在Android应用程序中从Java JSch中的字符串或资源加载私钥 [英] Loading private key from string or resource in Java JSch in Android app

问题描述

我正在编写一个应用程序，该应用程序应该使用JSch通过SSH访问我的私有服务器.由于我已经设置了公共密钥身份验证，因此我希望该应用程序以相同的方式进行身份验证.我将是唯一使用此应用程序的人，因此我想将密钥直接存储在应用程序内(例如，硬编码)或存储在手机主目录中的某个位置.哪一种是最好的存储方式，也许可以将其存储为项目中的资源文件?由于我刚接触Android开发，因此我不确定哪种方法最好.

I'm writing an app which is supposed to access my private server via SSH using JSch. Since I have set up public key authentication I want this app to authenticate the same way. I will be the only one using this app so I want to store my key either directly inside the app (e.g. hard-coded) or separated somewhere inside the home directory of my phone. Which would be the best way to store it, maybe as a resource file inside the project? Since I'm pretty new to Android development I'm not sure about what's the best way for this.

我尝试过的事情:

// [...]
String user = "my_user";
String ssh_pwd = "my_pwd";
String host = "my_host";
// stored as OpenSSH key - file not found error - where shoud I move this file?
String private_key = "./my_pk";

int port = 22;

// basic SSH connection stuff
JSch jsch = new JSch();
session = jsch.getSession(user, host, port);
jsch.addIdentity(private_key, ssh_pwd.getBytes());

另一种方式:

// [...]
// private key in OpenSSH format as a plain string
String private_key = "xyz123abc456def789ghi012..."; 
// public key in OpenSSH format as a plain string
String public_key = "a1b2c3d4e5..."; 
// [...]
jsch.addIdentity("id_rsa", private_key.getBytes(), public_key.getBytes(), ssh_pwd.getBytes());

后者导致无效私钥" 错误.除此之外，我不确定两者中哪一种是更安全的工作方式.

The latter resulted in an "invalid privatekey" error. Besides that, I'm not sure which of both is the more secure way to work with.

谢谢.

推荐答案

String private_key = "xyz123abc456def789ghi012..."; // private key in OpenSSH format as a plain string
String public_key = "a1b2c3d4e5..."; // public key in OpenSSH format as a plain string

ssh-keygen (带有

The JSch.addIdentity (and ultimately KeyPair.load) takes a buffer that contains a contents of key pair files as generated by ssh-keygen (with -m pem in recent versions of OpenSSH).

格式如下:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvc04a8wViYV5Kb4jX+MxEqN1vi9q9C7mPhf6DV+mb1ADNAiR
YeLqPMLCYUF2ViobcGfarb51gz7iB2TgkDmhQNK9XDCOUaGYN/FeZcN0JpzkjEjZ
ApbRfshj1h9qKQUW+38XKnltMtf4dxiuxkXph8P6IMVveTDs3sSbBPq560bdJ1AD
...
PEyVxlat2I4ShuLQiO1QIuS8ABu5yDM2EouB6vlxtGEBpIJItp7cyA==
-----END RSA PRIVATE KEY-----

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9zThrzBWJhXkpviNf4zESo3W+L2r0LuY+F/oNX6ZvUAM0CJFh4uo8wsJhQXZWKhtwZ9qtvnWDPuIHZOCQOaFA0r1cMI5RoZg38V5lw3QmnOSMSNkCltF+yGPWH2opBRb7fxcqeW0y1/h3GK7GRemHw/ogxW95MOzexJsE+rnrRt0nUAOu4hHjL6G/nlvdJ1jjZ06NwhYkbAxRoJkHUJTtMT2IL5ZmdAf37KHSPqZS32pLxQDmPutZxpIwlhz4aR78ZGp4+57mR069Y4at09GF0UmgtIiLjlKUexMf5sueVQ8LKhME6vOupMzTbiFEB3UJNq8d9Yx5i+c/IRHUIcI1 marti@MartinuvOmen

这不是您在private_key和public_key中使用的格式.

This is not the format you have in private_key and public_key.

另请参见 JSch从字符串中添加私钥.

这篇关于在Android应用程序中从Java JSch中的字符串或资源加载私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！