Java密码学

生成非对称密钥

java.security.KeyPairGenerator

KeyPairGenerator keyGen=KeyPairGenerator.getInstance("RSA");keyGen.initialize(keylength);//长度KeyPair pair =keyGen.generateKeyPair();//生成密钥对pair.getPrivate();pair.getPublic();.

---

获取公钥和私钥密钥

直接读取publickey和privatekey

公钥私钥一般都是PKCS#8, 除非特别要求PKCS#1

1.PKCS#8格式的publickey|privatekey

//apache IO的功能,直接获取byte[]byte[] bytes =FileUtils.readFileToByteArray(new File(filename));//RSA具有随机性, 所以无法做到基于password的公钥私钥//这里只是从已经是成品的公钥,私钥文件里提取出来,再转换成程序可以处理的privatekey和publickeyPKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(来源文件的字节组);KeyFactory kf = KeyFactory.getInstance("RSA");PrivateKey privateKey = kf.generatePrivate(spec);

2.pem格式的PKCS#8 参考Java密码学 - 5. pem格式的读写

PEMParser pp = new PEMParser(new FileReader("project/test/public2.pem"));PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject();KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);

转换成PKCS#1

PrivateKey prik=...PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(prik.getEncoded());ASN1Encodable encodable = pkInfo.parsePrivateKey();ASN1Primitive primitive = encodable.toASN1Primitive();byte[] privateKeyPKCS1 = primitive.getEncoded();

获得证书|publickey

// X509Certificate x509Certificate = getX509Certificate("keypair/cxj1.cer");// x509Certificate.getPublicKey();X509Certificate getX509Certificate(String certfile) throws Exception {        CertificateFactory cf = CertificateFactory.getInstance("x509");        return (X509Certificate) cf.generateCertificate(FileUtils.openInputStream(                new File(certfile)));}

从密钥管理器获取证书|privatekey

//获得keystoreKeyStore ks=...//密钥的名称,keystore的密码//获得private keyPrivateKey prik= (PrivateKey) ks.getKey(alias, password.toCharArray());//获得密钥名称//获得证书|public keyX509Certificate certificate = (X509Certificate) ks.gkeyStore.getCertificate(alias)//获得public操作, 如上面所说