keytool-查看公钥和私钥 [英] keytool - see the public and private keys
问题描述
我以编程方式创建了jks类型(即默认类型)的Java密钥库.
它最初是空的,所以我创建了DSA证书.
I created Java keystore programmatically of type jks (i.e. default type).
It is initially empty so I created a DSA certificate.
keytool -genkey -alias myCert -v -keystore trivial.keystore
如何查看公钥和私钥?
IE.有打印我证书的私钥的命令吗?
我只能找到keytool -certreq,据我的理解,该keytool -certreq会整体打印证书:
How can I see the public and private keys?
I.e. is there a command that prints the private key of my certificate?
I could only find keytool -certreq which in my understanding prints the certificate as a whole:
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo
BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl
-----END NEW CERTIFICATE REQUEST-----
我认为这是整个证书.如何通过keytool查看私钥(或公钥)?
I assume this is the whole certificate. How can I see private (or public key) via keytool?
推荐答案
您在密钥库中创建了一个私有(和相关的公共)密钥.为了使它真正可用,可以让它由认证机构(CA)签名-因为这是-certreq命令(您将输出以及其他一些信息和一些钱发送给该认证机构,并且他们会发回证书,然后您可以将其导入到密钥库中.)
You created a private (and associated public) key in your keystore. For it to be really usable, you can get it signed by a certification agency (CA) - for this is the -certreq command (you send the output to this certification agency, along with some other information and a bit of money, and they send back a certificate, which you can then import in your keystore.)
查看私钥不是必需的……您通常不需要它,因为您在Java程序中使用了密钥库,并且知道如何使用它.
Viewing the private key is not intended ... you usually don't need this, since you use the keystore in your Java program, and this knows how to use it.
由于您要查看密钥库,因此这里有一个快速的Java程序来执行此操作:
Since you want to look at your keystore, here a quick Java program which does this:
import java.io.*;
import java.security.*;
import java.security.cert.Certificate;
public class KeyPrinter {
/**
* to be invoked with these parameters:
*
* [0]: keystore-password
* [1]: filename
* [2]: alias
* [3]: entry-Password (if necessary)
*/
public static void main(String[] params)
throws IOException, GeneralSecurityException
{
char[] storePass = params[0].toCharArray();
String fileName = params[1];
String alias = params[2];
KeyStore.ProtectionParameter entryPass;
if(params.length > 3) {
entryPass=new KeyStore.PasswordProtection(params[3].toCharArray());
} else {
entryPass = null;
}
KeyStore store = KeyStore.getInstance("JKS");
InputStream input = new FileInputStream(fileName);
store.load(input, storePass);
KeyStore.Entry entry = store.getEntry(alias, entryPass);
System.out.println(entry);
}
}
首先调用keytool -list -keystore myStore知道要查找的别名,然后使用密码和参数调用该程序.在输入私钥的情况下,它以可读形式显示密钥本身以及包含公钥的自签名证书.如果是受信任的证书",则仅显示公共密钥.
First call keytool -list -keystore myStore to know which alias to look for, then call this program with the passwords and parameters. In case of a private key entry, it shows the key itself and additionally a self-signed certificate which contains the public key, in a readable form. In case of a "trusted certificate", it shows only the public key.
这篇关于keytool-查看公钥和私钥的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
