如何将SSH身份文件密钥对添加到JKS密钥库 [英] How to add SSH identity file keypair to JKS keystore

查看：179 发布时间：2018/12/12 19:24:17 java ssl ssh identity keystore

本文介绍了如何将SSH身份文件密钥对添加到JKS密钥库的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我正在构建的Java应用程序的任务之一是连接到远程SFTP服务器。为了做到这一点，我有远程机器的证书和本地身份（ id_rsa 和 id_rsa.pub in .ssh 文件夹）。这很好。

One of the tasks of a Java application I am building is to connect to a remote SFTP server. In order to do that I have the certificate of the remote machine and a local identity (id_rsa and id_rsa.pub in the .ssh folder). This is working fine.

我想将证书和身份放在受密码保护的java密钥库中，以便更容易和更安全地配置。我有这个工作的证书，但我有问题在JKS或PKCS12密钥库中存储SSH身份（任何一个都可以工作）。

I'd like to put the certificate and the identity in a password protected java keystore for easier and more secure configuration. I have this working for the certificate, but I am having problems storing the SSH identity in a JKS or PKCS12 keystore (either one would work).

要解决问题我尝试了以下步骤：

To isolate the problem I have tried the following steps:

我使用 ssh-keygen -b 2048 创建两个身份文件 id_rsa_demo 和 id_rsa_demo.pub 在本地目录中。据我所知，这些是身份的私钥和公钥，所以我尝试将它们组合成一个 identity.p12 文件：

I use ssh-keygen -b 2048 to create the two identity files id_rsa_demo and id_rsa_demo.pub in te local directory. As I understand these are the private and public keys of the identity, so I try to combine those into an identity.p12 file:

openssl pkcs12 -export \
               -inkey "id_rsa_demo" \
               -in "id_rsa_demo.pub" \
               -out "identity.p12" \
               -password "pass:topsecret" \
               -name "demoalias"

这给我错误无法加载证书。我四处搜索，似乎openssl希望证书带有 -in 参数的完整链。由于我生成的身份没有，我尝试了 -nocerts 选项，如下所示：

This gives me the error unable to load certificates. I searched around and it seems that openssl expects a certificate with a complete chain for the -in parameter. Since my generated identity does not have that, I tried the -nocerts option, like so:

openssl pkcs12 -export \
               -inkey "id_rsa_demo" \
               -in "id_rsa_demo.pub" \
               -out "identity.p12" \
               -password "pass:topsecret" \
               -name "demoalias" \
               -nocerts

我没有错误，但 -nocerts 选项符合其承诺，并且不会将我的公钥添加到pkcs12文件中：

I get no errors, but the -nocerts option lives up to its promise and does not add my public key to the pkcs12 file:

openssl pkcs12 -info -in identity.p12 

Enter Import Password:
MAC Iteration 2048
MAC verified OK
PKCS7 Data
Shrouded Keybag: pbeWithSHA1And3-KeyTripleDES-CBC, Iteration 2048
Bag Attributes
    friendlyName: demoalias
Key Attributes: <No Attributes>
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIAOXpzckBb28CAggA
MBQGCCqGSIb3DQMHBAjPq9ibr445xQSCBMi5IlOk5F28kQPB5D97afiUb5d3It46
...
ejwYfHTj6bm+dEOUk68zNrWwKqwuJx5AZv3U8sm1cicVmh9W0HpL5tSmMMpDS1ey
Uos=
-----END ENCRYPTED PRIVATE KEY-----

有没有办法将SSH身份存储到PKCS12或JKS密钥库中？

Is there a way to store an SSH identity into a PKCS12 or JKS keystore?

推荐答案

假设您有一个如下所示的私钥：

Supposing you have a private key that looks like this:

id_rsa

做两件事：

1）创建证书以包装密钥并将公钥公开为证书，以便 keytool 理解它。

1) Create a certificate to wrap the key and expose the public key as a certificate, so that keytool understands it.

openssl x509 -signkey id_rsa -req -in example.req

2）根据新请求创建自签名证书。

2) Create a self-signed certificate from your new request.

openssl x509 -signkey id_rsa -req -in example.req -out example.cer

然后，合并证书和私钥，并导入 keytool 。

cat example.cer id_rsa > example.full
keytool -import -keystore example.jks -file example.full

this会得到那里的钥匙。利用私钥和公钥以及与您选择的SSH / SFTP库进行交互是一种练习。

This will get the keys in there. Utilizing the private and public keys and interacting with the SSH/SFTP library of your choice is left as an exercise.

这篇关于如何将SSH身份文件密钥对添加到JKS密钥库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何将SSH身份文件密钥对添加到JKS密钥库 [英] How to add SSH identity file keypair to JKS keystore

问题描述

推荐答案

相关文章

Java开发最新文章

热门教程

热门工具

登录关闭

如何将SSH身份文件密钥对添加到JKS密钥库 [英] How to add SSH identity file keypair to JKS keystore

问题描述

推荐答案

相关文章

Java开发最新文章

热门教程

热门工具

登录 关闭

登录关闭