使用BouncyCastle的PKCS12SafeBagBuilder或PKCS12BagAttributeCarrier改变PKCS12安全气囊属性写入密钥库时在Android中，以文件？ [英] Use BouncyCastle PKCS12SafeBagBuilder or PKCS12BagAttributeCarrier to change PKCS12 safe bag attributes when writing KeyStore to file in Android?

问题描述

我想写一个私钥和相关的签名证书到PKCS12（或.p12）使用BouncyCastle的1.47（ bckpix-jdk15on-147.jar 和 bcprov-jdk15on-147.jar ），并想改变密钥加密算法和其他包的属性。我想实现可供OpenSSL的 PKCS12_create（）的功能，在这里可以设置相同的控制：

I am trying to write a private key and associated signed certificate to a PKCS12 (.p12) file on an Android device using BouncyCastle 1.47 (bckpix-jdk15on-147.jar and bcprov-jdk15on-147.jar) and would like to change the key encryption algorithms and other bag attributes. I am trying to implement the same control available to OpenSSL's PKCS12_create() function, where you can set:

• 私钥加密算法


• 证书加密算法


• 加密迭代次数


• 的MAC迭代次数

到目前为止，我已经看到了使用建议 PKCS12BagAttributeCarrier 或 PKCS12SafeBagBuilder 与 PKCS12PfxPduBuilder ，但无法弄清楚如何改变上面列出的四个属性（或正确地使用它们）。

So far I have seen recommendations for using PKCS12BagAttributeCarrier or PKCS12SafeBagBuilder with PKCS12PfxPduBuilder, but could not figure out how to change the four attributes listed above (or use them correctly).

有谁知道哪些方法目前preferred或与这些不断变化的外部经验和例子 PKCSObjectIdentifiers.pkcs_9_at_friendlyName 和 PKCSObjectIdentifiers.pkcs_9_at_localKeyId ？我应该使用比密钥库对象作为一个容器以外的其他书面文件之前？

Does anyone know which method is currently preferred or have experience or examples with these outside of changing PKCSObjectIdentifiers.pkcs_9_at_friendlyName and PKCSObjectIdentifiers.pkcs_9_at_localKeyId? Should I be using something other than a KeyStore object as a container before writing to file?

我能够创建PKCS12文件，并注意默认设置为重复计数是1024，私有密钥算法为 pbeWithSHA1And3-KeyTripleDES-CBC ，且证书算法 pbeWithSHA1And40BitRC2-CBC 。

I am able to create PKCS12 file and notice the defaults for both iteration counts are 1024, the private key algorithm is pbeWithSHA1And3-KeyTripleDES-CBC, and the certificate algorithm is pbeWithSHA1And40BitRC2-CBC.

下面是我使用创建PKCS12文件的内容：

Here is what I am using to create the PKCS12 file:

Context appContext = ...;
String p12Filename = ...;
String p12Password = ...;
String p12Alias = ...;
RSAPrivateKey privateKey = ...;
X509Certificae signedCert = ...;

KeyStore store = KeyStore.getInstance("PKCS12", "BC");
store.load(null, null);
X509Certificate[] chain = new X509Certificate[1];
chain[0] = signedCert;

store.setKeyEntry("UserCredentials", privateKey, p12Password.toCharArray(), chain);

FileOutputStream fos;
File outputDir = appContext.getFilesDir();
File pkcs12File = new File(outputDir, p12Filename);
fos = new FileOutputStream(pkcs12File);

store.store(fos, p12Password.toCharArray());
fos.flush();
fos.close();

在此先感谢！

推荐答案

是的，org.bouncycastle.pkcs包是看对了地方。

Yes, the org.bouncycastle.pkcs package is the right place to look.

有已经有很多工作在preparation在这个领域去为1.49。目前，我建议你可以得到释放位于 http://www.bouncycastle.org/betas 您可以使用测试类的PKCS包作参考，并还有一个示例程序，并在的 http://www.cryptoworkshop.com/guide

There's been a lot of work going on this area in preparation for 1.49. At the moment I'd recommend getting the release available at http://www.bouncycastle.org/betas You can use the test classes for the PKCS package for reference, and there is also an example program and a write up in the new guide at http://www.cryptoworkshop.com/guide

问候，

大卫

这篇关于使用BouncyCastle的PKCS12SafeBagBuilder或PKCS12BagAttributeCarrier改变PKCS12安全气囊属性写入密钥库时在Android中，以文件？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！