JKS文件是一个java中的密钥管理库,里面可以放各种密钥文件,JKS文件的生成这里暂且不说,这里主要是关注如何从JKS文件中将已有的密钥读取出来。
下面是两个java读取JKS文件中密钥的方法
当然在看懂下面两个方法之前要对JKS文件的结构有所了解:
JKS文件就好像一个仓库,里面可以放很多的东西,这里只存放一类东西就是密钥,仓库当然会有一把锁,防范别人随便乱拿,这个就是JKS文件的密 码。里面存放的密钥也各有不同,每个密钥都有一个名字(在下面叫别名),一类就密钥对,一类叫公钥,一类叫私钥,密钥对就是包含公钥和私钥的。这里的公钥 只要你能进入仓库你就可以随便查看拿走,私钥则是有密码的,只允许有权限的人查看拿走。所以在下面读取密钥时也就有点细微的不同之处,对于读取公钥只需要 知道JKS文件(仓库)的密码就可以了,但是在读取私钥时则必须有私钥的密码也就是你必须要有权限,在下面你会发现,在读取私钥时多了一个参数,对应的就 是私钥的密码。
package com.java.security;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileWriter;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import sun.misc.*;
/**
*
* 从jks文件中导出私钥和证书
*
*/
public class ExportKey {
private File keystoreFile;
private String keyStoreType;
private char[] password;
private String alias;
private File exportedPrivateKeyFile;
private File exportedPublicKeyFile;
public static KeyPair getKeyPair(KeyStore keystore, String alias,char[] password) {
try {
Key key = keystore.getKey(alias, password);
if (key instanceof PrivateKey) {
Certificate cert = keystore.getCertificate(alias);
PublicKey publicKey = cert.getPublicKey();
return new KeyPair(publicKey, (PrivateKey) key);
}
} catch (UnrecoverableKeyException e) {
} catch (NoSuchAlgorithmException e) {
} catch (KeyStoreException e) {
}
return null;
}
public void exportPrivate() throws Exception {
KeyStore keystore = KeyStore.getInstance(keyStoreType);
KeyPair keyPair = getKeyPair(keystore, alias, password);
BASE64Encoder encoder = new BASE64Encoder();
keystore.load(new FileInputStream(keystoreFile), password);
PrivateKey privateKey = keyPair.getPrivate();
String encoded = encoder.encode(privateKey.getEncoded());
FileWriter fw = new FileWriter(exportedPrivateKeyFile);
fw.write("-----BEGIN PRIVATE KEY-----\n");
fw.write(encoded);
fw.write("\n");
fw.write("-----END PRIVATE KEY-----");
fw.close();
}
public void exportCertificate() throws Exception {
KeyStore keystore = KeyStore.getInstance(keyStoreType);
BASE64Encoder encoder = new BASE64Encoder();
keystore.load(new FileInputStream(keystoreFile), password);
Certificate cert = keystore.getCertificate(alias);
String encoded = encoder.encode(cert.getEncoded());
FileWriter fw = new FileWriter(exportedPublicKeyFile);
fw.write("-----BEGIN CERTIFICATE-----\n");
fw.write(encoded);
fw.write("\n");
fw.write("-----END CERTIFICATE-----");
fw.close();
}
public static void main(String args[]) throws Exception {
ExportKey export = new ExportKey();
export.keystoreFile = new File("/home/rain/test.jks");
export.keyStoreType = "JKS";
export.password = "123456".toCharArray();
export.alias = "test";
export.exportedPrivateKeyFile = new File("/home/rain/key/exported-pkcs8.key");
export.exportedPublicKeyFile = new File("/home/rain/key/exported-public.key");
export.exportPrivate();
export.exportCertificate();
}
}