如何从Java生成ssh兼容的id_rsa(.pub) [英] How to generate ssh compatible id_rsa(.pub) from Java
问题描述
我正在寻找一种以编程方式在Java中创建ssh兼容的id_rsa和id_rsa.pub文件的方法。
I'm looking for a way to programmatically create ssh compatible id_rsa and id_rsa.pub files in Java.
我创建了KeyPair:
I got as far as creating the KeyPair:
KeyPairGenerator generator;
generator = KeyPairGenerator.getInstance("RSA");
// or: generator = KeyPairGenerator.getInstance("DSA");
generator.initialize(2048);
keyPair = generator.genKeyPair();
我无法弄清楚如何在KeyPair中创建PrivateKey和PublicKey的String表示形式。
I can't figure out however how to create the String representation of the PrivateKey and PublicKey in the KeyPair.
推荐答案
ssh使用的密钥格式在 RFC#4253 。 RSA公钥的格式如下:
The key format used by ssh is defined in the RFC #4253. The format for RSA public key is the following :
string "ssh-rsa"
mpint e /* key public exponent */
mpint n /* key modulus */
定义所有数据类型编码在 RFC#4251 的第5节中。 string和mpint(多个精度整数)类型以这种方式编码:
All data type encoding is defined in the section #5 of RFC #4251. string and mpint (multiple precision integer) types are encoded this way :
4-bytes word: data length (unsigned big-endian 32 bits integer)
n bytes : binary representation of the data
例如,编码字符串ssh-rsa是:
for instance, the encoding of the string "ssh-rsa" is:
byte[] data = new byte[] {0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a'};
对公众进行编码:
public byte[] encodePublicKey(RSAPublicKey key) throws IOException
{
ByteArrayOutputStream out = new ByteArrayOutputStream();
/* encode the "ssh-rsa" string */
byte[] sshrsa = new byte[] {0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a'};
out.write(sshrsa);
/* Encode the public exponent */
BigInteger e = key.getPublicExponent();
byte[] data = e.toByteArray();
encodeUInt32(data.length, out);
out.write(data);
/* Encode the modulus */
BigInteger m = key.getModulus();
data = m.toByteArray();
encodeUInt32(data.length, out);
out.write(data);
return out.toByteArray();
}
public void encodeUInt32(int value, OutputStream out) throws IOException
{
byte[] tmp = new byte[4];
tmp[0] = (byte)((value >>> 24) & 0xff);
tmp[1] = (byte)((value >>> 16) & 0xff);
tmp[2] = (byte)((value >>> 8) & 0xff);
tmp[3] = (byte)(value & 0xff);
out.write(tmp);
}
要让密钥的字符串représentation只是对Base64中返回的字节数组进行编码。
To have a string représentation of the key just encode the returned byte array in Base64.
对于私钥编码,有两种情况:
For the private key encoding there is two cases:
- 私钥不受密码保护。在这种情况下,私钥根据PKCS#8标准进行编码,然后使用Base64进行编码。通过在
RSAPrivateKey
上调用getEncoded
,可以获得私钥的PKCS8编码。 - 私钥受密码保护。在这种情况下,密钥编码是OpenSSH专用格式。我不知道是否有关于此格式的任何文档(当然,除了OpenSSH源代码)
- the private key is not protected by a password. In that case the private key is encoded according to the PKCS#8 standard and then encoded with Base64. It is possible to get the PKCS8 encoding of the private key by calling
getEncoded
onRSAPrivateKey
. - the private key is protected by a password. In that case the key encoding is an OpenSSH dedicated format. I don't know if there is any documentation on this format (except the OpenSSH source code of course)
这篇关于如何从Java生成ssh兼容的id_rsa(.pub)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!