使用AndroidKeyStoreProvider生成证书签名请求的最佳方法是什么? [英] What is the best way to generate Certificate Signing Request using AndroidKeyStoreProvider?
问题描述
我阅读了这篇文章。
它说明了如何生成 KeyPair ,但是没有指定如何根据生成的密钥来生成证书签名请求。
It says how to generate a KeyPair, however it doesn't specify how to generate a Certificate Signing Request based on the generated keys.
根据我的研究,要使用Java生成CSR,网络上的示例通常使用软件包 sun。* 或BouncyCastle库。似乎没有一种方法可以使用标准 java.security API生成CSR。我阅读了这
From my research, to generate a CSR in Java, the samples from the web usually use the package sun.* or the BouncyCastle library. It seems like there isn't a way to generate a CSR with the standard java.security API. I read this and it seems to say the same thing.
除了使用BouncyCastle外,我别无选择吗?很难想象Android开发人员不会考虑这种用法。
Do I have no choice but to use BouncyCastle? It is hard to imagine that Android Developers don't consider this kind of usage.
顺便说一句,本文还提到:
By the way, the article also mentions that:
生成新的私钥需要您还指定自签名证书将具有的
初始X.509属性。
您可以稍后用证书颁发机构签名的证书
替换证书
Generating a new PrivateKey requires that you also specify the initial X.509 attributes that the self-signed certificate will have. You can replace the certificate at a later time with a certificate signed by a Certificate Authority
假设我终于得到了证书由证书颁发机构签名。我应该怎么做才能以后替换证书?
Suppose I finally get a certificate signed by a Certificate Authority. What exactly should I do to "replace the certificate at a later time"?
推荐答案
关于生成CSR(证书签名请求) ),在Android手机上,我认为使用海绵堡相当简单。
Regarding generating a CSR (certificate sign request) on the android phone, I think it is rather straightforward to use Spongycastle instead. It is an android port of Bouncycastle.
假设我终于得到了由证书颁发机构签署的证书。
我应该怎么做才能以后替换证书?
Suppose I finally get certificate signed by a Certificate Authority. What exactly should I do to "replace the certificate at a later time"?
一旦您拥有实际签署的证书您应该从CA(证书颁发机构)那里获得的证书,则不再需要CSR;您应该只将签名的证书存储在手机上。在哪里保存它们-我想您可以在此处。
Once you have the actual signed certificate which you are supposed to get from the CA (Certificate Authority), you no longer need your CSR; you should just store the signed certificate on the phone. Where to save them - I guess you can get help here.
这篇关于使用AndroidKeyStoreProvider生成证书签名请求的最佳方法是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
