从私钥或密钥库生成 CSR
Generate CSR from private key or Key Store
如何从密钥库生成 CSR。
我已经从密钥对生成了 CSR。下面是我的代码。
public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String cn) throws IOException,
OperatorCreationException {
String principal = String.format(CN_PATTERN, cn);
ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(
new X500Name(principal), keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(
true));
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensionsGenerator.generate());
Log.e("csr builder ","csr "+csrBuilder.toString());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
但我无法从密钥库(私钥)生成 CSR。
有什么方法可以从 Keystore 生成密钥对吗?
请提前帮助me.Thanks。
您的代码与 Android KeyStore 兼容。您只需要将 KeyPair 生成到 Keystore
KeyStore 可从 Android 4.3(API 级别 18)获得。版本之间略有差异
Android >=18 < 23
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(alias)
.setSubject(new X500Principal("CN=" + alias + ", O=Android Authority"))
.setSerialNumber(BigInteger.ONE)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(spec);
KeyPair keyPair = kpg.generateKeyPair();
Android >=23
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder(
alias,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.build());
KeyPair keyPair = kpg.generateKeyPair();
我猜你说的是 java.security.KeyStore。这种抽象要求每个存储的 PrivateKey 都有相应的 Certificate 实例链(一个或多个证书)。这意味着您应该能够从 KeyStore 的私钥条目创建 KeyPair。例如,如果私钥存储在 "test":
String alias = "test";
KeyStore keyStore = KeyStore.getInstance(...);
keyStore.load(...;);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
KeyPair keyPair = new KeyPair(publicKey, privateKey);
generateCsr(keyPair, ...);
如何从密钥库生成 CSR。
我已经从密钥对生成了 CSR。下面是我的代码。
public static PKCS10CertificationRequest generateCSR(KeyPair keyPair, String cn) throws IOException,
OperatorCreationException {
String principal = String.format(CN_PATTERN, cn);
ContentSigner signer = new JCESigner (keyPair.getPrivate(),DEFAULT_SIGNATURE_ALGORITHM);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(
new X500Name(principal), keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(Extension.basicConstraints, true, new BasicConstraints(
true));
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
extensionsGenerator.generate());
Log.e("csr builder ","csr "+csrBuilder.toString());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
但我无法从密钥库(私钥)生成 CSR。 有什么方法可以从 Keystore 生成密钥对吗?
请提前帮助me.Thanks。
您的代码与 Android KeyStore 兼容。您只需要将 KeyPair 生成到 Keystore
KeyStore 可从 Android 4.3(API 级别 18)获得。版本之间略有差异
Android >=18 < 23
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.setAlias(alias)
.setSubject(new X500Principal("CN=" + alias + ", O=Android Authority"))
.setSerialNumber(BigInteger.ONE)
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(spec);
KeyPair keyPair = kpg.generateKeyPair();
Android >=23
KeyPairGenerator kpg = KeyPairGenerator.getInstance(
KeyProperties.KEY_ALGORITHM_RSA, "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder(
alias,
KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY)
.setDigests(KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA512)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.build());
KeyPair keyPair = kpg.generateKeyPair();
我猜你说的是 java.security.KeyStore。这种抽象要求每个存储的 PrivateKey 都有相应的 Certificate 实例链(一个或多个证书)。这意味着您应该能够从 KeyStore 的私钥条目创建 KeyPair。例如,如果私钥存储在 "test":
String alias = "test";
KeyStore keyStore = KeyStore.getInstance(...);
keyStore.load(...;);
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, null);
PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
KeyPair keyPair = new KeyPair(publicKey, privateKey);
generateCsr(keyPair, ...);