在Java中为OpenSSL格式化RSA密钥 [英] Formatting RSA keys for OpenSSL in Java
问题描述
$ b
openssl genrsa -out mykey.pem 1024 创建了以下内容:
----- BEGIN RSA私钥-----
MIICXQIBAAKBgQChs9Fepy5FgeL0gNJ8GHcKRHsYnM2Kkw19zwydDQNyh2hrHWV2
B11wpLFp8d0imcl2Wjb0oV / AxOhb3unQgNzs66LVuXJwS8icp3oIJZtExs6tkxzE
s5mnU68wMeCYtJqHIZOmNblVWvpJMLNAwAVi3oLfnzDDbzjnDapm8M21nQIDAQAB
AoGAZ11P1 + acUHgvwMXcRtFIvvp5iYkqZouL00EYOghIjNx75gTbh7A7jbbpZeTi
y6xsuMgAWy4QzGPSeG + tHMhS7 + dYQNPuKSv5KtK3V7ubXz / I3ZN1etRVecA56QNw
7HKv6b7srolt08kogGIwpbbfl / mhfJHnv4Jeqd5lNMnK4e0CQQDWFZo4h22OlSaH
ZGd3i4rwLrA0Ux5bkdh7YH0uEeE / nGzpVs1DPhsN8UCyq9LAiKYLlXeeCvwurKwo
OgKlUCkzAkEAwVy2KignoRInFTAaYH8PQRfD835q + oC0Iu21BF68ne06U6wu + WWK
bWiYxTOOb + TGZfA1vA6OAvGVGoXs1bHF7wJBAItGiop0MKYuCl7Sxy1SrxUKir + /
w2Q3QesiHs41 + 6Byl7hGLEuuv9MWPM0AU5 / GRqAKoUNESkPjOi0BcG8z81kCQGGn
OvCreugjzM0skAWv5bpQE ExGyixdF5yURFlCpytzBYQAb3Gi9dmze4QMd6EW / WO4
fsrM5vehnlXY0TVTJM0CQQCMPVhub8LSo7T / lCzypvb / cgxJfyITRKcM2asrXud5
r27kbzsXqYum4huHqyFkb3pZammsYA / z89HchylfrD4U
----- END RSA私钥-----
以下代码在Java 6下,
KeyPairGenerator keyGen = null;
尝试{
keyGen = KeyPairGenerator.getInstance(RSA);
} catch(NoSuchAlgorithmException e){
throw new RuntimeException(e);
}
KeyPair pair = keyGen.generateKeyPair();
privateKey = new Base64Encoder()。encode(pair.getPrivate()。getEncoded());
publicKey = new Base64Encoder()。encode(pair.getPublic()。getEncoded());`
输出以下内容:
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIsJlqFOP + jPyYvrGwh + dff30a3p
uHysMfHYi1MyNSFCsT / 2QbOc / k9U / X28WRCMeFwEEnReLULXA9Ywox8GycI / ApMX + DjKBrrLDbpr
ATLiu9 + NMK4VSytKFI87P07HAni3RkiO4rFNEINVQ7t38ZmHavuXHjMkLEAK4dyLQO9NAgMBAAEC
gYBN / jv0EmwBUgYSKflJI39TcT263B + 0N / fwXXOSYNiy5rF9WstyUP / LSrbEAJLJmLKvk00y391t
4CVz0ma + sdUdAPlS7Nmx9f3BThGOGcDmpjVo1y4e1afWtyu66ba / XDeuf7q5Y /小时/ PR20 / gXl9Gz2
yefQrzU9xXGKZhE / lxJ2IQJBAMELpeAal + FA + u0InGrowVmV + lge8RZqKRfCDzPPna465E5Qcekb
J0ShsarP5lnUfrNH5g8GLaDGQwYE / UoIpPkCQQC4YRfck5uMlI1K3F9YC3XvmFAJnf9YexoPfNSu
dznOD4rxlwzW / 5daPOR0jjlyIRDH / QuUoPIIEn1mt3dnz7X1AkBZciozgl7pPhySA7FmH96mwcUz
W3LdrebIaVRd707iUctDNibxmXFCbaFCwf27laf3LdM9FuHBYtvfSCSMTyERAkEAlNAQsUAVmKZB
T72D2o0Nd / 7oAosaD7DzvLJU + idSaWUUEJ + IhnKuFu / 0t7oe1WWopLEwypoIHsnFmsTTQ99ajQJA
Scwh3P3RT N4F6Jz1SxRSe6L729xI8xkbco5EsMq5v5BZeoGynqdPUUZdAPcaO2k5UagaSejvzgna
8xIqR7elVQ ==
的MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLCZahTj / oz8mL6xsIfnX399Gt6bh8rDHx2ItT
MjUhQrE / 9kGznP5PVP19vFkQjHhcBBJ0Xi1C1wPWMKMfBsnCPwKTF / g4yga6yw26awEy4rvfjTCu
FUsrShSPOz9OxwJ4t0ZIjuKxTRCDVUO7d / GZh2r7lx4zJCxACuHci0DvTQIDAQAB
问题
-
如何将护甲围绕通过Java代码创建的私钥和公钥吗?
为什么通过Java代码生成的每一行密钥比由OpenSSL输出的密钥长?
-
它有什么区别吗?其他团队正在使用的其中一个工具在使用上述Java代码生成的私钥签名消息时失败。但是,它工作得很好,工具使用由OpenSSL生成的私钥。有没有一种方法可以导出与Java兼容的密钥?
$ b $ OpenSSL私钥是非标准格式,而Java代码是创建一个标准的,PKCS-#8编码的私钥。
OpenSSL可以将标准密钥格式转换为非标准格式。你可以编写Java代码来做同样的事情,但是它需要一些第三方库,并且对ASN.1很有帮助。
转换一个PKCS#8 OpenSSL格式的关键,使用OpenSSL的 pkcs8 工具。
openssl pkcs8 - nocrypt -inform der< pvt.der>为了将存储为DER编码的SubjectPublicKeyInfo的RSA密钥转换为PEM格式,可以使用OpenSSL的code $ rsapub.der> pub.pem
假设私钥以二进制(DER)格式存储,而不是Base-64编码。创建和存储这样的键的Java代码如下所示:
KeyPairGenerator gen = KeyPairGenerator.getInstance(RSA) ;
KeyPair pair = gen.generateKeyPair();
FileOutputStream ospvt = new FileOutputStream(pvt.der);
try {
ospvt.write(pair.getPrivate()。getEncoded());
ospvt.flush();
} finally {
ospvt.close();
FileOutputStream ospub = new FileOutputStream(pub.der);
try {
ospub.write(pair.getPublic()。getEncoded());
ospub.flush();
} finally {
ospub.close();
}
Background
RSA key generation with OpenSSL on Linux using the command,
openssl genrsa -out mykey.pem 1024
created the following:
"-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQChs9Fepy5FgeL0gNJ8GHcKRHsYnM2Kkw19zwydDQNyh2hrHWV2
B11wpLFp8d0imcl2Wjb0oV/AxOhb3unQgNzs66LVuXJwS8icp3oIJZtExs6tkxzE
s5mnU68wMeCYtJqHIZOmNblVWvpJMLNAwAVi3oLfnzDDbzjnDapm8M21nQIDAQAB
AoGAZ11P1+acUHgvwMXcRtFIvvp5iYkqZouL00EYOghIjNx75gTbh7A7jbbpZeTi
y6xsuMgAWy4QzGPSeG+tHMhS7+dYQNPuKSv5KtK3V7ubXz/I3ZN1etRVecA56QNw
7HKv6b7srolt08kogGIwpbbfl/mhfJHnv4Jeqd5lNMnK4e0CQQDWFZo4h22OlSaH
ZGd3i4rwLrA0Ux5bkdh7YH0uEeE/nGzpVs1DPhsN8UCyq9LAiKYLlXeeCvwurKwo
OgKlUCkzAkEAwVy2KignoRInFTAaYH8PQRfD835q+oC0Iu21BF68ne06U6wu+wWk
bWiYxTOOb+TGZfA1vA6OAvGVGoXs1bHF7wJBAItGiop0MKYuCl7Sxy1SrxUKir+/
w2Q3QesiHs41+6Byl7hGLEuuv9MWPM0AU5/GRqAKoUNESkPjOi0BcG8z81kCQGGn
OvCreugjzM0skAWv5bpQEExGyixdF5yURFlCpytzBYQAb3Gi9dmze4QMd6EW/wO4
fsrM5vehnlXY0TVTJM0CQQCMPVhub8LSo7T/lCzypvb/cgxJfyITRKcM2asrXud5
r27kbzsXqYum4huHqyFkb3pZammsYA/z89HchylfrD4U
-----END RSA PRIVATE KEY-----"
The following code under Java 6,
KeyPairGenerator keyGen = null;
try {
keyGen = KeyPairGenerator.getInstance("RSA");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
KeyPair pair = keyGen.generateKeyPair();
privateKey = new Base64Encoder().encode(pair.getPrivate().getEncoded());
publicKey = new Base64Encoder().encode(pair.getPublic().getEncoded());`
output the following:
"MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAIsJlqFOP+jPyYvrGwh+dff30a3p
uHysMfHYi1MyNSFCsT/2QbOc/k9U/X28WRCMeFwEEnReLULXA9Ywox8GycI/ApMX+DjKBrrLDbpr
ATLiu9+NMK4VSytKFI87P07HAni3RkiO4rFNEINVQ7t38ZmHavuXHjMkLEAK4dyLQO9NAgMBAAEC
gYBN/jv0EmwBUgYSKflJI39TcT263B+0N/fwXXOSYNiy5rF9WstyUP/LSrbEAJLJmLKvk00y391t
4CVz0ma+sdUdAPlS7Nmx9f3BThGOGcDmpjVo1y4e1afWtyu66ba/XDeuf7q5Y/h/pr20/gXl9Gz2
yefQrzU9xXGKZhE/lxJ2IQJBAMELpeAal+Fa+u0InGrowVmV+lge8RZqKRfCDzPPna465E5Qcekb
J0ShsarP5lnUfrNH5g8GLaDGQwYE/UoIpPkCQQC4YRfck5uMlI1K3F9YC3XvmFAJnf9YexoPfNSu
dznOD4rxlwzW/5daPOR0jjlyIRDH/QuUoPIIEn1mt3dnz7X1AkBZciozgl7pPhySA7FmH96mwcUz
W3LdrebIaVRd707iUctDNibxmXFCbaFCwf27laf3LdM9FuHBYtvfSCSMTyERAkEAlNAQsUAVmKZB
T72D2o0Nd/7oAosaD7DzvLJU+idSaWUUEJ+IhnKuFu/0t7oe1WWopLEwypoIHsnFmsTTQ99ajQJA
Scwh3P3RTN4F6Jz1SxRSe6L729xI8xkbco5EsMq5v5BZeoGynqdPUUZdAPcaO2k5UagaSejvzgna
8xIqR7elVQ=="
"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCLCZahTj/oz8mL6xsIfnX399Gt6bh8rDHx2ItT
MjUhQrE/9kGznP5PVP19vFkQjHhcBBJ0Xi1C1wPWMKMfBsnCPwKTF/g4yga6yw26awEy4rvfjTCu
FUsrShSPOz9OxwJ4t0ZIjuKxTRCDVUO7d/GZh2r7lx4zJCxACuHci0DvTQIDAQAB"
Questions
How do I put "armor" around the private and public keys created through Java code?
Why is each line of the keys generated through Java code longer than those output by OpenSSL?
Does it make any difference? One of the tools, that other team is using, fails while signing a message using private key generated by Java code mentioned above. However, it works just fine that tool uses the private key generated by OpenSSL.
Is there a way I can export a compatible key with Java?
The OpenSSL private key is in a non-standard format, while the Java code is creating a standard, PKCS-#8–encoded private key.
OpenSSL can convert the standard key format to the non-standard form. You can write Java code to do the same, but it requires some third-party libraries and a good knowledge of ASN.1 helps too.
To convert a PKCS #8 key to OpenSSL format, use OpenSSL's pkcs8 utility.
openssl pkcs8 -nocrypt -inform der < pvt.der > pvt.pem
To convert an RSA key stored as a DER-encoded SubjectPublicKeyInfo to PEM format, use OpenSSL's rsa utility.
openssl rsa -pubin -inform der < pub.der > pub.pem
This assumes that the private key is stored in "binary" (DER) format, not Base-64 encoded. The Java code to create and store keys like this would look something like:
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
KeyPair pair = gen.generateKeyPair();
FileOutputStream ospvt = new FileOutputStream("pvt.der");
try {
ospvt.write(pair.getPrivate().getEncoded());
ospvt.flush();
} finally {
ospvt.close();
}
FileOutputStream ospub = new FileOutputStream("pub.der");
try {
ospub.write(pair.getPublic().getEncoded());
ospub.flush();
} finally {
ospub.close();
}
这篇关于在Java中为OpenSSL格式化RSA密钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
