使用Java API,我试图访问存储在Luna HSM中的公钥。即使我能够打印相应的公钥标签名称,但是当我尝试获取公钥时,我无法获得对该公钥的引用。以下是代码段:
KeyStore ks = KeyStore.getInstance("Luna");
ks.load(null, null);
lunaProvider = ks.getProvider();
publicKey = (PublicKey) ks.getKey(alipayImpl.getHsmKeyStorePublicEntryName(), null);
// ****************************************************************************
// ** If the private keystore is not found, return original barcode string. **
// ****************************************************************************
if (publicKey == null) {
throw new Exception("Unable to acquire the Public Key " + alipayImpl.getHsmKeyStorePublicEntryName() + ", Hash will not be verified.");
}
// ***********************************************************
// ** Create a Signature Object and sign the encrypted text **
// ***********************************************************
Signature signatureObject = Signature.getInstance(alipayImpl.getAlipaySignAlgorithm(), lunaProvider);
signatureObject.initVerify(publicKey);
signatureObject.update(signedMessage
.getBytes(AlipayConstants.INPUT_CHARSET_VALUE));
isValidSign = signatureObject.verify(Base64.decode(hash));
我正在正确登录HSM。在访问私钥时,我没有遇到任何问题。 Luna HSM是否有限制只能通过证书获取公钥?
提前致谢。
答案 0 :(得分:0)
你有没有试过这样的事情:
final KeyStore keyStore = KeyStore.getInstance("Luna");
keyStore.load(null, null);
final Certificate certificate = keyStore.getCertificate(alias);
if (certificate == null) {
throw new IllegalArgumentException(String.format("Certificate '%s' does not exists", alias));
}
final PublicKey publicKey = certificate.getPublicKey();
// TODO Working with the public key...
答案 1 :(得分:0)
正确答案是>
LunaKey lk = LunaKey.LocateKeyByAlias(" publicKeyName");
但建议在查询HSM之前使密钥持久化。