如何以ASN.1格式导出X509Certificate
?
我找到了如何使用.cer
扩展名导出到 DER 和 PEM ,但我找不到如何导出为ASN.1格式。任何人都可以帮助我吗?
这是我的PEM:
JcaPEMWriter pemWrt = new JcaPEMWriter(new FileWriter(path + ".cer"))
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(loadCertificate);
pemWrt.writeObject(certificate);
pemWrt.flush();
pemWrt.close();
这是我的DER:
X509Certificate certificate = (X509Certificate) keyStore.getCertificate(loadCertificate);
FileOutputStream fileWrite = new FileOutputStream(new File(path + ".cer"));
fileWrite.write(certificate.getEncoded());
fileWrite.flush();
fileWrite.close();
答案 0 :(得分:5)
First of all, keep in mind that ASN.1 is not a format per se, it's a description language that defines a structure, and PEM is just one way to format these defined structure. (Many cryptography standards use ASN.1 to define their data structures, and PEM or DER (Distinguished Encoding Rules) to serialize those structures.)
So, PEM and DER are just 2 different ways to write information that was defined by ASN.1. You can export something to PEM or DER, but there's no such thing as "export to ASN.1 format" (because ASN.1 is not a format).
The .cer
extension is just a file extension for digital certificates, but this certificate can be either in PEM or DER (it doesn't matter, and the extension won't change).
So, when you use JcaPEMWriter
, you are already creating the file in PEM format. And when you use certificate.getEncoded()
, you are already writing the bytes in DER format.
答案 1 :(得分:0)
这是一个非常老的问题,但是我在OpenSSL命令下面发现了隐匿Cert DER / PEM格式数据到ASN1的信息。
openssl asn1parse -in Cerificate.pem -inform PEM
希望这会对以后的人有所帮助。