从私钥或密钥库生成 CSR

Generate CSR from private key or Key Store

如何从密钥库生成 CSR。

我已经从密钥对生成了 CSR。下面是我的代码。

public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String cn) throws IOException,
        OperatorCreationException {
    String principal = String.format(CN_PATTERN, cn);

    ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM);

    PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(
            new X500Name(principal), keyPair.getPublic());
    ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
    extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(
            true));
    csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
            extensionsGenerator.generate());
    Log.e("csr builder ","csr "+csrBuilder.toString());
    PKCS10CertificationRequest csr = csrBuilder.build(signer);

    return csr;
}

但我无法从密钥库(私钥)生成 CSR。 有什么方法可以从 Keystore 生成密钥对吗?

请提前帮助me.Thanks。

您的代码与 Android KeyStore 兼容。您只需要将 KeyPair 生成到 Keystore

KeyStore 可从 Android 4.3(API 级别 18)获得。版本之间略有差异

Android >=18 < 23

KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
                .setAlias(alias)
                .setSubject(new X500Principal("CN=" + alias + ", O=Android Authority"))
                .setSerialNumber(BigInteger.ONE)
                .setStartDate(start.getTime())
                .setEndDate(end.getTime())
                .build();

KeyPairGenerator kpg = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");

kpg.initialize(spec);
KeyPair keyPair = kpg.generateKeyPair();

Android >=23

KeyPairGenerator kpg = KeyPairGenerator.getInstance(
                KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");


kpg.initialize(new KeyGenParameterSpec.Builder(
                alias,
                KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
                .setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
                .setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
                .build());

KeyPair keyPair = kpg.generateKeyPair();

我猜你说的是 java.security.KeyStore。这种抽象要求每个存储的 PrivateKey 都有相应的 Certificate 实例链(一个或多个证书)。这意味着您应该能够从 KeyStore 的私钥条目创建 KeyPair。例如,如果私钥存储在 "test":

String alias = "test";
KeyStore keyStore = KeyStore.getInstance(...);
keyStore.load(...;);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
KeyPair keyPair = new KeyPair(publicKey, privateKey);
generateCsr(keyPair, ...);