Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

ssl - How to use .key and .crt file in java that generated by openssl?

I need asymmetric encryption in java. I generate .key and .crt files with own password and .crt file by openssl that said in http://www.imacat.idv.tw/tech/sslcerts.html .
How to use these .key and .crt file to extract publickey and private key in Java?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

Your .key and .crt files may be in PEM format. To check this open them with a text editor and check whether the content looks like ------BEGIN CERTIFICATE------ (or "begin RSA private key"...). This is generally the default format used by OpenSSL, unless you've explicitly specified DER.

It's probably not required (see below), but if your certificate is in DER format (a binary format), you can convert them in PEM format using:

openssl x509 -inform DER -in cert.crt -outform PEM -out cert.pem

(Check the help for openssl rsa for doing something similar with the private key if needed.)

You then get two options:

  • Build a PKCS#12 file

    openssl pkcs12 -export -in myhost.crt -inkey myhost.key -out myhost.p12
    

You can then use it directly from Java as a keystore of type "PKCS12". Most Java applications should allow you to specify a keystore type in addition to the file location. For the default system properties, this is done with javax.net.ssl.keyStoreType (but the application you're using might not be using this). Otherwise, if you want to load it explicitly, use something like this:

KeyStore ks = KeyStore.getInstance("PKCS12");
FileInputStream fis =
    new FileInputStream("/path/to/myhost.p12");
ks.load(fis, "password".toCharArray()); // There are other ways to read the password.
fis.close();

(Then, you should be able to iterate through the aliases() of the KeyStore and use getCertificate (and then getPublicKey() for the public key) and getKey().

  • Use BouncyCastle's PEMReader.

     FileReader fr = ... // Create a FileReader for myhost.crt
     PEMReader pemReader = new PEMReader(fr);
     X509Certificate cert = (X509Certificate)pemReader.readObject();
     PublicKey pk = cert.getPublicKey();
     // Close reader...
    

For the private key, you'll need to implement a PasswordFinder (see link from PEMReader doc) for constructing the PEMReader if the private key is password-protected. (You'll need to cast the result of readObject() into a Key or PrivateKey.)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...