用keytool生成pkcs#12格式密钥库文件
keytool -genkeypair -alias test-cyq -validity 3650 -keyalg RSA -dname \
"CN=cyq,OU=cyq,O=cyq,L=Beijing,S=Beijing,C=CN" -keypass 123456 \
-keystore test-cyq.p12 -storepass 123456 -storetype PKCS12
用keytool生成jks格式密钥库文件
keytool -genkeypair -alias test-cyq -validity 3650 -keyalg RSA -dname \
"CN=cyq,OU=cyq,O=cyq,L=Beijing,S=Beijing,C=CN" -keypass 123456 \
-keystore test-cyq.jks -storepass 123456 -storetype JKS
用openssl生成pkcs#12格式密钥库文件
# 生成rsa密钥和ca证书
openssl req -newkey rsa:2048 -passout pass:123456 -keyout test-cyq.key \
-x509 -days 3650 -out test-cyq.crt -subj "/CN=cyq/OU=cyq/O=cyq/L=Beijing/ST=Beijing/C=CN"
# 生成pkcs#12文件
openssl pkcs12 -export -inkey test-cyq.key -in test-cyq.crt \
-out test-cyq.p12 -name test-cyq
JAVA提取keystore信息
package com.cyq;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Base64;
public class TestKeyStore {
public static void main(String args[]) throws Exception {
//读取keystore文件转换为keystore密钥库对象
InputStream resourceAsStream = TestKeyStore.class.getClassLoader()
.getResourceAsStream("test-cyq.p12");
//InputStream resourceAsStream = TestKeyStore.class.getClassLoader()
// .getResourceAsStream("test-cyq.jks");
//因为生成证书的类型为JKS 也有其他的格式
KeyStore keyStore = KeyStore.getInstance("PKCS12");
//KeyStore keyStore = KeyStore.getInstance("JKS");
//该密钥库的密码"123456"
String storepass = "123456";
keyStore.load(resourceAsStream, storepass.toCharArray());
resourceAsStream.close();
// 从keystore中读取证书和私钥
String alias = "test-cyq";//别名
String keypass = "123456"; //别名密码
Certificate certificate = keyStore.getCertificate(alias);
//读取公钥对象
PublicKey publicKey = certificate.getPublicKey();
System.out.println("公钥:\n" + encodeBase64(publicKey.getEncoded()));
//读取私钥对象
PrivateKey privateKey = (PrivateKey) keyStore.getKey(alias, keypass.toCharArray());
System.out.println("私钥:\n" + encodeBase64(privateKey.getEncoded()));
}
// 对字符密码加密
public static String encodeBase64(byte[] data) throws Exception {
// 1.将传递进来的字符串密码 转换为字节数组 放到base64加密工具里 生产出一个加了密的字符串
Base64.Encoder encoder = Base64.getEncoder();
String base64Str = encoder.encodeToString(data);
return base64Str;
}
// 对密文字符串解密
public static byte[] decodeBase64(String base64Str) throws Exception {
// 根据加了密的字符串 使用base64的解密工具里 获取原来的明文字符串密码
Base64.Decoder decoder = Base64.getDecoder();
return decoder.decode(base64Str);
}
}