我在网上搜索了几个小时,寻找有关创建椭圆曲线(EC)密钥和自签名证书的Java示例。到目前为止,我只找到了一些片段和示例,其中许多都无法正常工作。
更新:
我已经取得了一些进展,这是我的代码,希望对需要的人有用!现在只需要解决如何进行自签名!
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.ContentVerifierProvider;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import java.security.*;
/**
* A simple example showing generation and verification of a PKCS#10 request.
*/
public class genECKeyExample {
private static final String BC = BouncyCastleProvider.PROVIDER_NAME;
public static void main(String[] args)
throws Exception {
Security.addProvider(new BouncyCastleProvider());
// Create an eliptic curve key
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");
KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
g.initialize(ecSpec, new SecureRandom());
KeyPair pair = g.generateKeyPair();
System.out.println(pemUtils.toPem(pair.getPrivate()));
System.out.println(pemUtils.toPem(pair.getPublic()));
ContentSigner signer = new JcaContentSignerBuilder("SHA1withECDSA").setProvider(BC).build(pair.getPrivate());
PKCS10CertificationRequestBuilder reqBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=XXX"), pair.getPublic());
PKCS10CertificationRequest req = reqBuilder.build(signer);
ContentVerifierProvider verifier = new JcaContentVerifierProviderBuilder().setProvider(BC).build(pair.getPublic());
// System.out.println(verifier);
req = new PKCS10CertificationRequest(req.getEncoded());
System.out.println(pemUtils.toPem(req));
pemUtils.toFile("csr.pem", pemUtils.toPem(req));
pemUtils.toFile("pkey.pem", pemUtils.toPem(pair.getPrivate()));
}
}
我找到了一种方法,但是它不会创建证书签名请求(CSR)或证书。此外,似乎不能选择不同的密钥大小(我想这些是曲线)。有没有人可以分享一些可行的示例呢?
import org.bouncycastle.openssl.PEMWriter;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.Security;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.EllipticCurve;
import javax.crypto.KeyAgreement;
public class X509CertificateGenerator {
public static void main(String[] args) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("ECDH", "BC");
EllipticCurve curve = new EllipticCurve(new ECFieldFp(new BigInteger(
"fffffffffffffffffffffffffffffffeffffffffffffffff", 16)), new BigInteger(
"fffffffffffffffffffffffffffffffefffffffffffffffc", 16), new BigInteger(
"fffffffffffffffffffffffffffffffefffffffffffffffc", 16));
ECParameterSpec ecSpec = new ECParameterSpec(curve, new ECPoint(new BigInteger(
"fffffffffffffffffffffffffffffffefffffffffffffffc", 16), new BigInteger(
"fffffffffffffffffffffffffffffffefffffffffffffffc", 16)), new BigInteger(
"fffffffffffffffffffffffffffffffefffffffffffffffc", 16), 1);
keyGen.initialize(ecSpec, new SecureRandom());
KeyAgreement aKeyAgree = KeyAgreement.getInstance("ECDH", "BC");
KeyPair aPair = keyGen.generateKeyPair();
KeyAgreement bKeyAgree = KeyAgreement.getInstance("ECDH", "BC");
KeyPair bPair = keyGen.generateKeyPair();
aKeyAgree.init(aPair.getPrivate());
bKeyAgree.init(bPair.getPrivate());
aKeyAgree.doPhase(bPair.getPublic(), true);
bKeyAgree.doPhase(aPair.getPublic(), true);
MessageDigest hash = MessageDigest.getInstance("SHA1", "BC");
System.out.println(new String(hash.digest(aKeyAgree.generateSecret())));
System.out.println(new String(hash.digest(bKeyAgree.generateSecret())));
System.out.println(aPair.getPrivate());
StringWriter pemWrtPublic = new StringWriter();
PEMWriter pubkey = new PEMWriter(pemWrtPublic);
pubkey.writeObject(aPair.getPublic());
pubkey.flush();
String pemPublicKey = pemWrtPublic.toString();
System.out.println(pemPublicKey);
StringWriter pemWrtPrivate = new StringWriter();
PEMWriter privkey = new PEMWriter(pemWrtPrivate);
privkey.writeObject(aPair.getPrivate());
privkey.flush();
String pemPrivateKey = pemWrtPrivate.toString();
System.out.println(pemPrivateKey);
}
}