keytool生成密钥对
C:\Users\Administrator>keytool -genkey -alias alias1 -keyalg RSA -keysize 1024 -
keystore E:\公司\zhengshu\haha.keystore -validity 4000
输入密钥库口令:
您的名字与姓氏是什么?
[Unknown]: zl
您的组织单位名称是什么?
[Unknown]: zl
您的组织名称是什么?
[Unknown]: zl
您所在的城市或区域名称是什么?
[Unknown]: zl
您所在的省/市/自治区名称是什么?
[Unknown]: zl
该单位的双字母国家/地区代码是什么?
[Unknown]: zl
CN=zl, OU=zl, O=zl, L=zl, ST=zl, C=zl是否正确?
[否]: Y
输入 的密钥口令
(如果和密钥库口令相同, 按回车):
再次输入新口令:
输出Keystore证书
从密钥库haha.keystore中导出别名为alias1的证书到alias1.crt文件中(导出的证书中包括主体信息和公钥)。
keytool -export -alias alias1 -keystore haha.keystore -file alias1.crt
Enter keystore password: ****(输入Keystore操作密码)
查看导出的证书信息
keytool -printcert -file alias1.crt
导入证书
从名为alias2.crt文件中取出别名为alias2的证书信息导入到名为haha.keystore密钥库中。
keytool -import -alias alias2 -keystore haha.keystore -file alias2.crt
package zhengshu;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Base64;
import java.util.Enumeration;
public class Test {
public static void main(String[] args) {
try {
FileInputStream is = new FileInputStream(new File(
"E:\\公司\\zhengshu\\haha.keystore"));
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(is, "123456".toCharArray());
Enumeration<String> aliasEnum = keyStore.aliases();
while (aliasEnum.hasMoreElements()) {
String keyAlias = (String) aliasEnum.nextElement();
System.out.println("List别名item: " + keyAlias);
}
Certificate certificate = keyStore.getCertificate("alias1");
PublicKey publicKey = keyStore.getCertificate("alias1")
.getPublicKey();
PrivateKey privateKey = ((KeyStore.PrivateKeyEntry) keyStore
.getEntry("alias1", new KeyStore.PasswordProtection(
"654321".toCharArray()))).getPrivateKey();
Base64.Encoder en = Base64.getEncoder();
Base64.Decoder de = Base64.getDecoder();
String strPrivateKey = en.encodeToString(privateKey.getEncoded());
System.out.println("私钥 = \n" + strPrivateKey + "\n");
String strPubKey = en.encodeToString(publicKey.getEncoded());
System.out.println("公钥 = \n" + strPubKey + "\n");
String sign = en.encodeToString(sign("测试内容".getBytes(), privateKey,
"SHA1withRSA", null));
System.out.println("签名测试 = \n" + sign + "\n");
boolean verfi = verify("测试内容".getBytes(), de.decode(sign),
publicKey, "SHA1withRSA", null);
System.out.println("验签测试 = \n" + verfi + "\n");
} catch (Exception e) {
e.printStackTrace();
}
}
/**
* 签名
*/
private static byte[] sign(byte[] message, PrivateKey privateKey,
String algorithm, String provider) throws Exception {
Signature signature;
if (null == provider || provider.length() == 0) {
signature = Signature.getInstance(algorithm);
} else {
signature = Signature.getInstance(algorithm, provider);
}
signature.initSign(privateKey);
signature.update(message);
return signature.sign();
}
/**
* 验签
*/
private static boolean verify(byte[] message, byte[] signMessage,
PublicKey publicKey, String algorithm, String provider)
throws Exception {
Signature signature;
if (null == provider || provider.length() == 0) {
signature = Signature.getInstance(algorithm);
} else {
signature = Signature.getInstance(algorithm, provider);
}
signature.initVerify(publicKey);
signature.update(message);
return signature.verify(signMessage);
}
}