如何将 JAVA 中 x509 证书的公钥转换为十六进制 [英] how to convert public key of an x509 certificate in JAVA to hex

问题描述

我们要求在 out 项目中获取x509 证书的公钥".我们使用 x509Certificate.getPublicKey() API 来获取 byte[]，然后计算它的十六进制形式.例如在java中计算的证书的十六进制形式的公钥如下

We have requirement to get the "public key of an x509 certificate" in out project. We are using x509Certificate.getPublicKey() API to get the byte[] and then calculating the hexadecimal form of it. For example public key in hexadecimal form of a certificate calculated in java is following

30820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001

30820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001

但是当我们双击证书并在详细信息选项卡中看到公钥的值时，它如下:

But when we double click the certificate and see value of public key in details tab, it is following:

3082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001

3082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001

我们发现JAVA api计算的值在开头多出了44个字符，从第45个字符开始，数据和windows计算的值一样.

What we have found is that the value calculated by JAVA api has extra 44 characters in the begining and the from the 45th character the data is same as value calculated by windows.

任何机构都可以帮助我确定如何计算与Windows计算相同的证书公钥.

can any body please help me to identify how to calculated the public key of a certificate which same as calculated by windows.

谢谢.

推荐答案

在 X509 证书中，公钥被编码为 ASN.1 结构，称为 SubjectPublicKeyInfo 看起来像这样:

In a X509 certificate the public key is encoded into an ASN.1 structure called SubjectPublicKeyInfo which looks like this:

SubjectPublicKeyInfo  ::=  SEQUENCE  {
     algorithm            AlgorithmIdentifier,
     subjectPublicKey     BIT STRING  }

算法字段标识密钥的类型(RSA、DSA、Diffie Hellman...)，位串包含编码为取决于密钥类型的结构的公钥数据.

The algorithm field identifies the kind of key (RSA, DSA, Diffie Hellman...) and the bit string contains the public key data encoded into a structure which depends on the key type.

在您的情况下，第一个字节 [] 包含 SubjectPublicKeyInfo 的所有数据，包括顶级 SEQUENCE 标记、长度和 algorithm 字段以及 subjectPublicKey 字段.

In your case the first byte[] contains all data of the SubjectPublicKeyInfo including the top level SEQUENCE tag, the length and the algorithm field and the subjectPublicKey field.

第二个字节[] 只包含第二个字段(即 BIT STRING).在您的示例中，这是一个 RSA 公钥使用此结构编码:

The second byte[] only contains the second field (i.e the BIT STRING). In your example this is a RSA public key encoded with this structure:

RSAPublicKey ::= SEQUENCE {
   modulus            INTEGER,    -- n
   publicExponent     INTEGER  }  -- e

这篇关于如何将 JAVA 中 x509 证书的公钥转换为十六进制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！