标题生成JKS密钥库,并查看证书
生成keystore文件
keytool -genkeypair -keysize 2048 -validity 36500 -alias "privateKey" -keyalg "RSA" -keystore "privateKeys.keystore" -storepass "密码" -keypass "密码" -dname "CN=sjjy, OU=sdma, O=sdma, L=jinan, ST=shandong, C=zh_cn"
keytool -importkeystore -srcalias "privateKey" -srckeystore privateKeys.keystore -srcstorepass "密码" -srckeypass "密码" -destkeystore privateKeys.keystore -deststoretype pkcs12 -destkeypass "密码"
keytool -list -v -keystore privateKeys.keystore
生成cer
keytool -export -alias "privateKey" -keystore privateKeys.keystore -storetype PKCS12 -storepass "密码" -rfc -file "certfile.cer"
生成公钥
keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicKeys.keystore" -storetype PKCS12 -storepass "密码"
导入证书
keytool -import -alias "publicCert" -file "certfile.cer" -keystore "publicKeys.keystore" -storetype PKCS12 -storepass "密码"
java加解密
部分操作依赖hutool工具(https://www.hutool.cn/docs/#/)
import cn.hutool.core.codec.Base64;
import cn.hutool.core.io.FileUtil;
import cn.hutool.core.io.IoUtil;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.GlobalBouncyCastleProvider;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.*;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
/**
* 从私钥文件和公钥文件读取对应的密钥
*
* @author <a href="https://github.com/zichen1019">zichen</a>
*/
public class KeyStoreUtils {
private static final String PKCS12 = "PKCS12";
private static final String ALIAS = "privateKey";
private static final char[] PASSWORD = "密码".toCharArray();
private static final String X_509 = "X.509";
// 证书、私钥文件存放路径
private static final String PATH = "C:\\Users\\admin\\.keytool\\";
/**
* 从私钥文件中读取私钥
*
* @return 私钥
*/
public static PrivateKey getPrivateKey() {
KeyStore store;
InputStream fileInputStream = null;
try {
store = KeyStore.getInstance(PKCS12);
fileInputStream = new FileInputStream(FileUtil.file(PATH + "privateKeys.keystore"));
// LOADED
store.load(fileInputStream, PASSWORD);
// PrivateKey pk = (PrivateKey) store.getKey(ALIAS, PASSWORD);
// System.err.println("私钥:" + Base64.encode(pk.getEncoded()));
/*// 从私钥获取公钥
Certificate ca = store.getCertificate(ALIAS);
System.err.println("公钥:" + Base64.encode(ca.getPublicKey().getEncoded()));*/
return (PrivateKey) store.getKey(ALIAS, PASSWORD);
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | CertificateException | UnrecoverableKeyException e) {
e.printStackTrace();
throw new RuntimeException("获取私钥失败!");
} finally {
IoUtil.close(fileInputStream);
}
}
/**
* 从证书文件中读取公钥
*
* @return 公钥
*/
public static PublicKey getPublicKey() {
InputStream fileInputStream = null;
try {
fileInputStream = new FileInputStream(FileUtil.file(PATH + "certfile.cer"));
CertificateFactory cf = CertificateFactory.getInstance(X_509);
Certificate c = cf.generateCertificate(fileInputStream);
System.err.println("证书:" + Base64.encode(c.getEncoded()));
System.out.println("公钥:"+ Base64.encode(c.getPublicKey().getEncoded()));
return c.getPublicKey();
} catch (IOException | CertificateException e) {
e.printStackTrace();
throw new RuntimeException("获取公钥失败!");
} finally {
IoUtil.close(fileInputStream);
}
}
public static void main(String[] args) {
GlobalBouncyCastleProvider.setUseBouncyCastle(false);
RSA rsa = new RSA();
rsa.setPublicKey(getPublicKey());
String content = "Mm123456@#";
String ciphertext = StrUtil.str(rsa.encryptBase64(content, KeyType.PublicKey), CharsetUtil.CHARSET_UTF_8);
System.err.println("密文:" + ciphertext);
RSA rsa2 = new RSA();
rsa2.setPrivateKey(getPrivateKey());
String cc = rsa2.decryptStr(ciphertext, KeyType.PrivateKey);
System.err.println("解密后:" + cc);
}
}