我尝试生成RSA密钥对并将其存储在HSM密钥库中.我现在的代码如下所示:
- String configName = "C:\\eTokenConfig.cfg";
- Provider p = new sun.security.pkcs11.SunPKCS11(configName);
- Security.addProvider(p);
- // Read the keystore form the smart card
- char[] pin = { 'p','4','s','w','0','r','d' };
- KeyStore keyStore = KeyStore.getInstance("PKCS11",p);
- keyStore.load(null,pin);
- //generate keys
- KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p);
- kpg.initialize(512);
- KeyPair pair = kpg.generateKeyPair();
- PrivateKey privateKey = pair.getPrivate();
- PublicKey publicKey = pair.getPublic();
- // Save Keys How ???
我试图使用keyStore.setEntry方法,但问题是它需要一个证书链,我不知道如何获得此证书?
解决方法
见
http://docs.oracle.com/javase/tutorial/security/apisign/vstep2.html
保存公钥:
- X509EncodedKeySpec x509ks = new X509EncodedKeySpec(
- publicKey.getEncoded());
- FileOutputStream fos = new FileOutputStream(strPathFilePubKey);
- fos.write(x509ks.getEncoded());
加载公钥:
- byte[] encodedKey = IoUtils.toByteArray(new FileInputStream(strPathFilePubKey));
- KeyFactory keyFactory = KeyFactory.getInstance("RSA",p);
- X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(
- encodedKey);
- PublicKey publicKey = keyFactory.generatePublic(pkSpec);
保存私钥:
- PKCS8EncodedKeySpec pkcsKeySpec = new PKCS8EncodedKeySpec(
- privateKey.getEncoded());
- FileOutputStream fos = new FileOutputStream(strPathFilePrivbKey);
- fos.write(pkcsKeySpec.getEncoded());
加载私钥:
- byte[] encodedKey = IoUtils.toByteArray(new FileInputStream(strPathFilePrivKey));
- KeyFactory keyFactory = KeyFactory.getInstance("RSA",p);
- PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
- encodedKey);
- PrivateKey privateKey = keyFactory.generatePrivate(privKeySpec);
