2012-12-15 130 views
12

我需要2個鍵存儲到密鑰庫 下面是相關代碼:爪哇 - 如何存儲密鑰,密鑰存儲

KeyStore ks = KeyStore.getInstance("JKS"); 
String password = "password"; 
char[] ksPass = password.toCharArray(); 
ks.load(null, ksPass); 
ks.setKeyEntry("keyForSeckeyDecrypt", privateKey, null, null); 
ks.setKeyEntry("keyForDigitalSignature", priv, null, null); 
FileOutputStream writeStream = new FileOutputStream("key.store"); 
ks.store(writeStream, ksPass); 
writeStream.close(); 

雖然我得到一個execption「私有密鑰必須由證書鏈伴隨着」

那究竟是什麼?我將如何生成它?

回答

15

您還需要提供私鑰條目的證書(公鑰)。對於由CA簽署的證書,鏈是CA的證書和最終證書。對於自簽名證書,你只擁有自簽名證書
例子:

KeyPair keyPair = ...;//You already have this 
X509Certificate certificate = generateCertificate(keyPair); 
KeyStore keyStore = KeyStore.getInstance("JKS"); 
keyStore.load(null,null); 
Certificate[] certChain = new Certificate[1]; 
certChain[0] = certificate; 
keyStore.setKeyEntry("key1", (Key)keyPair.getPrivate(), pwd, certChain); 

生成證書遵循這個link
例子:

public X509Certificate generateCertificate(KeyPair keyPair){ 
    X509V3CertificateGenerator cert = new X509V3CertificateGenerator(); 
    cert.setSerialNumber(BigInteger.valueOf(1)); //or generate a random number 
    cert.setSubjectDN(new X509Principal("CN=localhost")); //see examples to add O,OU etc 
    cert.setIssuerDN(new X509Principal("CN=localhost")); //same since it is self-signed 
    cert.setPublicKey(keyPair.getPublic()); 
    cert.setNotBefore(<date>); 
    cert.setNotAfter(<date>); 
    cert.setSignatureAlgorithm("SHA1WithRSAEncryption"); 
    PrivateKey signingKey = keyPair.getPrivate();  
    return cert.generate(signingKey, "BC"); 
} 
+0

公鑰是Key類型的,並且他們要求證書[]。我將如何將公鑰轉換爲證書鏈 – MichBoy

+0

您是否擁有'X509Certificate'?您從哪裏獲得私鑰? – Cratylus

+0

我已初始化KeyPairGenerator以生成密鑰對 – MichBoy