1. 首頁
  2. 問答
  3. 使用ECDSA密鑰時獲取簽名的x509

使用ECDSA密鑰時獲取簽名的x509

2010-03-11 80 views
4

我正在嘗試簽署一些X509證書。我的根私鑰是ECDSA secp384r1。我正在使用充氣城堡。看起來會發生的是,當生成證書籤名時,所使用的Signature類無法理解我的ECDSA密鑰。使用ECDSA密鑰時獲取簽名的x509

生成的代碼如下:

X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); 
    v3CertGen.setSerialNumber(BigInteger.valueOf(serialNumber)); 
    v3CertGen.setIssuerDN(issuerPrincipal); 
    v3CertGen.setNotBefore(notBefore); 
    v3CertGen.setNotAfter(notAfter); 
    v3CertGen.setSubjectDN(subjectDN); 
    v3CertGen.setPublicKey(publicKey); 
    v3CertGen.setSignatureAlgorithm(CERT_SIGNATURE_ALGORITHM); // this is ECDSAWITHSHA1 
    X509Certificate cert = v3CertGen.generate(privateKey, BOUNCY_CASTLE_PROVIDER); // "BC"

從這個輸出是:

java.security.InvalidKeyException: can't identify DSA private key. 
    at org.bouncycastle.jce.provider.DSAUtil.generatePrivateKeyParameter(Unknown Source) 
    at org.bouncycastle.jce.provider.JDKDSASigner.engineInitSign(Unknown Source) 
    at java.security.Signature.initSign(Signature.java:480) 
    at org.bouncycastle.x509.X509Util.calculateSignature(Unknown Source) 
    at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source) 
    at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source) 
    at com.snip.utils.CertificateUtility.generateAndSignCertificate(CertificateUtility.java:147)

通過閱讀BouncyCastle的源代碼,我已經跟蹤這個問題,並具有下列重現代碼片段:

Signature sig = Signature.getInstance(CERT_SIGNATURE_ALGORITHM, BOUNCY_CASTLE_PROVIDER); 
System.out.println(sig.getAlgorithm()); 
System.out.println(sig.toString()); 
System.out.println(sig.getClass().getName()); 
try 
{ 
    sig.initSign(privateKey); 
    System.out.println(sig.toString()); 
} catch (Exception e) { 
    e.printStackTrace(); 
}

它產生的輸出:

SHA1withECDSA 
Signature object: SHA1withECDSA<not initialized> 
org.bouncycastle.jce.provider.JDKDSASigner$ecDSA 
java.security.InvalidKeyException: can't identify DSA private key. 
     at org.bouncycastle.jce.provider.DSAUtil.generatePrivateKeyParameter(Unknown Source) 
     at org.bouncycastle.jce.provider.JDKDSASigner.engineInitSign(Unknown Source) 
     at java.security.Signature.initSign(Signature.java:480) 
     at com.snip.utils.CertificateUtility.<init>(CertificateUtility.java:99)

問題是我完全失去了這一點。我不知道如何讓證書生成器給我一個簽名證書。有沒有人知道我做錯了什麼?

來源

2010-03-11 laura

回答

2

我將它追溯到一些舊的罐子裏,這些罐子還沒有從POM中刪除,並導致Bouncycastle分類的錯誤版本被使用。

來源

2010-03-11 10:51:58 laura

相關問題

 相關問題