在 Java 中将 PKCS#8 私钥转换为 PEM
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/3561771/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Convert a PKCS#8 private key to PEM in java
提问by Hiro2k
Hello everyone I'm trying to convert a PKCS#8 private key that I generate in my java program to a PEM encoded file.
大家好,我正在尝试将我在 Java 程序中生成的 PKCS#8 私钥转换为 PEM 编码文件。
Security.addProvider(new BouncyCastleProvider());
SecureRandom rand = new SecureRandom();
JDKKeyPairGenerator.RSA keyPairGen = new JDKKeyPairGenerator.RSA();
keyPairGen.initialize(2048, rand);
KeyPair keyPair = keyPairGen.generateKeyPair();
PEMWriter privatepemWriter = new PEMWriter(new FileWriter(new File(dir + "private.key")));
privatepemWriter.writeObject(keyPair.getPrivate());
After running the program I have the private key in both formats and a public key(the code isn't shown as it works). I then use this openssl command to conver the private.key back to a pem formated file.
运行程序后,我拥有两种格式的私钥和公钥(代码未显示为有效)。然后我使用这个 openssl 命令将 private.key 转换回 pem 格式的文件。
openssl pkcs8 -nocrypt -inform DER -in private.key -out private2.pem
When I compare private.pem and private2.pem they are different and obviously when I try to use private.pem it says it's not a valid file.
当我比较 private.pem 和 private2.pem 时,它们是不同的,很明显,当我尝试使用 private.pem 时,它说它不是有效文件。
What step am I missing in order to properly convert this private key into the PEM format that I need? I can't use OpenSSL from within my program, otherwise I would simply add that function call. I have access to BouncyCastle libs in this program, so maybe it has a solution I'm overlooking.
为了将此私钥正确转换为我需要的 PEM 格式,我缺少什么步骤?我不能在我的程序中使用 OpenSSL,否则我只会添加该函数调用。我可以在这个程序中访问 BouncyCastle 库,所以也许它有一个我忽略的解决方案。
回答by President James K. Polk
You can use the PEMWriterclass in Bouncycastle.
您可以在Bouncycastle中使用PEMWriter类。
回答by gflarity
The fact that OpenSSL uses it's own format is really the only thing that makes this challenging. Thankfully the bouncy castle PEMWriter makes this easy, but the interface isn't very well documented. I found some code by searching through the mailing list. I've adapted it below:
OpenSSL 使用它自己的格式这一事实确实是唯一使这具有挑战性的事情。幸运的是,充气城堡 PEMWriter 使这变得容易,但界面没有很好的文档记录。我通过搜索邮件列表找到了一些代码。我在下面对其进行了调整:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(2048);
KeyPair keyPair = keyGen.generateKeyPair();
StringWriter stringWriter = new StringWriter();
PEMWriter pemWriter = new PEMWriter(stringWriter);
pemWriter.writeObject( keyPair.getPrivate());
pemWriter.close();
privateKeyString = stringWriter.toString();
回答by erickson
Use the header:
使用标题:
-----BEGIN PRIVATE KEY-----
… and the footer:
...和页脚:
-----END PRIVATE KEY-----
Note that the "RSA" is left out—The Java code is using PKCS #8 encoding for the private key, and that encoding includes the algorithm.
请注意,省略了“RSA”——Java 代码对私钥使用 PKCS #8 编码,该编码包括算法。
The opensslcommand that you show is converting a standard PKCS #8 key in DER form to a proprietary OpenSSL key in PEM form. To keep the PKCS #8 format, but convert from DER to PEM, add the -topk8 option. Then the OpenSSL output should match what your Java code is producing.
openssl您显示的命令将 DER 形式的标准 PKCS #8 密钥转换为 PEM 形式的专有 OpenSSL 密钥。要保留 PKCS #8 格式,但要从 DER 转换为 PEM,请添加 -topk8 选项。然后 OpenSSL 输出应该与您的 Java 代码生成的内容相匹配。
If you need to produce the OpenSSL key, instead of PKCS #8, it's possible, but you'll have to create your own OpenSSL structure with the BouncyCastle ASN.1 library and encode that. Please clarify if that's what you need.
如果您需要生成 OpenSSL 密钥而不是 PKCS #8,这是可能的,但您必须使用 BouncyCastle ASN.1 库创建自己的 OpenSSL 结构并对其进行编码。请澄清这是否是您所需要的。
