使用BouncyCastle的PKCS12SafeBagBuilder或PKCS12BagAttributeCarrier改变PKCS12安全气囊属性写入密钥库时在Android中,以文件? [英] Use BouncyCastle PKCS12SafeBagBuilder or PKCS12BagAttributeCarrier to change PKCS12 safe bag attributes when writing KeyStore to file in Android?
问题描述
我想写一个私钥和相关的签名证书到PKCS12(或.p12)使用BouncyCastle的1.47( bckpix-jdk15on-147.jar
和 bcprov-jdk15on-147.jar
),并想改变密钥加密算法和其他包的属性。我想实现可供OpenSSL的 PKCS12_create()
的功能,在这里可以设置相同的控制:
I am trying to write a private key and associated signed certificate to a PKCS12 (.p12) file on an Android device using BouncyCastle 1.47 (bckpix-jdk15on-147.jar
and bcprov-jdk15on-147.jar
) and would like to change the key encryption algorithms and other bag attributes. I am trying to implement the same control available to OpenSSL's PKCS12_create()
function, where you can set:
- 私钥加密算法
- 证书加密算法
- 加密迭代次数
- 的MAC迭代次数
到目前为止,我已经看到了使用建议 PKCS12BagAttributeCarrier
或 PKCS12SafeBagBuilder
与 PKCS12PfxPduBuilder
,但无法弄清楚如何改变上面列出的四个属性(或正确地使用它们)。
So far I have seen recommendations for using PKCS12BagAttributeCarrier
or PKCS12SafeBagBuilder
with PKCS12PfxPduBuilder
, but could not figure out how to change the four attributes listed above (or use them correctly).
有谁知道哪些方法目前preferred或与这些不断变化的外部经验和例子 PKCSObjectIdentifiers.pkcs_9_at_friendlyName
和 PKCSObjectIdentifiers.pkcs_9_at_localKeyId
?我应该使用比密钥库
对象作为一个容器以外的其他书面文件之前?
Does anyone know which method is currently preferred or have experience or examples with these outside of changing PKCSObjectIdentifiers.pkcs_9_at_friendlyName
and PKCSObjectIdentifiers.pkcs_9_at_localKeyId
? Should I be using something other than a KeyStore
object as a container before writing to file?
我能够创建PKCS12文件,并注意默认设置为重复计数是1024,私有密钥算法为 pbeWithSHA1And3-KeyTripleDES-CBC
,且证书算法 pbeWithSHA1And40BitRC2-CBC
。
I am able to create PKCS12 file and notice the defaults for both iteration counts are 1024, the private key algorithm is pbeWithSHA1And3-KeyTripleDES-CBC
, and the certificate algorithm is pbeWithSHA1And40BitRC2-CBC
.
下面是我使用创建PKCS12文件的内容:
Here is what I am using to create the PKCS12 file:
Context appContext = ...;
String p12Filename = ...;
String p12Password = ...;
String p12Alias = ...;
RSAPrivateKey privateKey = ...;
X509Certificae signedCert = ...;
KeyStore store = KeyStore.getInstance("PKCS12", "BC");
store.load(null, null);
X509Certificate[] chain = new X509Certificate[1];
chain[0] = signedCert;
store.setKeyEntry("UserCredentials", privateKey, p12Password.toCharArray(), chain);
FileOutputStream fos;
File outputDir = appContext.getFilesDir();
File pkcs12File = new File(outputDir, p12Filename);
fos = new FileOutputStream(pkcs12File);
store.store(fos, p12Password.toCharArray());
fos.flush();
fos.close();
在此先感谢!
推荐答案
是的,org.bouncycastle.pkcs包是看对了地方。
Yes, the org.bouncycastle.pkcs package is the right place to look.
有已经有很多工作在preparation在这个领域去为1.49。目前,我建议你可以得到释放位于 http://www.bouncycastle.org/betas 您可以使用测试类的PKCS包作参考,并还有一个示例程序,并在的 http://www.cryptoworkshop.com/guide
There's been a lot of work going on this area in preparation for 1.49. At the moment I'd recommend getting the release available at http://www.bouncycastle.org/betas You can use the test classes for the PKCS package for reference, and there is also an example program and a write up in the new guide at http://www.cryptoworkshop.com/guide
问候,
大卫
这篇关于使用BouncyCastle的PKCS12SafeBagBuilder或PKCS12BagAttributeCarrier改变PKCS12安全气囊属性写入密钥库时在Android中,以文件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!