSelfCertificate(new X500Name("CN=ROOT"), (long)365*24*3600);
          
        X509Certificate[] chain = new X509Certificate[1];
        chain[0]=cert;
          
        keyStore.setKeyEntry("private", key, "password".toCharArray(), chain);
          
        keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
    }catch(Exception ex){
        ex.printStackTrace();
    }

    A RSA private key is generated with the CertAndKeyGen and the associated certificate is also generated. Then the key entry is stored in the keyStore by calling keyStore.setEntry(). Don't forget to save the keyStore by calling keyStore.store(), otherwise the entry will be lost when the program exits.

    使用CertAndKeyGen生成RSA私钥,并生成相关证书。然后调用keyStore.setEntry()把私钥条目存入密钥库. 别忘了调用keyStore.store(),否则当程序退出时条目将丢失。

    Store certificate

    存储证书

    PKCS12 keystore also allows to store certificate by itself without the corresponding private key stored. To store the certificate, the KeyStore.setCertificateEntry() can be called.

  • 相关阅读:
    Apache https 证书配置...
    npm 安装 sass=-=-=
    mysql 8.0 安装
    『转』谷歌发布Windows版Chrome App Launcher
    VMware Workstation 10.0.0.1295980 CN
    16款最受关注的智能手表 苹果iWatch领衔
    百度网盘推荐部分优秀的分享达人
    『转』市售热门可穿戴式“活动追踪器 Tracker”导购指南
    各网盘活动地址及点评-14.03.28
    2014.01.07_自用软件-春运开始了....
  • 原文地址:https://www.cnblogs.com/yangchongxing/p/13837017.html
Copyright © 2020-2023  润新知