0
我試圖根據PKCS#10創建證書請求。 X509v3密鑰用法應設置爲:數字簽名,密鑰加密。Android - 生成PKCS#10請求
這是迄今爲止我發現的,但由於我使用最新的bouncycastle(1.52)X509Extension.keyUsage已棄用。
public static PKCS10CertificationRequest generateCSRFile(KeyPair keyPair, KeyUsage keyUsage) throws IOException, OperatorCreationException {
String principal = "CN=" + Utils.getCertificateCommonName() + ", O=" + Utils.getCertificateOrganization();
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(keyPair.getPrivate().getEncoded());
AlgorithmIdentifier signatureAlgorithm = new DefaultSignatureAlgorithmIdentifierFinder().find("SHA1WITHRSA");
AlgorithmIdentifier digestAlgorithm = new DefaultDigestAlgorithmIdentifierFinder().find("SHA-1");
ContentSigner signer = new BcRSAContentSignerBuilder(signatureAlgorithm, digestAlgorithm).build(privateKey);
PKCS10CertificationRequestBuilder csrBuilder = new JcaPKCS10CertificationRequestBuilder(new X500Name(principal), keyPair.getPublic());
ExtensionsGenerator extensionsGenerator = new ExtensionsGenerator();
extensionsGenerator.addExtension(X509Extension.basicConstraints, true, new BasicConstraints(true));
extensionsGenerator.addExtension(X509Extension.keyUsage, true, keyUsage);
csrBuilder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensionsGenerator.generate());
PKCS10CertificationRequest csr = csrBuilder.build(signer);
return csr;
}
是否有另一種方法來添加KeyUsage?
基本上這就是我想要實現:
- 生成與PKCS#10
- 證書請求從兩個密鑰對(數字簽名+密鑰加密和不可否認性)創建兩個證書。
- 從PKCS#12中的證書請求中保存私鑰。
對於密碼學,我很新。 :)
此致敬禮/ H