如何将bouncycastle getEncoded格式转换为RSA公钥的X.509格式 [英] How to convert bouncycastle getEncoded format into X.509 format for RSA public key

问题描述

如果在调用"getEncoded"时使用base64编码的公钥会产生此结果

If a base64 encoded public key when 'getEncoded' is called yields this

mQENBFh1kBcBCADMUkNW2qFgeRnornjhT3lt73wTGcO9rt+Ktr1tcopmOPTfNq3
feZNFHRUsBt0Nnuj9+vSD2cwFRoZDNulhnBD8lAJYOD427uvV+KBDF/5pCQKh2S
mDK8tJI/ncLIlX4SFa8F9f36FySglpkzA59IFtHdUBz9w+PJRqUQ5MVRzNHYBbv
6aeIWwl46KrL3eibRgBDVuEOKAoesdb+xErs9cqg3KSVi01XBgr+XMSgOBz4J3f
J4HdibsJdz1+113aKT++4LUSuuyeVbw3K/ZgMkrsyeJw84sHhF2kDu61atSUsQE
nJwBF2sPA9V/i28fftxodgg5qbEs8egdsw/wxGzsfABEBAAG0K0NocmlzIFpoZW
5nIChjemhlbmcpIDxjemhlbmdAYXRsYXNzaWFuLmNvbT6JATkEEwEIACMFAlh1k
BcCGwMHCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRARY82BslwTrMvtB/4t
LoRH91p09vM1sSQ77RC+XwQqhhvN1BAeqGxqZpgCO6Ld5KRh8f4mFY8nXjDCSyy
ydTBzIUp6aG0f+2EBhArtk/oU/pi8D4zHoeBkrl23/234s1kBI5F2g2kd6itwP8
ekimaUyNFdPIN1dPwdxhuspOUtFNR+HsT3BT32v4Afd7sWVNTFrkapxTdxxZkVb
+FS0wbuzFzB2gb8AvEGevzF/hQXOf3r8QzUQoEZ14pigNu/arlXzEuzXJXXT/AQ
nAzbVENoFrhojxqEU7RxH8J4nao8OfpYfL7w3T7PC3nFFSTYSwvYItGkl9DPPiZ
GWZTrb6VfpFGNLHwCoLOaf8ShsAIAAA==

如何将其转换为X.509?

how do I turn it into X.509?

我需要这样做的原因是创建一个java.security.PublicKey对象.我也在这里问过: https://security.stackexchange.com/questions/150422/what-format-is-bouncycastle-opengpg-public-key/150427#150427 ，我已经确认它是长度为2048的密钥，但通常使用X.509标准.如果还有另一种读法，那就太好了.

The reason that I need to do so is to create a java.security.PublicKey object. I've also asked here: https://security.stackexchange.com/questions/150422/what-format-is-bouncycastle-opengpg-public-key/150427#150427 and I've confirmed that it is a length 2048 key but usually the PublicKeys are read using the X.509 standard. If there is another way to read it in, that'll be great.

推荐答案

X.509是用于管理数字证书和公共密钥加密的公共密钥基础结构的标准.X509证书包括一个公钥，一组属性，例如 subject ， issuer ， serialnumber 或 keyusage ，以及颁发证书的证书颁发机构的签名

X.509 is an standard for a public-key infraestructure to manage digital certificates and public key encryption. X509 certificates include a public key, a set of attributes like subject, issuer, serialnumber or keyusage, and a signature of the Certification Authority issuing the certificate

因此，公钥和X509证书的内容不相同.可以从证书中提取公共密钥，但是使用公共密钥无法推断出证书.实际上，多个x509证书可能包含相同的公钥

Therefore the content of public key and X509certificate is not equivalent. a public key can be extracted from the certificate, but with a public key it is not possible to deduce the certificate. In fact, several x509certificates could include the same public key

根据您的链接，密钥为OpenPGP格式.Java对此键没有默认的读取器，但是您可以使用Bouncycastle(bcpg软件包)

According to your link, the key is in OpenPGP format. Java has not a default reader for this keys, but you can use Bouncycastle (package bcpg)

//Convert key from base64 to binary
byte pubKeyBinary[] =DatatypeConverter.parseBase64Binary(pubKeyBase64);

//load Public key with bouncycastle
Security.addProvider(new BouncyCastleProvider());
PGPPublicKeyRing  pgpPub = new PGPPublicKeyRing(pubKeyBinary, new JcaKeyFingerprintCalculator());
PublicKey pubKey = 
   new JcaPGPKeyConverter().setProvider("BC").getPublicKey(pgpPub.getPublicKey());

这篇关于如何将bouncycastle getEncoded格式转换为RSA公钥的X.509格式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！