PFX证书转PEM并对私钥进行PKCS#8编码
----------------------------------------------------------------------------------
提取私钥命令,以“cert.pfx”转换为“key.pem”为例。
openssl pkcs12 -in cert.pfx -nocerts -out key.pem
提取证书命令,以“cert.pfx”转换为“cert.pem”为例。
openssl pkcs12 -in cert.pfx -nokeys -out cert.pem
----------------------------------------------------------------------------------
在java调用中默认使用的是PKCS8
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes);
KeyFactory factory = KeyFactory.getInstance("RSA");
return (RSAPrivateKey)factory.generatePrivate(spec);
------------------------------------出现异常---------------------------------------
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:352)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:357)
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
--------------------------------------------------------------------------------------------------------
注意:此时的私钥还不能直接被使用,需要进行PKCS#8编码
PKCS#8编码:指明输入私钥文件为rsa_private_key.pem,输出私钥文件为pkcs8_rsa_private_key.pem,不采用任何二次加密(-nocrypt)
$ openssl pkcs8 -topk8 -in rsa_private_key.pem -out pkcs8_rsa_private_key.pem -nocrypt
---------------------------------------------------参考-----------------------------------------------
Java中使用OpenSSL生成公钥私钥进行数据加解密
http ssl 证书 把pem文件 和 私钥文件key 放入 httpclient 请求
使用HttpClient4.5实现HTTPS的双向认证
HttpClient实现https调用