在Java中解析Armored ECC公钥/私钥（从gpg cli生成）

Question

在Java中解析Armored ECC公钥/私钥（从gpg cli生成）

javabouncycastlegnupgelliptic-curvejson-web-token

9

我正在尝试将一把加密的ECC gpg密钥转换为相应的Java类ECPrivateKey/ECPublicKey。

我使用以下命令生成密钥对：gpg --expert --full-generate-key 然后选择（9）ECC和ECC（或（10）ECC（仅签名））

然后选择（3）NIST P-256

结果如下：

我该如何将这个加密文本格式转换为有效的java.security.interfaces.ECPrivateKey和java.security.interfaces.ECPublicKey类？

我的最终目标是以以下方式进行签名：

String createSignatureFromJson(String jsonPayload, byte[] privateKey) {
        Payload payload = new Payload(jsonPayload)
        def key = privateKeyParse(privateKey)

        JWSSigner signer = new ECDSASigner((ECPrivateKey)key)
        JWSHeader header = new JWSHeader.Builder(JWSAlgorithm.ES256).build()

        JWSObject jwsObject = new JWSObject(header, payload)
        jwsObject.sign(signer)
        jwsObject.signature
    }

- Tomer Mayost

2个回答

1

public static ECPrivateKey privateKeyParse(byte[] privateKey) throws Exception {

        InputStream pgpIn = PGPUtil.getDecoderStream(new ByteArrayInputStream(privateKey));

        PGPObjectFactory pgpFact = new PGPObjectFactory(pgpIn, new JcaKeyFingerprintCalculator());
        PGPSecretKeyRing pgpSecRing = (PGPSecretKeyRing) pgpFact.nextObject();
        PGPSecretKey pgpSec = pgpSecRing.getSecretKey();

        PGPPrivateKey pgpPriv = pgpSec.extractPrivateKey(null);

        JcaPGPKeyConverter converter = new JcaPGPKeyConverter();
        // this is the part i was missing from Peter Dettman's answer. pass BC provider to the converter
        converter.setProvider(new BouncyCastleProvider());
        PrivateKey key = converter.getPrivateKey(pgpPriv);
        return (ECPrivateKey) key;
    }

- Tomer Mayost

网页内容由stack overflow 提供, 点击上面的

可以查看英文原文，
原文链接

- Peter Dettman · Accepted Answer

如果您只传入“私钥块”，那么这将提取ECPrivateKey：

private static ECPrivateKey privateKeyParse(byte[] privateKey) throws Exception
{
    InputStream pgpIn = PGPUtil.getDecoderStream(new ByteArrayInputStream(privateKey));

    PGPObjectFactory pgpFact = new PGPObjectFactory(pgpIn, new JcaKeyFingerprintCalculator());
    PGPSecretKeyRing pgpSecRing = (PGPSecretKeyRing)pgpFact.nextObject();
    PGPSecretKey pgpSec = pgpSecRing.getSecretKey();
    PGPPrivateKey pgpPriv = pgpSec.extractPrivateKey(null);

    return (ECPrivateKey)new JcaPGPKeyConverter().getPrivateKey(pgpPriv);
}

为了回答一个关于如何获得“privateKey”的评论问题，如果整个：

-----BEGIN PGP PRIVATE KEY BLOCK-----
...
-----END PGP PRIVATE KEY BLOCK-----

如果文件中的内容是文本形式，那么只需要将整个文件读入到一个byte[]数组中：

InputStream fIn = new BufferedInputStream(new FileInputStream(...));
byte[] privateKey = org.bouncycastle.util.io.Streams.readAll(fIn);