如何从 Java 生成与 ssh 兼容的 id_rsa(.pub) [英] How to generate ssh compatible id_rsa(.pub) from Java

问题描述

我正在寻找一种在 Java 中以编程方式创建与 ssh 兼容的 id_rsa 和 id_rsa.pub 文件的方法.

I'm looking for a way to programmatically create ssh compatible id_rsa and id_rsa.pub files in Java.

我已经创建了 KeyPair:

I got as far as creating the KeyPair:

KeyPairGenerator generator;
generator = KeyPairGenerator.getInstance("RSA");
// or: generator = KeyPairGenerator.getInstance("DSA");
generator.initialize(2048);
keyPair = generator.genKeyPair();

但是我不知道如何在 KeyPair 中创建 PrivateKey 和 PublicKey 的 String 表示.

I can't figure out however how to create the String representation of the PrivateKey and PublicKey in the KeyPair.

推荐答案

ssh 使用的密钥格式定义在 RFC #4253.RSA公钥格式如下:

The key format used by ssh is defined in the RFC #4253. The format for RSA public key is the following :

  string    "ssh-rsa"
  mpint     e /* key public exponent */
  mpint     n /* key modulus */

所有数据类型编码都在 RFC #4251 的第 5 节中定义.字符串和 mpint(多精度整数)类型以这种方式编码:

All data type encoding is defined in the section #5 of RFC #4251. string and mpint (multiple precision integer) types are encoded this way :

  4-bytes word: data length (unsigned big-endian 32 bits integer)
  n bytes     : binary representation of the data

例如，字符串ssh-rsa"的编码是:

for instance, the encoding of the string "ssh-rsa" is:

  byte[] data = new byte[] {0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a'};

对公众进行编码:

   public byte[] encodePublicKey(RSAPublicKey key) throws IOException
   {
       ByteArrayOutputStream out = new ByteArrayOutputStream();
       /* encode the "ssh-rsa" string */
       byte[] sshrsa = new byte[] {0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a'};
       out.write(sshrsa);
       /* Encode the public exponent */
       BigInteger e = key.getPublicExponent();
       byte[] data = e.toByteArray();
       encodeUInt32(data.length, out);
       out.write(data);
       /* Encode the modulus */
       BigInteger m = key.getModulus();
       data = m.toByteArray();
       encodeUInt32(data.length, out);
       out.write(data);
       return out.toByteArray();
   }

   public void encodeUInt32(int value, OutputStream out) throws IOException
   {
       byte[] tmp = new byte[4];
       tmp[0] = (byte)((value >>> 24) & 0xff);
       tmp[1] = (byte)((value >>> 16) & 0xff);
       tmp[2] = (byte)((value >>> 8) & 0xff);
       tmp[3] = (byte)(value & 0xff);
       out.write(tmp);
   }

要获得密钥的字符串表示，只需在 Base64 中对返回的字节数组进行编码.

To have a string représentation of the key just encode the returned byte array in Base64.

对于私钥编码有两种情况:

For the private key encoding there is two cases:

1. 私钥不受密码保护.在这种情况下，私钥根据 PKCS#8 标准进行编码，然后使用 Base64 进行编码.可以通过在 RSAPrivateKey 上调用 getEncoded 来获取私钥的 PKCS8 编码.
2. 私钥受密码保护.在这种情况下，密钥编码是 OpenSSH 专用格式.不知道有没有关于这种格式的文档(当然OpenSSH源代码除外)

1. the private key is not protected by a password. In that case the private key is encoded according to the PKCS#8 standard and then encoded with Base64. It is possible to get the PKCS8 encoding of the private key by calling getEncoded on RSAPrivateKey.
2. the private key is protected by a password. In that case the key encoding is an OpenSSH dedicated format. I don't know if there is any documentation on this format (except the OpenSSH source code of course)

这篇关于如何从 Java 生成与 ssh 兼容的 id_rsa(.pub)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！