這篇文章主要講解了“Java的JCEKS有什么作用”��,文中的講解內(nèi)容簡單清晰,易于學(xué)習(xí)與理解���,下面請大家跟著小編的思路慢慢深入,一起來研究和學(xué)習(xí)“Java的JCEKS有什么作用”吧�!
讓客戶滿意是我們工作的目標,不斷超越客戶的期望值來自于我們對這個行業(yè)的熱愛��。我們立志把好的技術(shù)通過有效�����、簡單的方式提供給客戶����,將通過不懈努力成為客戶在信息化領(lǐng)域值得信任���、有價值的長期合作伙伴,公司提供的服務(wù)項目有:域名注冊���、網(wǎng)頁空間���、營銷軟件、網(wǎng)站建設(shè)��、英山網(wǎng)站維護���、網(wǎng)站推廣�����。
JCEKS
JCEKS是Java平臺的一個密鑰庫格式����,將密鑰存儲在密鑰庫中以防止加密密鑰的暴露�����。在JCEKS中存儲和裝載不同條目的過程類似于JKS�,只需在調(diào)用KeyStore.getInstance()時更改相應(yīng)的JCEKS密鑰庫類型。
存儲密鑰
密鑰可以通過一下代碼存儲到JCEKS中:
try{
KeyStore keyStore = KeyStore.getInstance("JCEKS");
keyStore.load(null, null);
KeyGenerator keyGen = KeyGenerator.getInstance("DES");
keyGen.init(56);;
Key key = keyGen.generateKey();
keyStore.setKeyEntry("secret", key, "password".toCharArray(), null);
keyStore.store(new FileOutputStream("output.jceks"), "password".toCharArray());
} catch (Exception ex) {
ex.printStackTrace();
}加載密鑰
代碼如下:
try{
KeyStore keyStore = KeyStore.getInstance("JCEKS");
keyStore.load(new FileInputStream("output.jceks"), "password".toCharArray());
Key key = keyStore.getKey("secret", "password".toCharArray());
System.out.println(key.toString());
} catch (Exception ex) {
ex.printStackTrace();
}輸出代碼:
javax.crypto.spec.SecretKeySpec@fffe7b9b
PKCS12
PKCS12是公鑰加密標準�,它規(guī)定了可包含所有私鑰、公鑰和證書����。其以二進制格式存儲,也稱為 PFX 文件�����,在windows中可以直接導(dǎo)入到密鑰區(qū)���。注意��,PKCS12的密鑰庫保護密碼同時也用于保護Key�����。
創(chuàng)建PKCS12密鑰庫
在把一個條目存入PKCS12之前必須先加載密鑰庫��,這意味著我們必須首先創(chuàng)建一個密鑰庫��。簡單創(chuàng)建一個PKCS12密鑰庫的方式如下:
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, null);
keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
} catch (Exception ex){
ex.printStackTrace();
}需要注意的是��,在調(diào)用keyStore.load(null, null)時�,兩個null是作為輸入密鑰流和密碼傳遞的。這是因為我們沒有可用的密鑰庫��。運行這段代碼后��,當(dāng)前工作目錄中應(yīng)該會輸出一個名為output.p12的文件����。
存儲密鑰
代碼如下:
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(null, null);
KeyGenerator keyGen = KeyGenerator.getInstance("AES");
keyGen.init(128);
Key key = keyGen.generateKey();
keyStore.setKeyEntry("secret", key, "password".toCharArray(), null);
keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
} catch (Exception ex){
ex.printStackTrace();
}存儲私鑰
密鑰庫包含可用于網(wǎng)絡(luò)上的SSL通信的私鑰和證書:
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// keyStore.load(new FileInputStream("output.p12"),"password".toCharArray());
keyStore.load(null, null);;
CertAndKeyGen gen = new CertAndKeyGen("RSA","SHA1WithRSA");
gen.generate(1024);
Key key=gen.getPrivateKey();
X509Certificate cert=gen.getSelfCertificate(new X500Name("CN=ROOT"), (long)365*24*3600);
X509Certificate[] chain = new X509Certificate[1];
chain[0]=cert;
keyStore.setKeyEntry("private", key, "password".toCharArray(), chain);
keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
}catch(Exception ex){
ex.printStackTrace();
}別忘了調(diào)用keyStore.store()來保存密鑰,否則條目在程序退出時會丟失���。
存儲證書
存儲證書可以調(diào)用KeyStore.setCertificateEntry():
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// keyStore.load(new FileInputStream("output.p12"),"password".toCharArray());
keyStore.load(null, null);;
CertAndKeyGen gen = new CertAndKeyGen("RSA","SHA1WithRSA");
gen.generate(1024);
X509Certificate cert=gen.getSelfCertificate(new X500Name("CN=ROOT"), (long)365*24*3600);
keyStore.setCertificateEntry("cert", cert);
keyStore.store(new FileOutputStream("output.p12"), "password".toCharArray());
}catch(Exception ex){
ex.printStackTrace();
}存儲的證書可以通過調(diào)用提供別名的KeyStore.getCertificate() 來提取��,例如:
Certificate cert = keyStore.getCertificate("cert");加載私鑰
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("output.p12"), "password".toCharArray());
Key pvtKey = keyStore.getKey("private", "password".toCharArray());
System.out.println(pvtKey.toString());
} catch (Exception ex){
ex.printStackTrace();
}代碼輸出:
sun.security.rsa.RSAPrivateCrtKeyImpl@ffff2466
加載證書鏈
如果一個證書鏈存在密鑰庫中�����,我們可以通過調(diào)用KeyStore.getCertificateChain()來加載:
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("output.p12"), "password".toCharArray());
Key pvtKey = keyStore.getKey("private", "password".toCharArray());
System.out.println(pvtKey.toString());
java.security.cert.Certificate[] chain = keyStore.getCertificateChain("private");
for(java.security.cert.Certificate cert:chain){
System.out.println(cert.toString());
}
} catch (Exception ex){
ex.printStackTrace();
}輸出:
[
[
Version: V3
Subject: CN=ROOT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 107262652552256813768678166856978781385254195794582600239703451044252881438814396239031781495369251659734172714120481593881055888193254336293673302267462500060447786562885955334870856482264000504019061160524587434562257067298291769329550807938162702640388267016365640782567817416484577163775446236245223552189
public exponent: 65537
Validity: [From: Mon Jan 05 13:03:29 SGT 2015,
To: Tue Jan 05 13:03:29 SGT 2016]
Issuer: CN=ROOT
SerialNumber: [ 5e5ca8a4]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 22 21 BF 73 A6 6D 12 9B F7 49 6C 0E B3 50 6A 9D "!.s.m...Il..Pj.
0010: FA 30 43 22 32 FF 54 95 80 2E B3 8B 6F 59 D4 B5 .0C"2.T.....oY..
0020: 6C A6 AE 89 B7 18 9A A8 35 7D 65 37 BF ED A3 F4 l.......5.e7....
0030: E7 DB 5D 5F 9B DA 4B FA 39 04 9B 4D DB C2 3E FA ..]_..K.9..M..>.
0040: 3B C2 63 F8 1E BE 03 F3 BD 1C D4 8A 8E 3C 51 68 ;.c..........
注:如何在Java中創(chuàng)建證書鏈��?可參考:點此進入
加載證書
加載證書可以通過調(diào)用KeyStore.getCertificate()來實現(xiàn):
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("output.p12"), "password".toCharArray());
java.security.cert.Certificate cert = keyStore.getCertificate("private");
System.out.println(cert);
} catch (Exception ex){
ex.printStackTrace();
}輸出:
[
[
Version: V3
Subject: CN=ROOT
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 107262652552256813768678166856978781385254195794582600239703451044252881438814396239031781495369251659734172714120481593881055888193254336293673302267462500060447786562885955334870856482264000504019061160524587434562257067298291769329550807938162702640388267016365640782567817416484577163775446236245223552189
public exponent: 65537
Validity: [From: Mon Jan 05 13:03:29 SGT 2015,
To: Tue Jan 05 13:03:29 SGT 2016]
Issuer: CN=ROOT
SerialNumber: [ 5e5ca8a4]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 22 21 BF 73 A6 6D 12 9B F7 49 6C 0E B3 50 6A 9D "!.s.m...Il..Pj.
0010: FA 30 43 22 32 FF 54 95 80 2E B3 8B 6F 59 D4 B5 .0C"2.T.....oY..
0020: 6C A6 AE 89 B7 18 9A A8 35 7D 65 37 BF ED A3 F4 l.......5.e7....
0030: E7 DB 5D 5F 9B DA 4B FA 39 04 9B 4D DB C2 3E FA ..]_..K.9..M..>.
0040: 3B C2 63 F8 1E BE 03 F3 BD 1C D4 8A 8E 3C 51 68 ;.c..........
導(dǎo)入導(dǎo)出密鑰和證書
PKCS12密鑰庫可以用于導(dǎo)入導(dǎo)出密鑰和證書����,下面的代碼演示了從PKCS12導(dǎo)出一個私鑰并導(dǎo)入到JKS密鑰庫中:
try{
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(new FileInputStream("output.p12"), "password".toCharArray());
Key pvtKey = keyStore.getKey("private", "password".toCharArray());
java.security.cert.Certificate[] chain = keyStore.getCertificateChain("private");
KeyStore jksStore = KeyStore.getInstance("JKS");
jksStore.load(null, null);;
jksStore.setKeyEntry("jksPrivate", pvtKey, "newpassword".toCharArray(), chain);
jksStore.store(new FileOutputStream("output.jks"), "password".toCharArray());
} catch (Exception ex){
ex.printStackTrace();感謝各位的閱讀���,以上就是“Java的JCEKS有什么作用”的內(nèi)容了�����,經(jīng)過本文的學(xué)習(xí)后���,相信大家對Java的JCEKS有什么作用這一問題有了更深刻的體會,具體使用情況還需要大家實踐驗證�����。這里是創(chuàng)新互聯(lián)���,小編將為大家推送更多相關(guān)知識點的文章�,歡迎關(guān)注�!
分享文章:Java的JCEKS有什么作用
網(wǎng)站URL:
http://weahome.cn/article/jjcpeg.html
重慶分公司
重慶分公司
