您需要使用BouncyCastle:
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.ASN1Primitive;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
以下代码片段已经经过检查,发现与Bouncy Castle 1.52兼容。
私钥
将私钥从PKCS8转换为PKCS1:
PrivateKey priv = pair.getPrivate();
byte[] privBytes = priv.getEncoded();
PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(privBytes);
ASN1Encodable encodable = pkInfo.parsePrivateKey();
ASN1Primitive primitive = encodable.toASN1Primitive();
byte[] privateKeyPKCS1 = primitive.getEncoded();
将PKCS1格式的私钥转换为PEM格式:
PemObject pemObject = new PemObject("RSA PRIVATE KEY", privateKeyPKCS1);
StringWriter stringWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
String pemString = stringWriter.toString();
使用命令行 OpenSSL 检查密钥格式是否符合预期:
openssl rsa -in rsa_private_key.pem -noout -text
公钥
将X.509 SubjectPublicKeyInfo格式的公钥转换为PKCS1格式:
PublicKey pub = pair.getPublic();
byte[] pubBytes = pub.getEncoded();
SubjectPublicKeyInfo spkInfo = SubjectPublicKeyInfo.getInstance(pubBytes);
ASN1Primitive primitive = spkInfo.parsePublicKey();
byte[] publicKeyPKCS1 = primitive.getEncoded();
将 PKCS1 格式的公钥转换为 PEM 格式:
PemObject pemObject = new PemObject("RSA PUBLIC KEY", publicKeyPKCS1);
StringWriter stringWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.close();
String pemString = stringWriter.toString();
使用命令行 OpenSSL 确认密钥格式是否符合预期:
openssl rsa -in rsa_public_key.pem -RSAPublicKey_in -noout -text
谢谢
非常感谢以下帖子的作者:
这些帖子包含了有用的信息,但有时候不完整并且有点过时(即适用于旧版本的BouncyCastle),这些帖子对我构建本帖有所帮助。