使用OpenSSL生成cert证书并在程序中读取其公钥与证书信息_dnbug Blog的博客-CSDN博客_openssl生成cer证书
openssl提取pfx证书密钥对_大叶子不小的博客-CSDN博客_openssl 查看pfx
参照以上两篇文章,生成PFX证书,并且读取出公钥私钥,此时是带着换行符的,将换行符去掉用留存来和后面代码读取出来的进行对比。
读取pfx格式的证书_gqltt的博客-CSDN博客_pfx格式的证书获取
参照上一篇从PFX证书中通过java代码读取出了公钥密钥对象,从对象获得字符串
import javax.crypto.Cipher;
import java.io.FileInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Enumeration;
public class ReadPFX {
public static void main(String[] args) throws Exception {
//PFX存放的地址
String strPfx = "C:\\test.pfx";
//生成PFX文件时输入的密码
String strPassword = "123456";
KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(strPfx);
char[] nPassword = null;
if ((strPassword == null) || strPassword.trim().equals("")) {
nPassword = null;
} else {
nPassword = strPassword.toCharArray();
}
ks.load(fis, nPassword);
fis.close();
System.out.println("keystore type=" + ks.getType());
Enumeration enumas = ks.aliases();
String keyAlias = null;
if (enumas.hasMoreElements())// we are readin just one certificate.
{
keyAlias = (String) enumas.nextElement();
System.out.println("alias=[" + keyAlias + "]");
}
// Now once we know the alias, we could get the keys.
System.out.println("is key entry=" + ks.isKeyEntry(keyAlias));
PrivateKey prikey = (PrivateKey) ks.getKey(keyAlias, nPassword);
Certificate cert = ks.getCertificate(keyAlias);
PublicKey pubkey = cert.getPublicKey();
System.out.println("cert class = " + cert.getClass().getName());
System.out.println("cert = " + cert);
Base64.Encoder encoder = Base64.getEncoder();
//使用java代码从PFX读取到的公钥私钥是没有带换行符的
System.out.println("public key = " + pubkey);
String publicKeyString = encoder.encodeToString(pubkey.getEncoded());
System.out.println("-----------------公钥--------------------");
System.out.println(publicKeyString);
System.out.println("-----------------公钥--------------------");
System.out.println("private key = " + prikey);
String prikeyString = encoder.encodeToString(prikey.getEncoded());
System.out.println("-----------------私钥--------------------");
System.out.println(prikeyString);
System.out.println("-----------------私钥--------------------");
//使用openssl从PFX中读取到的私钥,此时是带着换行符的。
/**从pfx提取密钥信息,并转换为key格式(pfx使用pkcs12模式补足)
(1)提取密钥对
openssl pkcs12 -in test.pfx -nocerts -nodes -out 1.key
//如果pfx证书已加密,会提示输入密码。如果cer证书没有安装,则密码没法验证
(2)从密钥对提取私钥
openssl rsa -in 1.key -out 1_pri.key
(3)从密钥对提取公钥
openssl rsa -in 1.key -pubout -out 1_pub.key
(4)因为RSA算法使用的是pkcs8模式补足,需要对提取的私钥进一步处理
openssl pkcs8 -topk8 -inform PEM -in 1_pri.key -outform PEM -nocrypt
复制窗口中生成的密钥,保存为1_pri_pkcs8.key
(5)得到密钥对1_pri_pkcs8.key和1_pub.keyopenssl pkcs12 -in test.pfx -nocerts -nodes -out 1.key
*/
String privateKeyFromCA = "888888888888888888\n" +
"888888888888888888";
String replace = privateKeyFromCA.replace("\n", "");
System.out.println(replace);
//使用读取到的公钥和私钥进行加解密
String src = "6666666需要加解密6666666666666666";
System.out.println("\n");
String s1 = decryptByPrivateKey(prikeyString, encryptByPublicKey(publicKeyString, src));
System.out.println(s1);
}
/**
* 公钥加密
*
* @param publicKeyText
* @param text
* @return
*/
public static String encryptByPublicKey(String publicKeyText, String text) throws Exception {
X509EncodedKeySpec x509EncodedKeySpec2 = new X509EncodedKeySpec(org.apache.commons.codec.binary.Base64.decodeBase64(publicKeyText));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactory.generatePublic(x509EncodedKeySpec2);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] result = cipher.doFinal(text.getBytes());
return org.apache.commons.codec.binary.Base64.encodeBase64String(result);
}
/**
* 私钥解密
*
* @param privateKeyText
* @param text
* @return
* @throws Exception
*/
public static String decryptByPrivateKey(String privateKeyText, String text) throws Exception {
PKCS8EncodedKeySpec pkcs8EncodedKeySpec5 = new PKCS8EncodedKeySpec(org.apache.commons.codec.binary.Base64.decodeBase64(privateKeyText));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactory.generatePrivate(pkcs8EncodedKeySpec5);
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] result = cipher.doFinal(org.apache.commons.codec.binary.Base64.decodeBase64(text));
return new String(result);
}
}
然后通过可以与openssl读取出的进行对比,发现是一样的。然后参照下一篇文章用公钥私钥进行加密解密
RSA加解密工具类RSAUtils.java,实现公钥加密私钥解密和私钥解密公钥解密_星 ~ 程 @的博客-CSDN博客_java公钥加密私钥解密