我有以下测试代码来创建测试PKCS#12密钥库:
X509Certificate[] chain = new X509Certificate[1];
long currentTime = new Date().getTime();
Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000);
long validity = (long) 30 * 24 * 60 * 60 * 365;
Date lastDate = new Date(currentTime + validity * 1000);
String myName = "CN=TestKeys, L=Test, C=US";
X509V3CertificateGenerator cg = new X509V3CertificateGenerator();
cg.setSerialNumber(BigInteger.valueOf(firstDate.getTime()));
cg.setSignatureAlgorithm("SHA1withRSA");
cg.setSubjectDN(new X500Principal(myName));
if ( publicKey==null ) {
throw new Exception("Public key is null");
}
cg.setPublicKey(publicKey);
cg.setNotBefore(firstDate);
cg.setNotAfter(lastDate);
cg.setIssuerDN(new X500Principal(myName));
chain[0] = cg.generate(keyPair.getPrivate());
char[] pwd = "0000000000000000".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, pwd);
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(pwd);
KeyStore.PrivateKeyEntry pkEntry = new KeyStore.PrivateKeyEntry(privateKey, chain);
ks.setEntry("keypair", pkEntry, protParam);
String keyStoreFile = "rsakey.p12";
FileOutputStream fos = new FileOutputStream(keyStoreFile);
ks.store(fos, pwd);
fos.close();
然后我想将创建的rsakey.p12导入到MS Certificate Store中,但是我收到以下错误:
发生内部错误。这可以是用户配置文件不是 可访问的或您要导入的私钥可能需要 您系统上未安装的加密服务提供程序。
当privateKey是RSAPrivateKey的实例时会发生这种情况。如果privateKey是RSAPrivateCRTKey的实例,则导入有效。
您可以通过以下链接查看两个文件的示例: https://onedrive.live.com/?cid=321f74d3665268eb&id=321F74D3665268EB%2120994
rsakey.p12
RSAPrivateCRTKey - 可以导入到MS rsakey-not.p12使用上述代码创建,privateKey为RSAPrivateKey - 无法导入MS 区别是什么?为什么导入仅适用于RSAPrivateCRTKey?