从DEROctetString到KeyUsage

时间:2010-06-27 23:05:56

标签: java security certificate bouncycastle pki

bouncycastle中,我可以从KeyUsage开始创建DEROctetString。

如何从DEROctetString开始获取KeyUsage呢?

示例:

DEROctetString derString = new DEROctetString(new KeyUsage(KeyUsage.digitalSignature));
KeyUsage ku = ...(some code to get back KeyUsage starting from derString)...

我需要这个,因为我能够使用KeyUsage扩展请求创建证书请求,但是,仅凭证书请求,我就无法取回KeyUsage扩展。

2 个答案:

答案 0 :(得分:1)

我找到了使用ASN1InputStream的解决方案:

ASN1InputStream ais = new ASN1InputStream(derOctetString.getOctetStream());
KeyUsage ku = new KeyUsage((DERBitString) ais.readObject());

有效!

答案 1 :(得分:0)

KeyUsage在X.509中定义为

 id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }

 KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }

因此为它创建Octet字符串是错误的。如果你创建了DERBitString,KeyUsage就有了一个构造函数。

相关问题
最新问题