Java以编程方式从密钥/证书中读取信息 [英] Java Programmatically read informations from a Key/Certificate

问题描述

我正在尝试构建证书/密钥管理工具，但我不明白如何获取证书/密钥的md5指纹。

I'm tryin to build a certificate/key management tool, but i don't understand how to obtain md5 fingerprint of a certificate/key.

例如，如果我在密钥库上使用keytool命令，我获得

For example if i use keytool command on a keystore i obtain the

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: myname
Creation date: 21-Aug-2011
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=bla bla, L=bla, ST=bla
Issuer: CN=bla bla, L=bla, ST=bla
Serial number: 123w3qa
Valid from: Sun Aug 21 00:12:31 CEST 2011 until: Mon Jul 28 00:12:31 CEST 2110
Certificate fingerprints:
         MD5:  1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E
         SHA1: 72:3A:D9:2E:1A:DE:60:21:DE:B1:BF:C3:D1:AD:11:F1:21:22:D7:9E
         Signature algorithm name: SHA256withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AA EA FA FE 34 DA 6E C6   FC 8B 6C DE S9 21 S9 S4  ......^...l.I!.D
0010: S3 33 29 SD                                        .S..
]
]

*******************************************
*******************************************

现在我想通过java获得以下信息：
1. MD5指纹
2. KeyIdentifier

Now i want to obtain via java the following informations: 1. MD5 fingerprint 2. KeyIdentifier

我使用X500Certificate对象获取了一些信息X500Principal（例如，所有者，发行人，别名的日期），但我没有找到我可以获得其他信息的地方。有人能帮我吗？

I obtained some informations using X500Certificate object and X500Principal(for example date from and to, owner, issuer, alias name), but i didn't found where i can obtain other informations. Can someone help me?

推荐答案

如果你查看 keytool 的security / tools / KeyTool.java.htmlrel =nofollow>源代码您可以看到以下内容：

If you check the source code for keytool you can see the following:

 2830       getCertFingerPrint("MD5", cert),

调用：

 3167       /**
 3168        * Gets the requested finger print of the certificate.
 3169        */
 3170       private String getCertFingerPrint(String mdAlg, Certificate cert)
 3171           throws Exception
 3172       {
 3173           byte[] encCertInfo = cert.getEncoded();
 3174           MessageDigest md = MessageDigest.getInstance(mdAlg);
 3175           byte[] digest = md.digest(encCertInfo);
 3176           return toHexString(digest);
 3177       }

这篇关于Java以编程方式从密钥/证书中读取信息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！