1. KeyStore文件的生成:
keytool -genkeypair -alias alias-name -keypass key-pass -keysize 1024 -keystore key-store-name.keystore -storepass key-store-pass
当然这一步可以在eclipse adt中完成。
2. KeyPair文件的导出
keytool -exportcert -alias alias-name -keypass key-pass -keystore key-store-name.keystore -storepass key-store-pass -file public.crt -rfc
-file参数指定了要导出的PublicKey的文件, -rfc则将导出的PublicKey指定为RFC定义的Base64编码格式。
keytool -printcert -file public.crt
可以用来检查导出的公钥的信息。
openssl x509 -in public.crt -noout -text
这时导出的公钥就可以在OpenSSL中打开了。
这时如果要导出私钥,则需要编写一些代码了:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.PrintWriter;
import java.security.Key;
import java.security.KeyStore;
public class DumpKey {
private static final char[] S_BASE64CHAR = {
'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', '+', '/'
};
private static final char S_BASE64PAD = '=';
private static final byte[] S_DECODETABLE = new byte[128];
static {
for (int i = 0; i < S_DECODETABLE.length; i++)
S_DECODETABLE[i] = Byte.MAX_VALUE; // 127
for (int i = 0; i < S_BASE64CHAR.length; i++)
// 0 to 63
S_DECODETABLE[S_BASE64CHAR[i]] = (byte) i;
}
public static String encode(byte[] data) {
return encode(data, 0, data.length);
}
public static String encode(byte[] data, int off, int len) {
if (len <= 0)
return "";
char[] out = new char[len / 3 * 4 + 4];
int rindex = off;
int windex = 0;
int rest = len - off;
while (rest >= 3) {
int i = ((data[rindex] & 0xff) << 16) + ((data[rindex + 1] & 0xff) << 8) + (data[rindex + 2] & 0xff);
out[windex++] = S_BASE64CHAR[i >> 18];
out[windex++] = S_BASE64CHAR[(i >> 12) & 0x3f];
out[windex++] = S_BASE64CHAR[(i >> 6) & 0x3f];
out[windex++] = S_BASE64CHAR[i & 0x3f];
rindex += 3;
rest -= 3;
}
if (rest == 1) {
int i = data[rindex] & 0xff;
out[windex++] = S_BASE64CHAR[i >> 2];
out[windex++] = S_BASE64CHAR[(i << 4) & 0x3f];
out[windex++] = S_BASE64PAD;
out[windex++] = S_BASE64PAD;
} else if (rest == 2) {
int i = ((data[rindex] & 0xff) << 8) + (data[rindex + 1] & 0xff);
out[windex++] = S_BASE64CHAR[i >> 10];
out[windex++] = S_BASE64CHAR[(i >> 4) & 0x3f];
out[windex++] = S_BASE64CHAR[(i << 2) & 0x3f];
out[windex++] = S_BASE64PAD;
}
return new String(out, 0, windex);
}
static public void main(String[] args) {
if (args.length != 5) {
System.out.println("Usage:");
System.out.println("java DumpKey key-store-file key-store-pass alias-name key-pass private-key-out");
return;
}
String jksFile = args[0];
char[] jksPass = args[1].toCharArray();
String alias = args[2];
char[] keyPass = args[3].toCharArray();
String outFile = args[4];
try {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(new FileInputStream(jksFile), jksPass);
Key key = keyStore.getKey(alias, keyPass);
System.out.println("Key algorithm: " + key.getAlgorithm());
System.out.println("Key format: " + key.getFormat());
System.out.println("Writing key in binary form to " + outFile);
PrintWriter writer = new PrintWriter(new FileOutputStream(outFile));
writer.println("-----BEGIN PRIVATE KEY-----");
String base64 = encode(key.getEncoded());
for (int i = 0, len = base64.length(); i < len; i += 64) {
writer.println(base64.substring(i, Math.min(i + 64, len)));
}
writer.println("-----END PRIVATE KEY-----");
writer.close();
} catch (Exception e) {
e.printStackTrace();
return;
}
}
}
这里我对参考资料的代码进行了修改,避免了导出二进制文件再进行转换的工序。
如果有需要将原始的二进制私钥进行编码,可以使用如下命令:
openssl enc -in private.bin -out private.key -a
-a指定了使用Base64编码完毕后记得在首尾加入-----BEGIN PRIVATE KEY-----和-----END PRIVATE KEY-----最后,即可使用:openssl [dsa|rsa] -in private.key -text来查看私钥内容了。
3. 参考资料:
Migrating Keys from 'keytool' to 'OpenSSL'
扫一扫
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
