JAVA：如何使用密码保护将私钥保存在pem文件中 [英] JAVA: How to save a private key in a pem file with password protection

问题描述

我正在尝试将私钥保存在pem文件中，并使用密码保护。问题是，创建了pem文件，i
甚至可以用openssl打开它，但是没有要求密码！

I am trying to save a private key in a pem file, protected with a password. The problem is, the pem file is created and i can even open it with openssl but, no password is asked!

这是代码：

        KeyPairGenerator keygen = KeyPairGenerator.getInstance("RSA");
        keygen.initialize(2048);
        KeyPair keypair = keygen.generateKeyPair();

        PrivateKey privKey = keypair.getPrivate();

        PKCS8Generator encryptorBuilder = new PKCS8Generator(privKey);
        encryptorBuilder.setPassword("testing".toCharArray());
        PEMWriter writer = new PEMWriter(new FileWriter(new File("pk.pem")));
        PemObject obj = encryptorBuilder.generate();

        writer.writeObject(obj);
        writer.flush();
        writer.close();

执行后，我尝试打开pk.pem文件

After it executes, i try to open the pk.pem file

openssl rsa -in pk.pem -check

它给出：

RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
(... some key appears here ...)
-----END RSA PRIVATE KEY-----

假设在访问私钥之前要求输入密码！
有人可以帮助我吗？

It was suppose to ask for the password before giving access to the private key! Can some one please help me?

推荐答案

那么你应该仔细阅读BouncyCastle文档。它声明了您使用的构造函数：

Well you should read the BouncyCastle documentation carefully. It states for the constructor you use:

// Constructor for an unencrypted private key PEM object.
PKCS8Generator(java.security.PrivateKey key)

// Constructor for an encrypted private key PEM object.
PKCS8Generator(java.security.PrivateKey key, java.lang.String algorithm, java.lang.String provider)

因此，您正在使用构造函数来创建未加密的PKCS8Generator实例。您设置的密码无效。

Hence you are using the constructor for creating an creates an unencrypted PKCS8Generator instance. The password you set as no effect.

使用其他构造函数代替根据文档创建加密实例。

Use one of the other constructors instead that create an encrypting instance according to the documentation.

注意：问题中的代码需要过时版本的BouncyCastle（1.4x？），因为当前版本（1.5x）具有不同的构造函数，与此答案中提供的版本不兼容。

Note: The code in the question requires an outdated version of BouncyCastle (1.4x?), because the current version (1.5x) has different constructors, incompatible with those presented in this answer.

对于较新版本，请使用：

For newer versions use:

 import org.bouncycastle.openssl.jcajce.JcaPEMWriter;

 JcaPEMWriter writer = new JcaPEMWriter(new PrintWriter(System.out));
 writer.writeObject(sk);
 writer.close();

可能用任何其他<替换 PrintWriter code>作家当然。

possibly replacing the PrintWriter with any other Writer of course.

这篇关于JAVA：如何使用密码保护将私钥保存在pem文件中的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！