如何从java中的pfx文件/ pem文件中获取RSA公钥的指数和模数值

时间:2014-01-03 05:20:12

标签: java security openssl keystore pfx

我想使用java从pfx文件中提取有关RSA公钥的信息。

我有一个pfx文件并转换为x509 Pem文件。从pem文件,在终端中使用以下命令:

openssl x509 -in file.pem -text

我能够查看公钥指数和模数值

主题公钥信息:

Public Key Algorithm: rsaEncryption
    Public-Key: (2048 bit)
    Modulus:
        00:da:7c:e0:3e:c4:62:8d:ce:29:04:2f:93:78:7c:
        :
         6a:e7:c9:7c:8b:6f:09:5c:75:5f:8c:5e:9c:6a:b9:
        7:32:90: a4:4b
    Exponent: 65537 (0x10001)

如何在java中提取上述信息?

输入: pfx文件和密码

输出:公钥指数和模数值。

我使用下面的代码来提取公钥指数和模数,但我没有得到使用openssl提取的值。我怀疑java.security.cert.Certificate是否使用了其他一些DER格式?

openssl的java等价物是什么?

代码: 

KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(file), password.toCharArray());
Enumeration enumeration = ks.aliases();
while (enumeration.hasMoreElements()) {
    String alias = (String) enumeration.nextElement();
    java.security.cert.Certificate certificate = ks.getCertificate(alias);
    PublicKey publickey = certificate.getPublicKey();
}

4 个答案:

答案 0 :(得分:4)

您需要向下转换为透明java.security.interfaces.RSAPublicKey类型。然后你可以访问模数和公共指数。

KeyStore ks = KeyStore.getInstance("pkcs12");
ks.load(new FileInputStream(file), password.toCharArray());
Enumeration<String> enumeration = ks.aliases();
while (enumeration.hasMoreElements()) {
  String alias = enumeration.nextElement();
  Certificate certificate = ks.getCertificate(alias);
  RSAPublicKey pub = (RSAPublicKey) certificate.getPublicKey();
  System.out.println(pub.getModulus().toString(16));
  System.out.println(pub.getPublicExponent().toString(16));
}

答案 1 :(得分:2)

Adding to the above Java Program to extract the n-modulus and e-exponent of the Base64 format of RSA would be as follows.

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;

public class ModulusExpFromPublicKeyRSA {
    public static void main(String args[]) {
        String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB";

        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            byte[] keyBytes = Base64.getDecoder().decode(publicKey.getBytes("UTF-8"));
            X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
            PublicKey fileGeneratedPublicKey = keyFactory.generatePublic(spec);
            RSAPublicKey rsaPub  = (RSAPublicKey)(fileGeneratedPublicKey);
            BigInteger publicKeyModulus = rsaPub.getModulus();
            BigInteger publicKeyExponent  = rsaPub.getPublicExponent();
            System.out.println("publicKeyModulus: " + publicKeyModulus);
            System.out.println("publicKeyExponent: " + publicKeyExponent);
            String nModulus=Base64.getUrlEncoder().encodeToString(publicKeyModulus.toByteArray());
            String eExponent=Base64.getUrlEncoder().encodeToString(publicKeyExponent.toByteArray());
            System.out.println("n Modulus for RSA Algorithm: " + nModulus);
            System.out.println("e Exponent for RSA Algorithm: " + eExponent);
        } catch (NoSuchAlgorithmException | UnsupportedEncodingException | InvalidKeySpecException e) {
            System.out.println(e.getMessage());
            e.printStackTrace();
        }


    }

}


publicKeyModulus: 119445732379544598056145200053932732877863846799652384989588303737527328743970559883211146487286317168142202446955508902936035124709397221178664495721428029984726868375359168203283442617134197706515425366188396513684446494070223079865755643116690165578452542158755074958452695530623055205290232290667934914919
publicKeyExponent: 65537
n Modulus for RSA Algorithm: AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU-quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX_eP6yRnpS1b7m7T2Uc2yPq1DnWzVI-sIGR51s1_ROnQZswkPJHh71PThln
e Exponent for RSA Algorithm: AQAB

答案 2 :(得分:0)

我正在添加此答案,因为我最近尝试使用java从原始公钥字符串中获取模数和指数(另请参见https://crypto.stackexchange.com/questions/18031/how-to-find-modulus-from-a-rsa-public-key,并从中获得以下公钥),并认为其他人可能会发现以下代码有帮助:

String publicKey = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB";

try {
        KeyFactory keyFactory = KeyFactory.getInstance("RSA");
        byte[] keyBytes = Base64.getDecoder().decode(publicKey.getBytes("UTF-8"));
        X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
        PublicKey fileGeneratedPublicKey = keyFactory.generatePublic(spec);
        RSAPublicKey rsaPub  = (RSAPublicKey)(fileGeneratedPublicKey);
        BigInteger publicKeyModulus = rsaPub.getModulus();
        BigInteger publicKeyExponent  = rsaPub.getPublicExponent();
        System.out.println("publicKeyModulus: " + publicKeyModulus);
        System.out.println("publicKeyExponent: " + publicKeyExponent);
    } catch (NoSuchAlgorithmException | UnsupportedEncodingException | InvalidKeySpecException e) {
        System.out.println(e.getMessage());
        e.printStackTrace();
    }

提供预期的输出:

publicKeyModulus: 119445732379544598056145200053932732877863846799652384989588303737527328743970559883211146487286317168142202446955508902936035124709397221178664495721428029984726868375359168203283442617134197706515425366188396513684446494070223079865755643116690165578452542158755074958452695530623055205290232290667934914919
publicKeyExponent: 65537

答案 3 :(得分:0)

根据JWKS URL验证JSON WebToken将很有帮助。例如,示例JWKS密钥如下。 

{
  "keys": [
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "c424b67b-fe28-45d7-b015-f79da50b5b21",
      "alg": "RS256",
      "n": "AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU-quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX_eP6yRnpS1b7m7T2Uc2yPq1DnWzVI-sIGR51s1_ROnQZswkPJHh71PThln",
      "e": "AQAB"
    },
    {
      "use": "sig",
      "kty": "RSA",
      "kid": "9b9d0b47-b9ed-4ba6-9180-52fc5b161a3a",
      "alg": "RS256",
      "n": "AKoYq6Q7UN7vOFmPr4fSq2NORXHBMKm8p7h4JnQU-quLRxvYll9cn8OBhIXq9SnCYkbzBVBkqN4ZyMM4vlSWy66wWdwLNYFDtEo1RJ6yZBExIaRVvX_eP6yRnpS1b7m7T2Uc2yPq1DnWzVI-sIGR51s1_ROnQZswkPJHh71PThln",
      "e": "AQAB"
    }
  ]
}

JWKS的描述如下。

n:    Modulus of the Public Key
alg:  the signing algorithm.
kid:  a unique id for every key in the set.
e:    Exponent part of RSA algorithm
use:  This denotes the Signature Validation
相关问题
最新问题