如何加载椭圆曲线PEM编码的私钥? [英] How do I load an Elliptic Curve PEM encoded Private Key?
问题描述
我已经使用OpenSSL生成了椭圆曲线私钥/公钥对。私钥和公钥是PEM编码的。感谢此,我已经找到了如何加载公钥。但是,我不知道如何加载私钥。密钥,因为上述消息仅以InvalidKeySpecException结尾:密钥规范未被识别。
然后我发现此,但最后还会出现无法识别的编码密钥规范。如何加载我的私钥?
私有私钥loadPrivateKey(字符串位置){
试试{
//删除保护字符串
byte [] bytes = stripGuardLines(location);
返回KeyFactory.getInstance( ECDH)。generatePrivate(new PKCS8EncodedKeySpec(bytes));
} catch(FileNotFoundException e){
LoggerFactory.getLogger( Nectar)。error(无法找到私钥: +位置);
System.exit(1);
} catch(IOException e){
LoggerFactory.getLogger( Nectar)。error(加载私钥时发生IOException!);
e.printStackTrace();
System.exit(1);
} catch(NoSuchAlgorithmException | InvalidKeySpecException e){
e.printStackTrace();
System.exit(1);
}
返回null;
}
专用字节[] stripGuardLines(String location)throws IOException {
BufferedReader r = new BufferedReader(new FileReader(location));
字符串行;
StringBuilder sb = new StringBuilder();
while((line = r.readLine())!= null){
if(line.contains( EC PRIVATE KEY)){//检查保护行
是否继续;
}
sb.append(line);
}
//删除保护行,现在解码base64
return Base64.getDecoder()。decode(sb.toString());
}
这是私钥文件:
--- BEGIN EC私钥-----
MIGkAgEBBDD2MFRv6BpJU6 / zDI2yBfVbe0oeU1nFAoYMedDGtcdwHyWNJSeiYRBA
pVNzMxPSBLWgBWYB b PxSUu1Xfj77QQqfuqHOCRzWXseQA1aZB / h6VQEiFovugtG1G3HaMxxrqLLxb10g2
BMaRcAfZyeqc3O0Ui8XXb1esn0gOrCU =
$ b $ c $ 解决方案您的代码仅输出密钥本身。它缺少PKCS#8编码的私钥所需的算法说明符。幸运的是,密钥本身在编码时始终具有相同的大小(它不使用任何ASN.1整数,据我所知,整数可能具有不同的大小)。
这意味着您可以简单地将头文件与另一个键连接起来:
//您可以在$ b $前面放置静态头文件b byte []标头= Hex.decode( 30 81bf 020100 301006072a8648ce3d020106052b81040022 0481a7);
//您从
字节上方的PEM键[] fromPEM = Base64.decode( MIGkAgEBBDD2MFRv6BpJU6 / zDI2yBfVbe0oeU1nFAoYMedDGtcdwHyWNJSeiYRBApVNzMxPSBLWgBwYFK4EEACKhZANiAAQBttEp / qUGnDlmL + o6KZnVs + RoBnEBEGhoPxSUu1Xfj77QQqfuqHOCRzWXseQA1aZB / h6VQEiFovugtG1G3HaMxxrqLLxb10g2BMaRcAfZyeqc3O0Ui8XXb1esn0gOrCU =);
byte [] bytes = Arrays.concatenate(header,fromPEM);
PrivateKey ecPrivate = KeyFactory.getInstance( EC)。generatePrivate(new PKCS8EncodedKeySpec(bytes));
此代码与Bouncy Castle兼容,与Oracle Java JRE中的默认实现兼容。 / p>
请注意,您也可以使用与Oracle兼容的代码来创建密钥对:
KeyPairGenerator kpGen = KeyPairGenerator.getInstance( EC);
kpGen.initialize(new ECGenParameterSpec( secp384r1));
KeyPair ecKP = kpGen.generateKeyPair();
I've generated an elliptic curve private/public key pair using OpenSSL. The private and public keys are PEM encoded. I've figured out how to load the public key thanks to this. However, I can't figure out how to load the private key, as the above message just ends up with an InvalidKeySpecException: key spec not recognized.
I then found this, but it also ends up with an "encoded key spec not recognised". How can I load my private key?
private PrivateKey loadPrivateKey(String location) {
try {
// Strip the guarding strings
byte[] bytes = stripGuardLines(location);
return KeyFactory.getInstance("ECDH").generatePrivate(new PKCS8EncodedKeySpec(bytes));
} catch (FileNotFoundException e) {
LoggerFactory.getLogger("Nectar").error("Failed to find Private KEY: " + location);
System.exit(1);
} catch (IOException e) {
LoggerFactory.getLogger("Nectar").error("IOException while loading Private Key!");
e.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
System.exit(1);
}
return null;
}
private byte[] stripGuardLines(String location) throws IOException {
BufferedReader r = new BufferedReader(new FileReader(location));
String line;
StringBuilder sb = new StringBuilder();
while((line = r.readLine()) != null) {
if(line.contains("EC PRIVATE KEY")) { //Check if guard line
continue;
}
sb.append(line);
}
// Guard lines stripped, now decode base64
return Base64.getDecoder().decode(sb.toString());
}
Here is the private key file:
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDD2MFRv6BpJU6/zDI2yBfVbe0oeU1nFAoYMedDGtcdwHyWNJSeiYRBA
pVNzMxPSBLWgBwYFK4EEACKhZANiAAQBttEp/qUGnDlmL+o6KZnVs+RoBnEBEGho
PxSUu1Xfj77QQqfuqHOCRzWXseQA1aZB/h6VQEiFovugtG1G3HaMxxrqLLxb10g2
BMaRcAfZyeqc3O0Ui8XXb1esn0gOrCU=
-----END EC PRIVATE KEY-----
解决方案 Your code outputs only the key itself. It is missing the algorithm specifiers required for PKCS#8 encoded private keys. Fortunately the key itself always has the same size when encoded (it doesn't use any ASN.1 integers, which may have different sizes as far as I can see).
That means that you can simply concatenate the header from another key:
// static header you can put in front
byte[] header = Hex.decode("30 81bf 020100 301006072a8648ce3d020106052b81040022 0481a7");
// your key from the PEM above
byte[] fromPEM = Base64.decode("MIGkAgEBBDD2MFRv6BpJU6/zDI2yBfVbe0oeU1nFAoYMedDGtcdwHyWNJSeiYRBApVNzMxPSBLWgBwYFK4EEACKhZANiAAQBttEp/qUGnDlmL+o6KZnVs+RoBnEBEGhoPxSUu1Xfj77QQqfuqHOCRzWXseQA1aZB/h6VQEiFovugtG1G3HaMxxrqLLxb10g2BMaRcAfZyeqc3O0Ui8XXb1esn0gOrCU=");
byte[] bytes = Arrays.concatenate(header, fromPEM);
PrivateKey ecPrivate = KeyFactory.getInstance("EC").generatePrivate(new PKCS8EncodedKeySpec(bytes));
this code is both Bouncy Castle compatible as compatible with the default implementation in the Java JRE from Oracle.
Note that you might as well use Oracle compatible code to create your key pair as well:
KeyPairGenerator kpGen = KeyPairGenerator.getInstance("EC");
kpGen.initialize(new ECGenParameterSpec("secp384r1"));
KeyPair ecKP = kpGen.generateKeyPair();
这篇关于如何加载椭圆曲线PEM编码的私钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
