如何使用Java创建X509证书？ [英] How to create a X509 certificate using Java?

问题描述

我想使用Java语言创建一个X509证书，然后从其中提取公钥。

I want to create a X509 certificate using Java language and then extract public key from it.

我搜索了互联网，发现了很多代码示例，他们有错误（未知的变量或未知类型）或有很多警告，说：方法...从类型...已过时等。

I have searched the internet and found many code examples, but all of them have errors (unknown variable or unknown type) or have many warnings that say something like : "the method ... from type ... is deprecated " etc.

例如，为什么以下代码不起作用：

For example, why the following code doesn't work:

PublicKey pk;
CertificateFactory cf = CertificateFactory.getInstance("X.509");
String PKstr = pk.toString();
InputStream PKstream = new ByteArrayInputStream(PKstr.getBytes());
X509Certificate pkcert = (X509Certificate)cf.generateCertificate(PKstream);

任何人都可以告诉我如何使用纯Java或Bouncy

Can anyone show me how to create a certificate using pure Java or Bouncy Castle and then get a public key from that?

推荐答案

您还可以仅使用JDK类生成证书。缺点是你必须使用sun.security.x509包中的两个类。
代码如下：

You can also generate a certificate using only JDK classes. The disadvantage is that you have to use two classes from the sun.security.x509 package. The code would be:

KeyStore keyStore = ... // your keystore

// generate the certificate
// first parameter  = Algorithm
// second parameter = signrature algorithm
// third parameter  = the provider to use to generate the keys (may be null or
//                    use the constructor without provider)
CertAndKeyGen certGen = new CertAndKeyGen("RSA", "SHA256WithRSA", null);
// generate it with 2048 bits
certGen.generate(2048);

// prepare the validity of the certificate
long validSecs = (long) 365 * 24 * 60 * 60; // valid for one year
// add the certificate information, currently only valid for one year.
X509Certificate cert = certGen.getSelfCertificate(
   // enter your details according to your application
   new X500Name("CN=My Application,O=My Organisation,L=My City,C=DE"), validSecs);

// set the certificate and the key in the keystore
keyStore.setKeyEntry(certAlias, certGen.getPrivateKey(), null, 
                        new X509Certificate[] { cert });

从密钥库检索私钥以加密或解密数据。
基于代码来自 http： //www.pixelstech.net/article/1408524957-Generate-cetrificate-in-Java----3

Retrieve the private key from the key store to encrypt or decrypt data. Based on the code is from http://www.pixelstech.net/article/1408524957-Generate-cetrificate-in-Java----3

这篇关于如何使用Java创建X509证书？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！