如何确定X509公钥的长度

时间:2015-09-14 20:25:02

标签: java x509certificate x509

如何确定Java中X509公钥的长度(以位为单位)?

我希望获得与#34; Public-Key"相同的价值。在运行" openssl x509 -in cert.crt -noout -text"。例如:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            17:00:00:01:a2:41:4b:56:3e:99:ba:92:b5:00:02:00:00:01:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: DC=com, DC=magnicomp, CN=MagniComp Issuing CA
        Validity
            Not Before: Sep 14 17:23:18 2015 GMT
            Not After : Sep 13 17:23:18 2016 GMT
        Subject: CN=dim.magnicomp.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)

我有一个X509Certificate对象,我已经使用getPublicKey()返回的PublicKey值,但我似乎无法弄清楚如何确定密钥长度

2 个答案:

答案 0 :(得分:5)

如果您知道所使用的算法是RSA,则可以将公钥转换为pserve.py并使用RSAPublicKey获取密钥长度:

FileInputStream fin = new FileInputStream("certificate.pem");
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate) f.generateCertificate(fin);
RSAPublicKey rsaPk = (RSAPublicKey) certificate.getPublicKey();
System.out.println(rsaPk.getModulus().bitLength());

对于DSA公钥,您需要检查使用getModulus()getP()获得的素数和次级素数的位长:

DSAPublicKey dsaPk = (DSAPublicKey) certificate.getPublicKey();
System.out.println(dsaPk.getParams().getP().bitLength());
System.out.println(dsaPk.getParams().getQ().bitLength());

答案 1 :(得分:4)

来自EJBCA源代码org.ejbca.util.keystore.KeyTools#getKeyLength的片段,用于计算各种算法的公钥的密钥长度:

/**
 * Gets the key length of supported keys
 * @param pk PublicKey used to derive the keysize
 * @return -1 if key is unsupported, otherwise a number >= 0. 0 usually means the length can not be calculated, 
 * for example if the key is an EC key and the "implicitlyCA" encoding is used.
 */
public static int getKeyLength(final PublicKey pk) {
    int len = -1;
    if (pk instanceof RSAPublicKey) {
        final RSAPublicKey rsapub = (RSAPublicKey) pk;
        len = rsapub.getModulus().bitLength();
    } else if (pk instanceof JCEECPublicKey) {
        final JCEECPublicKey ecpriv = (JCEECPublicKey) pk;
        final org.bouncycastle.jce.spec.ECParameterSpec spec = ecpriv.getParameters();
        if (spec != null) {
            len = spec.getN().bitLength();              
        } else {
            // We support the key, but we don't know the key length
            len = 0;
        }
    } else if (pk instanceof ECPublicKey) {
        final ECPublicKey ecpriv = (ECPublicKey) pk;
        final java.security.spec.ECParameterSpec spec = ecpriv.getParams();
        if (spec != null) {
            len = spec.getOrder().bitLength(); // does this really return something we expect?
        } else {
            // We support the key, but we don't know the key length
            len = 0;
        }
    } else if (pk instanceof DSAPublicKey) {
        final DSAPublicKey dsapub = (DSAPublicKey) pk;
        if ( dsapub.getParams() != null ) {
            len = dsapub.getParams().getP().bitLength();
        } else {
            len = dsapub.getY().bitLength();
        }
    } 
    return len;
}
相关问题
最新问题