使用Java生成证书，公钥和私钥 [英] Generate certificates, public and private keys with Java

问题描述

我正在寻找一个java库或代码来生成证书，公钥和私钥
，而不使用第三方程序（如openssl）。

I'm looking for a java library or code to generate certificates, public and private keys on the fly without to use third party programs (such as openssl).

我认为有些东西是使用keytool + openssl但是来自Java代码。

I think something that is doeing keytool+openssl but from Java code.

考虑使用ssl和客户端身份验证保护的基于java servlet的Web应用程序。
我希望servlet容器仅在请求时使用Java代码生成客户端证书（例如pkcs12格式）。

Consider a java servlet based web application secured with ssl and client authentification. I want the servlet container generate client certificates (eg. pkcs12 format) on request only with Java code.

推荐答案

您可以使用一对或多个键动态生成Java中的证书。 （公钥，私钥）。获取这些密钥作为BigInteger格式并检查以下代码以生成证书。

You can generate Certificate in java dynamically, by using a pair or keys. (Public Key, Private Keys). Get These keys as BigInteger format and checking the following code to generate certificate.

RSAPrivateKeySpec serPrivateSpec = new RSAPrivateKeySpec(
    new BigInteger(val of pub key), new BigInteger(val of pri key));
fact = KeyFactory.getInstance("RSA");
PrivateKey serverPrivateKey = fact.generatePrivate(serPrivateSpec);

RSAPublicKeySpec serPublicSpec = new RSAPublicKeySpec(
    new BigInteger(agentCL.getSerPubMod()), new BigInteger(agentCL.getSerPubExp()));
PublicKey serverPublicKey = fact.generatePublic(serPublicSpec);

keyStore = KeyStore.getInstance(IMXAgentCL.STORE_TYPE);
keyStore.load(null, SOMEPWD.toCharArray());

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

X509Certificate[] serverChain = new X509Certificate[1];
X509V3CertificateGenerator serverCertGen = new X509V3CertificateGenerator();
X500Principal serverSubjectName = new X500Principal("CN=OrganizationName");
serverCertGen.setSerialNumber(new BigInteger("123456789"));
// X509Certificate caCert=null;
serverCertGen.setIssuerDN(somename);
serverCertGen.setNotBefore(new Date());
serverCertGen.setNotAfter(new Date());
serverCertGen.setSubjectDN(somename);
serverCertGen.setPublicKey(serverPublicKey);
serverCertGen.setSignatureAlgorithm("MD5WithRSA");
// certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,new
// AuthorityKeyIdentifierStructure(caCert));
serverCertGen.addExtension(X509Extensions.SubjectKeyIdentifier, false,
    new SubjectKeyIdentifierStructure(serverPublicKey));
serverChain[0] = serverCertGen.generateX509Certificate(serverPrivateKey, "BC"); // note: private key of CA

keyStore.setEntry("xyz",
    new KeyStore.PrivateKeyEntry(serverPrivateKey, serverChain),
    new KeyStore.PasswordProtection("".toCharArray()));

希望这会对你有帮助。

这篇关于使用Java生成证书，公钥和私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！