尝试获取PKCS12文件的私钥时.getKey()方法出错?

时间:2015-03-25 17:17:47

标签: java key private keystore pkcs#12

我有一些奇怪的错误,我无法弄清楚,尽管在Google上搜索数小时并且堆栈溢出。

我有一个PKCS12文件(.p12),我在命令行上使用OpenSSL自行生成。这似乎很好。但是,在尝试检索此.p12密钥库的私钥时,我得到的是完整的文件而不是私钥。

.p12文件创建如下:

openssl ecparam -genkey -name secp256r1 | openssl ec -out privateKeys/contractCert.key -aes128 -passout file:passphrase.txt
openssl req -new -key privateKeys/contractCert.key -passin file:passphrase.txt -config configs/contractCert.cnf -extensions ext -out csrs/contractCert.csr
openssl x509 -req -in csrs/contractCert.csr -extfile configs/contractCert.cnf -extensions ext -CA certs/moSub2CA.pem -CAkey privateKeys/moSub2CA.key -set_serial 12 -passin file:passphrase.txt -days 730 -out certs/contractCert.pem
cat certs/oemSub1CA.pem certs/oemSub2CA.pem > certs/intermediateMOCAs.pem
openssl pkcs12 -export -inkey privateKeys/contractCert.key -in certs/contractCert.pem -certfile certs/intermediateMOCAs.pem -aes128 -passin file:passphrase.txt -passout file:passphrase2.txt -name contract_cert -out certs/contractCert.p12

在终端上打印.p12时,我得到this output.

检索密钥的Java代码如下:

public static PrivateKey getPrivateKeyFromPKCS12(String pkcs12Resource) {
    PrivateKey privateKey = null;
    KeyStore contractCertificateKeystore = getPKCS12KeyStore(SecurityUtils.class.getResource(pkcs12Resource).getFile(), GlobalValues.PASSPHRASE_FOR_CERTIFICATES_AND_KEYS.toString());

    try {
        PrivateKey privateContractCertKey = (PrivateKey) contractCertificateKeystore.getKey("contract_cert", GlobalValues.PASSPHRASE_FOR_CERTIFICATES_AND_KEYS.toString().toCharArray());
        System.out.println("\nprivateContractCertKey key of " + privateContractCertKey.getEncoded().length + " bytes: " + ByteUtils.toHexString(privateContractCertKey.getEncoded()));
    } catch (KeyStoreException | UnrecoverableKeyException | NoSuchAlgorithmException e) {
        getLogger().error("The private key from PKCS12 file at resource '" + pkcs12Resource + 
                          "' could not be retrieved (" + e.getClass().getSimpleName() + ")", e);
    }
    return privateKey;
}

当我运行此代码时,我得到了

  

privateContractCertKey的138个字节键:308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B020101042060F7588AA9F63ABB56F215563A387E1694F076DD4EA10D8399C67B5085C58C9CA14403420004F356E2BE57AE7D451449BC5C60D40E84994E49ACC21B5C052671DA8173C085A8CBFF07B33FADF30E52C42FBC1261FB6BC873C2F56AA96BEE331E603DB1C31669

可以看出,私钥 60F7588AA9F63ABB56F215563A387E1694F076DD4EA10D8399C67B5085C58C9C 包含在那里以及公钥 04F356E2BE57AE7D451449BC5C60D40E84994E49ACC21B5C052671DA8173C085A8CBFF07B33FADF30E52C42FBC1261FB6BC873C2F56AA96BEE331E603DB1C31669。

我只是不明白。我怎么能用Java方法获得完全私钥?

0 个答案:

没有答案
相关问题
最新问题