在 Java 中打印椭圆曲线 ASCII-Armor 键

Printing Elliptic Curve ASCII-Armor keys in Java

我正在尝试使用 ES256_P-256 椭圆曲线密钥读取 JSON Web 密钥 (JWK),并在 Java 中将它们打印为装甲 ASCII。理想情况下,我想在没有任何第三方库的情况下执行此操作,但我在使用 bouncycastle 和本机 Java 库时遇到了问题。不确定我做错了什么。这是 JWK:

{
  "kty": "EC",
  "d": "STNVdgaTJ7Lc7dpFShEPFVgYusUKzbYmb6492BknZFI",
  "use": "sig",
  "crv": "P-256",
  "kid": "1234",
  "x": "TrMA2sZ9CaNS3TWZRpjlLg1GB-AdAItozKSJe-83yHg",
  "y": "oeBo61jYweaEbIiMLF8r-ndDuQG73WmL2sGyqqUt8b4",
  "alg": "ES256"
}

和代码

import java.math.BigInteger;
import java.security.AlgorithmParameters;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPrivateKeySpec;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.util.Base64;
import java.util.Base64.Decoder;
import java.util.Base64.Encoder;
import org.junit.Test;

public class KeyGenerator {

  @Test
  public void testGenerateECKey() {

    try {
      final Decoder decoder = Base64.getUrlDecoder();
      final Encoder encoder = Base64.getUrlEncoder();
      final byte[] secret = decoder
          .decode("STNVdgaTJ7Lc7dpFShEPFVgYusUKzbYmb6492BknZFI");
      final byte[] x_coord = decoder
          .decode("TrMA2sZ9CaNS3TWZRpjlLg1GB-AdAItozKSJe-83yHg");
      final byte[] y_coord = decoder
          .decode("oeBo61jYweaEbIiMLF8r-ndDuQG73WmL2sGyqqUt8b4");
      final BigInteger d = new BigInteger(1, secret);
      final BigInteger x = new BigInteger(1, x_coord);
      final BigInteger y = new BigInteger(1, y_coord);

      final AlgorithmParameters parameters = AlgorithmParameters
          .getInstance("EC");
      parameters.init(new ECGenParameterSpec("secp256r1"));
      final ECParameterSpec ecParameterSpec = parameters
          .getParameterSpec(ECParameterSpec.class);
      final KeyFactory keyFactory = KeyFactory.getInstance("EC");

      final ECPoint ecPoint = new ECPoint(x, y);
      final ECPublicKeySpec keySpec = new ECPublicKeySpec(ecPoint,
          ecParameterSpec);
      final ECPublicKey publicKey = (ECPublicKey) keyFactory
          .generatePublic(keySpec);

      final ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(d,
          ecParameterSpec);
      final ECPrivateKey privateKey = (ECPrivateKey) keyFactory
          .generatePrivate(ecPrivateKeySpec);

      final KeyPair keyPair = new KeyPair(publicKey, privateKey);
      // final X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(
      // keyPair.getPublic().getEncoded());
      // final PKCS8EncodedKeySpec pKCS8EncodedKeySpec = new
      // PKCS8EncodedKeySpec(
      // keyPair.getPrivate().getEncoded());

      System.out.println("-----BEGIN PUBLIC KEY-----");
      System.out.println(keyPair.getPublic().getEncoded());
      System.out.println("-----END PUBLIC KEY-----");
      System.out.println("-----BEGIN PRIVATE KEY-----");
      System.out.println(keyPair.getPrivate().getEncoded());
      System.out.println("-----END PRIVATE KEY-----");

    } catch (final NoSuchAlgorithmException | InvalidKeySpecException
        | InvalidParameterSpecException ex) {
      ex.printStackTrace();
    }
  }

}

正在输出:

-----BEGIN PUBLIC KEY-----
[B@34340fab
-----END PUBLIC KEY-----
-----BEGIN PRIVATE KEY-----
[B@2aafb23c
-----END PRIVATE KEY-----

为什么 PEM 密钥这么小?我做错了什么?

[B@34340fab 是字节数组 toString 方法的结果,您在尝试打印数组时隐式调用该方法。

PrivateKey::getEncodedPublicKey::getEncoded 将 return byte 数组表示这些键的 DER 格式。如果你想获得 PEM 格式,只需使用 base64 对结果字节数组进行编码并添加 PEM header/footer :

String publicKeyBase64 = Base64.getEncoder().encodeToString(keyPair.getPublic().getEncoded());
String privateKeyBase64 = Base64.getEncoder().encodeToString(keyPair.getPrivate().getEncoded());

System.out.println("-----BEGIN PUBLIC KEY-----");
System.out.println(publicKeyBase64);
System.out.println("-----END PUBLIC KEY-----");
System.out.println("-----BEGIN PRIVATE KEY-----");
System.out.println(privateKeyBase64);
System.out.println("-----END PRIVATE KEY-----");