如何生成用密码加密的私钥的RSA密钥对? [英] How to generate a RSA keyPair with a Privatekey encrypted with password?

问题描述

我想生成使用密码加密的私钥PKCS8格式，然后尝试使用以下代码:

I want to generate a privatekey PKCS8 format encrypted with password, and I try with this code:

String password = "123456";
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
gen.initialize(2048);
KeyPair key = gen.generateKeyPair();
PrivateKey privateKey = key.getPrivate();
PublicKey publicKey = key.getPublic();

FileOutputStream pvt = new FileOutputStream("d:\\pvt123456.der");
try {
    pvt.write(privateKey.getEncoded());
    pvt.flush();
} finally {
    pvt.close();
}
FileOutputStream pub = new FileOutputStream("d:\\pub123456.der");
try {
    pub.write(publicKey.getEncoded());
    pub.flush();
} finally {
    pub.close();
}

但是我不知道如何使用3des加密密码以与openssl格式兼容.

But I don´t know how to encrypt a password with 3des to be compatible with openssl format.

推荐答案

我知道这有点晚了，但我也一直在寻找一种解决方法，当我搜索时发现了您的问题，现在我已经找到了一种方法来做，我决定回来分享一下:

I know it's a little bit late but I also have been looking for a way to do this and while i was searching I found your question, now that I have found a way to do this I decided to come back and share this:

// generate key pair

KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
keyPairGenerator.initialize(1024);
KeyPair keyPair = keyPairGenerator.genKeyPair();

// extract the encoded private key, this is an unencrypted PKCS#8 private key
byte[] encodedprivkey = keyPair.getPrivate().getEncoded();

// We must use a PasswordBasedEncryption algorithm in order to encrypt the private key, you may use any common algorithm supported by openssl, you can check them in the openssl documentation http://www.openssl.org/docs/apps/pkcs8.html
String MYPBEALG = "PBEWithSHA1AndDESede";
String password = "pleaseChangeit!";

int count = 20;// hash iteration count
SecureRandom random = new SecureRandom();
byte[] salt = new byte[8];
random.nextBytes(salt);

// Create PBE parameter set
PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
PBEKeySpec pbeKeySpec = new PBEKeySpec(password.toCharArray());
SecretKeyFactory keyFac = SecretKeyFactory.getInstance(MYPBEALG);
SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

Cipher pbeCipher = Cipher.getInstance(MYPBEALG);

// Initialize PBE Cipher with key and parameters
pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

// Encrypt the encoded Private Key with the PBE key
byte[] ciphertext = pbeCipher.doFinal(encodedprivkey);

// Now construct  PKCS #8 EncryptedPrivateKeyInfo object
AlgorithmParameters algparms = AlgorithmParameters.getInstance(MYPBEALG);
algparms.init(pbeParamSpec);
EncryptedPrivateKeyInfo encinfo = new EncryptedPrivateKeyInfo(algparms, ciphertext);

// and here we have it! a DER encoded PKCS#8 encrypted key!
byte[] encryptedPkcs8 = encinfo.getEncoded();

此示例代码基于我发现的以下代码: http://www.jensign.com /JavaScience/PEM/EncPrivKeyInfo/EncPrivKeyInfo.java

This example code is based on the folowing code I found: http://www.jensign.com/JavaScience/PEM/EncPrivKeyInfo/EncPrivKeyInfo.java

，但是以下资源也帮助我更好地理解了: http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html

but the folowing resource also helped me to understand a little bit better: http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html

这篇关于如何生成用密码加密的私钥的RSA密钥对?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！