我需要将两个密钥存储到KeyStore中。 以下是相关的代码:
KeyStore ks = KeyStore.getInstance("JKS");
String password = "password";
char[] ksPass = password.toCharArray();
ks.load(null, ksPass);
ks.setKeyEntry("keyForSeckeyDecrypt", privateKey, null, null);
ks.setKeyEntry("keyForDigitalSignature", priv, null, null);
FileOutputStream writeStream = new FileOutputStream("key.store");
ks.store(writeStream, ksPass);
writeStream.close();
虽然我得到了一个异常 "Private key must be accompanied by certificate chain",这是什么意思?我该如何生成它呢?
您还需要提供私钥条目的证书(公钥)。对于由CA签名的证书,链是CA的证书和终端证书。对于自签名证书,您只需要自签名证书。
示例:
KeyPair keyPair = ...;//You already have this
X509Certificate certificate = generateCertificate(keyPair);
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(null,null);
Certificate[] certChain = new Certificate[1];
certChain[0] = certificate;
keyStore.setKeyEntry("key1", (Key)keyPair.getPrivate(), pwd, certChain);
按照链接生成证书:
示例:
public X509Certificate generateCertificate(KeyPair keyPair){
X509V3CertificateGenerator cert = new X509V3CertificateGenerator();
cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number
cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc
cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed
cert.setPublicKey(keyPair.getPublic());
cert.setNotBefore(<date>);
cert.setNotAfter(<date>);
cert.setSignatureAlgorithm("SHA1WithRSAEncryption");
PrivateKey signingKey = keyPair.getPrivate();
return cert.generate(signingKey, "BC");
}
X509V3CertificateGenerator来创建一个证书,然后将该证书作为参数传递给密钥库,作为私钥条目的一部分。http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation - CratylusKeyPair keyPair = ...;//You already have this. 我没有它!我想要它!我在哪里可以得到它? - Tomáš Zato