我正在使用bouncycastle(JAVA)实现SSO中的签名、加密、解密和签名验证。我拥有原始PGP公钥和私钥,需要将它们存储在Java keystore中。这些PGP公钥没有证书。
据Keystore的javadoc所述,对于公钥(http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html),我必须创建证书。一旦证书创建成功,我可以将其导入keystore作为KeyStore.TrustedCertificateEntry。然而,我无法为类型org.bouncycastle.openpgp.PGPPublicKey创建证书条目。
我已经在网上搜索过,但找不到有效的示例:
据Keystore的javadoc所述,对于公钥(http://docs.oracle.com/javase/6/docs/api/java/security/KeyStore.html),我必须创建证书。一旦证书创建成功,我可以将其导入keystore作为KeyStore.TrustedCertificateEntry。然而,我无法为类型org.bouncycastle.openpgp.PGPPublicKey创建证书条目。
我已经在网上搜索过,但找不到有效的示例:
- Bouncycastle documentation: http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation Generates certificate for X.509 keys -
Bouncycastle examples - org.bouncycastle.openpgp.examples.DirectKeySignature: Add certificat (object of type PGPSignature) directly to the PGPPublicKey. To conclude - I have signed (certified) PGPPublicKey but I am not able to store this type of Key into the java keystore.
OutputStream out = new ByteArrayOutputStream(); if (armor) { out = new ArmoredOutputStream(out); } PGPPrivateKey pgpPrivKey = secretKey.extractPrivateKey(secretKeyPass.toCharArray(), "BC"); PGPSignatureGenerator sGen = new PGPSignatureGenerator(secretKey.getPublicKey().getAlgorithm(), PGPUtil.SHA1, "BC"); sGen.initSign(PGPSignature.DIRECT_KEY, pgpPrivKey); BCPGOutputStream bOut = new BCPGOutputStream(out); sGen.generateOnePassVersion(false).encode(bOut); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); boolean isHumanReadable = true; spGen.setNotationData(true, isHumanReadable, notationName, notationValue); PGPSignatureSubpacketVector packetVector = spGen.generate(); sGen.setHashedSubpackets(packetVector); bOut.flush(); return PGPPublicKey.addCertification(keyToBeSigned, sGen.generate()).getEncoded();
我主要关注编程解决方案(Java源代码),但使用一些工具的示例也会很有帮助。
谢谢!