1.window系统运行cmd命令
2.跳转到${javahome}/bin路径
3.执行命令keytool -genkey -alias test(别名) -keypass 123123(私钥密码) -keyalg RSA(算法) -sigalg sha256withrsa(算法小类) -keysize 1024(密钥长度) -validity 365(有效期) -keystore d:/test.jks(生成路径) -storepass 123123(主密码)或直接执行(不带注释说明):keytool -genkey -alias test -keypass 123123 -keyalg RSA -sigalg sha256withrsa -keysize 1024 -validity 365 -keystore d:/test.jks -storepass 123123
至此jks格式证书生成完毕
4.转换为Windows的pfx格式,将如下代码贴到编译器中执行:
package test;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class JKS2PFX {
public static final String PKCS12 = "PKCS12";
public static final String JKS = "JKS";
public static final String PFX_KEYSTORE_FILE = "D://test.pfx";
public static final String KEYSTORE_PASSWORD = "123123";
public static final String JKS_KEYSTORE_FILE = "D://test.jks";
public static void coverToPfx() {
try {
KeyStore inputKeyStore = KeyStore.getInstance("JKS");
FileInputStream fis = new FileInputStream(JKS_KEYSTORE_FILE);
char[] nPassword = null;
if ((KEYSTORE_PASSWORD == null)
|| KEYSTORE_PASSWORD.trim().equals("")) {
nPassword = null;
} else {
nPassword = KEYSTORE_PASSWORD.toCharArray();
}
inputKeyStore.load(fis, nPassword);
fis.close();
KeyStore outputKeyStore = KeyStore.getInstance("PKCS12");
outputKeyStore.load(null, KEYSTORE_PASSWORD.toCharArray());
Enumeration enums = inputKeyStore.aliases();
while (enums.hasMoreElements()) { // we are readin just one certificate.
String keyAlias = (String) enums.nextElement();
System.out.println("alias=[" + keyAlias + "]");
if (inputKeyStore.isKeyEntry(keyAlias)) {
Key key = inputKeyStore.getKey(keyAlias, nPassword);
Certificate[] certChain = inputKeyStore
.getCertificateChain(keyAlias);
outputKeyStore.setKeyEntry(keyAlias, key, KEYSTORE_PASSWORD
.toCharArray(), certChain);
}
}
FileOutputStream out = new FileOutputStream(PFX_KEYSTORE_FILE);
outputKeyStore.store(out, nPassword);
out.close();
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
coverToPfx();
}
}
至此,pfx证书已经生成,内含私钥,通过创建时的密码进行签名调用。
5.双击pfx,输入密码导入Windows。
6.在IE中选择“工具--Internet选项--内容”下选择证书,选择base64导出证书公钥,为cer格式,过程如下:
至此,公钥证书已经导出,交给对方进行配置。
私钥提取工具类:
package test;
import sun.misc.BASE64Encoder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.security.*;
import java.security.cert.Certificate;
public class CertUtil {
private File keystoreFile;
private String keyStoreType;
private char[] password;
private String alias;
private File exportedFile;
public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) {
try {
Key key = keystore.getKey(alias, password);
if (key instanceof PrivateKey) {
Certificate cert = keystore.getCertificate(alias);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, (PrivateKey) key);
}
}catch (UnrecoverableKeyException e) {
}catch (NoSuchAlgorithmException e) {
}catch (KeyStoreException e) {
}
return null;
}
public void export()throws Exception {
KeyStore keystore = KeyStore.getInstance(keyStoreType);
BASE64Encoder encoder =new BASE64Encoder();
keystore.load(new FileInputStream(keystoreFile), password);
KeyPair keyPair = getPrivateKey(keystore, alias, password);
PrivateKey privateKey = keyPair.getPrivate();
String encoded = encoder.encode(privateKey.getEncoded());
FileWriter fw =new FileWriter(exportedFile);
fw.write("----BEGIN PRIVATE KEY----\n");
fw.write(encoded);
fw.write("\n");
fw.write("----END PRIVATE KEY----\n");
Certificate cert = keystore.getCertificate(alias);
PublicKey publicKey = cert.getPublicKey();
String encoded2 = encoder.encode(publicKey.getEncoded());
fw.write("----BEGIN CERTIFICATE----\n");
fw.write(encoded2);
fw.write("\n");
fw.write("----END CERTIFICATE----\n");
fw.close();
}
public static void main(String args[])throws Exception {
CertUtil export =new CertUtil();
export.keystoreFile =new File("/D:/jskey/test.jks");
export.keyStoreType ="JKS";
export.password ="123123".toCharArray();
export.alias ="test";
export.exportedFile =new File("outputjskey");
export.export();
}
}