如何以Putty或Puttygen可读格式导出（PKCS＃8？）私钥？ [英] How can I export a (PKCS#8?) private key in Putty or Puttygen readable format?

问题描述

我正在编写一个使用AWS Java API创建新的Amazon Web Services服务器的工具。创建服务器时，必须指定AWS在您的帐户中存储的公钥中使用的SSH密钥对。您可以自己生成密钥对并导入公钥，或者您可以让AWS生成密钥对并下载私钥。

I'm writing a tool to create new Amazon Web Services servers, using the AWS Java API. When you create a server, you have to specify which SSH keypair to use out of the public keys AWS has stored with your account. You can generate the keypair yourself and import the public key, or you can have AWS generate the keypair and you download the private key.

我正在尝试生成密钥对我自己，将公钥导入AWS，使用新注册的密钥对条目启动新服务器并在本地保存私钥。然后我想使用私有密钥将Putty用于ssh进入我的新服务器，可能首先将其传递给Puttygen进行转换。

I'm trying to generate the keypair myself, import the public key into AWS, start the new server using the newly registered keypair entry and save the private key locally. I then want to use Putty to ssh into my new server, using the private key, possibly passing it through Puttygen first to convert it.

到目前为止，我已经得到了生成我的密钥对，成功将公钥导入AWS并启动新服务器。但是，我不能为我的生活似乎能够以任何格式导出私钥，Putty或Puttygen会接受。

So far, I have got as far as generating my keypair, successfully importing the public key into AWS and starting a new server. However, I can't for the life of me seem to be able to export the private key in any format Putty or Puttygen will accept.

这是我生成的代码密钥对并保存私钥：

Here's my code to generate the keypair and save the private key:

SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
random.nextBytes(new byte[]{}); //toss out the first result to ensure it seeds randomly from the system.

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(KEY_LENGTH, random);
KeyPair keyPair = keyGen.genKeyPair();

BASE64Encoder encoder = new BASE64Encoder();

FileOutputStream out =  null;
File keyPath = new File(_keyStorageDir, "private.pem");
try
{
    out = new FileOutputStream(keyPath);
    out.write(encoder.encode(keyPair.getPrivate().getEncoded()).getBytes());
}
finally
{
    if(out != null)
        out.close();
}

然而，当我尝试在PuttyGen中导入密钥时，我得到无法加载密钥（不是私钥）。如果我尝试添加----- BEGIN PRIVATE KEY -----及其相应的页脚我得到无法加载私钥（无法识别的密钥类型）。如果我尝试RSA PRIVATE KEY我得到无法加载私有key（ASN.1解码失败）。

However, when I try to import the key in PuttyGen, I get "Couldn't load key (not a private key)". If I try adding -----BEGIN PRIVATE KEY----- and its corresponding footer I get "Couldn't load private key (unrecognised key type). If I try RSA PRIVATE KEY I get "Couldn't load private key (ASN.1 decoding failure)".

调用 keyPair.getPrivate（）。getFormat（） yield PKCS＃8。虽然我发现使用OpenSSL工具将这种格式转换为pem格式，但我还没有找到任何关于如何在Java中实际使用它的方法。

Calling keyPair.getPrivate().getFormat() yields "PKCS#8". While I've found references to converting from that format to pem format using OpenSSL tools, I haven't found anything on how to actually do it myself in Java.

如何以pem格式导出密钥以便Puttygen可以读取它？

How can I export the key in pem format so that Puttygen can read it?

推荐答案

啊哈！

诀窍是使用Bouncycastle的pem处理类。这是一个有效的演示：

The trick is to use Bouncycastle's pem handling classes. Here's a working demo:

import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

import java.io.File;
import java.io.FileWriter;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;

public class Main
{
    public static final int KEY_LENGTH = 2048;

    public static void main(String[] args) throws Exception
    {
        SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN");
        random.nextBytes(new byte[]{}); //toss out the first result to ensure it seeds randomly from the system.

        KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
        keyGen.initialize(KEY_LENGTH, random);
        java.security.KeyPair keyPair = keyGen.genKeyPair();

        System.out.println("public format: " + keyPair.getPublic().getFormat());
        System.out.println("public algorithm: " + keyPair.getPublic().getAlgorithm());

        System.out.println("private format: " + keyPair.getPrivate().getFormat());
        System.out.println("private algorithm: " + keyPair.getPrivate().getAlgorithm());

        JcaPEMWriter writer =  null;
        File keyDir = new File("C:/misc/test_key");

        try
        {
            writer = new JcaPEMWriter(new FileWriter(new File(keyDir, "private_bc.pem")));
            writer.writeObject(keyPair.getPrivate());    
        }
        finally
        {
            if(writer != null)
                writer.close();
        }    
    }
}

Puttygen打开生成的私钥没有抱怨！

Puttygen opens the resulting private key without complaint!

这篇关于如何以Putty或Puttygen可读格式导出（PKCS＃8？）私钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！