keytool生成BKS格式的私钥跟信任证书及java实例

keytool生成BKS格式的私钥和信任证书

1、下载bcprov-ext-jdk15on-150.jar

http://downloads.bouncycastle.org/java/bcprov-ext-jdk15on-150.jar

2、确认系统的keytool环境为你要操作的jre环境

3、将bcprov-ext-jdk15on-150.jar复制到%JRE_HOME%\lib\ext，与%JDK_HOME%\jre\lib\ext下

4、修改%JRE_HOME%\lib\security\java.security,与%JDK_HOME%\jre\lib\security\java.security

往最后添加，前面已经有10个了

security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
5、cmd命令下面进行运行

keytool -genkey -alias androidbks -keypass 11111111 -keyalg RSA -keysize 1024 -validity 365 -keystore bksserver.keystore -storepass 111111 -dname "cn=runtestuser3, ou=vpn, o=run, c=CN, l=shanghai" -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

6、在C:\Users\Administrator生成bksserver.keystore文件

 

7、分别生成服务器端的私钥与证书和客户端私钥的和证书，并把客户端添加向服务器端，服务器端添加向客户端信任

 

C:\Users\Administrator>keytool -genkey -alias serverkey -keypass 1993821924 -keyalg RSA -keysize 1024 -validity 365 -keystore kserver.keystore -storepass 1993821924 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider您的名字与姓氏是什么?  [Unknown]:  mei您的组织单位名称是什么?  [Unknown]:  ccniit您的组织名称是什么?  [Unknown]:  ccniit您所在的城市或区域名称是什么?  [Unknown]:  chengdu您所在的省/市/自治区名称是什么?  [Unknown]:  chengdu该单位的双字母国家/地区代码是什么?  [Unknown]:  cnCN=mei, OU=ccniit, O=ccniit, L=chengdu, ST=chengdu, C=cn是否正确?  [否]:  yC:\Users\Administrator>keytool -export -alias serverkey -keystore kserver.keystore -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -import -alias serverkey -keystore tclient.keystore -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -import -genkey -alias clientkey -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystore -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -genkey -alias clientkey -keystore klient.keystore -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystore -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysore tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProviderC:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keystore tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

 

 

android上读取store文件

 

package com.example.ssl;import java.io.BufferedReader;import java.io.InputStreamReader;import java.net.URL;import java.security.KeyStore;import javax.net.ssl.HttpsURLConnection;import javax.net.ssl.KeyManagerFactory;import javax.net.ssl.SSLContext;import javax.net.ssl.SSLSocketFactory;import javax.net.ssl.TrustManagerFactory;import android.os.Bundle;import android.app.Activity;import android.view.Menu;public class MainActivity extends Activity {private static final int SERVER_PORT = 50030;// 端口号private static final String SERVER_IP = "218.206.176.146";// 连接IPprivate static final String CLIENT_KET_PASSWORD = "123456";// 私钥密码private static final String CLIENT_TRUST_PASSWORD = "123456";// 信任证书密码private static final String CLIENT_AGREEMENT = "TLS";// 使用协议private static final String CLIENT_KEY_MANAGER = "X509";// 密钥管理器private static final String CLIENT_TRUST_MANAGER = "X509";//private static final String CLIENT_KEY_KEYSTORE = "BKS";// 密库，这里用的是BouncyCastle密库private static final String CLIENT_TRUST_KEYSTORE = "BKS";//private static final String ENCONDING = "utf-8";// 字符集SSLSocketFactory sf;@Overrideprotected void onCreate(Bundle savedInstanceState) {super.onCreate(savedInstanceState);setContentView(R.layout.activity_main);try {initKey();} catch (Exception e) {// TODO Auto-generated catch blocke.printStackTrace();}}@Overridepublic boolean onCreateOptionsMenu(Menu menu) {// Inflate the menu; this adds items to the action bar if it is present.getMenuInflater().inflate(R.menu.main, menu);return true;}// 首先初始化客户端密钥以及客户端信任密钥库信息private void initKey() throws Exception {// 取得SSL的SSLContext实例SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);// 取得KeyManagerFactory实例KeyManagerFactory keyManager = KeyManagerFactory.getInstance(CLIENT_KEY_MANAGER);// 取得TrustManagerFactory的X509密钥管理器TrustManagerFactory trustManager = TrustManagerFactory.getInstance(CLIENT_TRUST_MANAGER);// 取得BKS密库实例KeyStore clientKeyStore = KeyStore.getInstance("BKS");KeyStore trustKeyStore = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);// 加载证书和私钥,通过读取资源文件的方式读取密钥和信任证书（kclient:密钥;t_client:信任证书）clientKeyStore.load(getResources().openRawResource(R.raw.tclient),CLIENT_KET_PASSWORD.toCharArray());// kclient:密钥// t_client:信任证书trustKeyStore.load(getResources().openRawResource(R.raw.klient),CLIENT_TRUST_PASSWORD.toCharArray());// 初始化密钥管理器、信任证书管理器keyManager.init(clientKeyStore, CLIENT_KET_PASSWORD.toCharArray());trustManager.init(trustKeyStore);// 初始化SSLContextsslContext.init(keyManager.getKeyManagers(),trustManager.getTrustManagers(),new java.security.SecureRandom());sf = sslContext.getSocketFactory();}// 访问服务器，获取响应数据private String getData(String url) throws Exception {HttpsURLConnection conn = (HttpsURLConnection) new URL(url).openConnection();conn.setSSLSocketFactory(sf);conn.setRequestMethod("GET");conn.setConnectTimeout(10 * 1000);conn.setDoOutput(true);conn.setDoInput(true);conn.connect();BufferedReader br = new BufferedReader(new InputStreamReader(conn.getInputStream()));StringBuffer sb = new StringBuffer();String line;while ((line = br.readLine()) != null)sb.append(line);return sb.toString();}}