我们用cmd命令进行生成cer证书
生成管理工具
Keytool是一个Java数据证书的管理工具 ,Keytool将密钥(key)和证书(certificates)存在一个称为keystore的文件中
生成命令:
keytool -genkey -alias mykey -keyalg RSA -keystore C:/mykeystore.keystore -keysize 1024 -validity 365
命令解析:
-genkey:生成一对非对称密钥
-alias: 指定一个别名
-keyalg:指定加密算法,通用RSA
-keystore: 指定生成的路径,指定的话,会在相应目录生成.keystore文件
-keysize:长度(可不加)
-validity:证书有效期(可不加)
生成结果:
生成cer证书
生成完keyStore后,我们用命令继续生成cer证书
生成命令:
keytool -export -alias mykey -keystore C:/mykeystore.keystore -file C:/mykey.cer
生成结果:
cer证书解析以及签名验签
public static void main(String[] args) {
String certPath = "C:/mykey.cer";
try {
X509Certificate x509Certificate;
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
FileInputStream fileInputStream = new FileInputStream(certPath);
x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
fileInputStream.close();
PublicKey publicKey = x509Certificate.getPublicKey();
BASE64Encoder encoder=new BASE64Encoder();
String publicStr =encoder.encode(publicKey.getEncoded());
System.out.println("publicKey key = " + publicStr);
String original = "test 6666 ?";
String privateKey = GetPrivateKey("C:/mykeystore.keystore");
System.out.println("私钥:" + privateKey);
String sign = sign(original, privateKey);
System.out.println("签名结果:" + sign);
boolean verify = verify(original, publicStr, sign);
System.out.println("验签:" + verify);
} catch (Exception e) {
e.printStackTrace();
}
}
public static String GetPrivateKey(String kyeStorePath)
{
try{
KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(new FileInputStream(kyeStorePath), "123456".toCharArray());
KeyPair keyPair = getKeyPair(keystore, "mykey", "123456");
assert keyPair != null;
PrivateKey privateKey = keyPair.getPrivate();
BASE64Encoder encoder=new BASE64Encoder();
String encoded=encoder.encode(privateKey.getEncoded());
System.out.println("private key = " + encoded);
return encoded;
}catch(Exception ex){
ex.printStackTrace();
return "";
}
}
//获取KeyPair
public static KeyPair getKeyPair(KeyStore keystore, String alias, String password) {
try {
Key key=keystore.getKey(alias,password.toCharArray());
if(key instanceof PrivateKey) {
Certificate cert= keystore.getCertificate(alias);
BASE64Encoder encoder=new BASE64Encoder();
PublicKey publicKey=cert.getPublicKey();
String encoded=encoder.encode(publicKey.getEncoded());
System.out.println("publicKey2 key = " + encoded);
return new KeyPair(publicKey,(PrivateKey)key);
}
}catch (Exception e) {
e.printStackTrace();
}
return null;
}
public static final String KEY_ALGORITHM = "RSA";
/**
* 校验数字签名
* @param content 数据
* @param privateKey 私钥
* @throws Exception 异常
*
*/
public static String sign(String content, String privateKey) throws Exception {
byte[] data=content.getBytes(StandardCharsets.UTF_8);
// 解密由base64编码的私钥
BASE64Decoder decoder = new BASE64Decoder();
byte[] keyBytes = decoder.decodeBuffer(privateKey);
// 构造PKCS8EncodedKeySpec对象
PKCS8EncodedKeySpec pkcs8KeySpec = new PKCS8EncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取私钥匙对象
PrivateKey priKey = keyFactory.generatePrivate(pkcs8KeySpec);
// 用私钥对信息生成数字签名
Signature signature = Signature.getInstance("SHA384WithRSA");
signature.initSign(priKey);
signature.update(data);
return Base64.getEncoder().encodeToString(signature.sign());
}
/**
* 校验数字签名
*
* @param content 数据
* @param publicKey 公钥
* @param sign 数字签名
* @return 校验成功返回true 失败返回false
* @throws Exception 异常
*
*/
public static boolean verify(String content, String publicKey, String sign)
throws Exception {
byte[] data=content.getBytes(StandardCharsets.UTF_8);
// 解密由base64编码的公钥
BASE64Decoder decoder = new BASE64Decoder();
byte[] keyBytes = decoder.decodeBuffer(publicKey);
// 构造X509EncodedKeySpec对象
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
// KEY_ALGORITHM 指定的加密算法
KeyFactory keyFactory = KeyFactory.getInstance(KEY_ALGORITHM);
// 取公钥匙对象
PublicKey pubKey = keyFactory.generatePublic(keySpec);
Signature signature = Signature.getInstance("SHA384WithRSA");
signature.initVerify(pubKey);
signature.update(data);
// 验证签名是否正常
return signature.verify(Base64.getDecoder().decode(sign));
}
运行结果: