.setAlias(mAlias)
// 用于生成自签名证书的主题 X500Principal 接受 RFC 1779/2253的专有名词
.setSubject(new X500Principal(“CN=” + mAlias))
//用于自签名证书的序列号生成的一对。
.setSerialNumber(BigInteger.valueOf(1337))
// 签名在有效日期范围内
.setStartDate(start.getTime())
.setEndDate(end.getTime())
.build();
} else {
//Android 6.0(或者以上)使用KeyGenparameterSpec.Builder 方式来创建,
// 允许你自定义允许的的关键属性和限制
// String AES_MODE_CBC = KeyProperties.KEY_ALGORITHM_AES + “/” +
// KeyProperties.BLOCK_MODE_CBC + “/” +
// KeyProperties.ENCRYPTION_PADDING_PKCS7;
spec = new KeyGenParameterSpec.Builder(mAlias, KeyProperties.PURPOSE_SIGN)
.setCertificateSubject(new X500Principal(“CN=” + mAlias))
.setDigests(KeyProperties.DIGEST_SHA256)
.setSignaturePaddings(KeyProperties.SIGNATURE_PADDING_RSA_PKCS1)
.setBlockModes(KeyProperties.BLOCK_MODE_GCM, KeyProperties.BLOCK_MODE_CTR,
KeyProperties.BLOCK_MODE_CBC, KeyProperties.BLOCK_MODE_ECB)
// .setBlockModes(KeyProperties.BLOCK_MODE_GCM/CTR/CBC/ECB)
.setCertificateSerialNumber(BigInteger.valueOf(1337))
.setCertificateNotBefore(start.getTime())
.setCertificateNotAfter(end.getTime())
.build();
}
KeyPairGenerator kpGenerator = KeyPairGenerator
.getInstance(SecurityConstants.TYPE_RSA,
SecurityConstants.KEYSTORE_PROVIDER_ANDROID_KEYSTORE);
kpGenerator.initialize(spec);
KeyPair kp = kpGenerator.generateKeyPair();
Log.d(“huangxiaoguo”, "公共密钥: " + kp.getPublic().toString());
Log.d(“huangxiaoguo”, "私钥: " + kp.getPrivate().toString());
}
/**
-
签名
-
@param inputStr
-
@return
-
@throws KeyStoreException
-
@throws CertificateException
-
@throws NoSuchAlgorithmException
-
@throws IOException
-
@throws UnrecoverableEntryException
-
@throws InvalidKeyException
-
@throws SignatureException
*/
public static String signData(String inputStr) throws KeyStoreException, CertificateException,
NoSuchAlg