从RSA .pem文件获取PrivateKey [英] Get a PrivateKey from a RSA .pem file

问题描述

鉴于此 .pem 文件（使用openssl生成并使用密码加密）：

Given this .pem file (generated with openssl and encrypted with a password):

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,AC009672952033EB

2wegzxf3MtncXS1CY3c.....
....
....
-----END RSA PRIVATE KEY-----

如何在Java中获得 PrivateKey 对象？我写了下面的代码，但我找不到正确的方法来获得 KeySpec ：

How do I get a PrivateKey object in Java? I wrote the following code but I cannot find the right way to get a KeySpec:

PrivateKey readFromPem(File keyFile, String password){
    PemReader r = new PemReader(new InputStreamReader(new FileInputStream(keyFile)));
    PemObject pemObject = r.readPemObject();
    byte[] encodedKey = pemObject.getContent();

    KeySpec keySpec = ???? // how to get this?

    KeyFactory keyFactory = KeyFactory.getInstance("RSA");
    PrivateKey key = keyFactory.generatePrivate(keySpec);
    return key;
}

我想我应该建立一个 RSAPrivateKeySpec ，但我不知道怎么做。我尝试了此答案和另一个答案，但它们在解析字节数组时都会导致错误。

I guess I should build a RSAPrivateKeySpec, but I don't know how. I tried the method from this answer and this other answer, but they both result in errors when parsing the byte array.

推荐答案

我是使用 BouncyCastle 1.57 （bcprov-jdk15on，bcmail-jdk15on和bcpkix-jdk15on）和 Java 7 。

I'm using BouncyCastle 1.57 (bcprov-jdk15on, bcmail-jdk15on and bcpkix-jdk15on) and Java 7.

你可以使用 JcaPEMKeyConverter 类读取私钥。
以下代码适用于带密码和无密码的密钥：

You can read the private key using the JcaPEMKeyConverter class. The code below works for keys with and without a password:

import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMDecryptorProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;

// don't forget to add the provider
Security.addProvider(new BouncyCastleProvider());
String password = "your password";

// reads your key file
PEMParser pemParser = new PEMParser(new FileReader(keyFile));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");

KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
    // Encrypted key - we will use provided password
    PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
    // uses the password to decrypt the key
    PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
    kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
} else {
    // Unencrypted key - no password needed
    PEMKeyPair ukp = (PEMKeyPair) object;
    kp = converter.getKeyPair(ukp);
}

// RSA
KeyFactory keyFac = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);

System.out.println(privateKey.getClass());

privateKey 的班级将是 java.security.spec.RSAPrivateCrtKeySpec （扩展 RSAPrivateKeySpec ）。

The privateKey's class will be java.security.spec.RSAPrivateCrtKeySpec (which extends RSAPrivateKeySpec).

这篇关于从RSA .pem文件获取PrivateKey的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！