Question

我正在尝试使用Java KeyStore库在JKS文件中存储多个私钥。我创建了一个写入和读取JKS文件的方法，但私钥未保存在文件中。

当我将某些东西存储到KeyStore中时，我可以获得密钥库中的所有别名，并且新密钥就在那里。一旦方法关闭并且尝试拉出相同的密钥，它就找不到密钥。

Main.java

public static void main(String[] args) throws Exception {
    //Create keys
    main m = new main();
    m.getOrSetPrivateKey("123", "123", privateKey, false);

    PrivateKey p = m.getOrSetPrivateKey("123", "123", null, true);

    if (p.equals(c.getPriv_key()))
        System.err.println("Equal");
    else
        System.err.println("Not equal !!!!!!!!");

}


private synchronized PrivateKey getOrSetPrivateKey(String alias, String id, PrivateKey c, boolean read ) throws InterruptedException, IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException, InvalidKeySpecException, NotSupportedException, UnrecoverableKeyException {
    PrivateKey key = null; 

    InputStream inpusStream = new FileInputStream(getFile2(Constants.JKS_PRIVATE_FILE_NAME));
    KeyStore keyStore = null;
    try {
        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(inpusStream, Constants.JKS_PRIVATE_FILE_PASSWORD);
    } finally {
        if (inpusStream != null)
            inpusStream.close();
    }
    Enumeration<String> s = keyStore.aliases();

    while (s.hasMoreElements())
        System.err.println("[ " + s.nextElement() + " ]");

    //Generate password for this private key
    char [] pass = getKeyPassword(c, alias, id);


    if (read == true) { //If reading/getting private key from file store
        boolean isKeyEntry = keyStore.isKeyEntry(alias);//Check if there is a key with the alias deviceSerialnumber
        if (!isKeyEntry) {//No key with this alias exists
            throw new KeyStoreException("No key with alias " + alias + " exists!");
        }

        key = (PrivateKey) keyStore.getKey(alias, pass);

    } else { //Writing/ saving key to the file store
        keyStore.setKeyEntry(alias, c , pass, new Certificate[] { createCertificate() });
        FileOutputStream out = new FileOutputStream(new File(Constants.JKS_PRIVATE_FILE_NAME), true);
        try { 
            keyStore.store(out, pass);

            System.out.println("Alias exists = " + keyStore.containsAlias(alias));
        } finally { 
            if (out != null)
                out.close();
        } 
    }

    s = keyStore.aliases();

    while (s.hasMoreElements())
        System.err.println("( " + s.nextElement() + " )");

    return key;
}

输出：

[ mykey ]
( 123 )
( mykey )
Alias exists = true
[ mykey ]
Exception in thread "main" java.security.KeyStoreException: No key with alias 123 exists!

为什么密钥没有保存到JKS文件文件中？

Answer 1

您要附加到现有的密钥库而不是替换它，因为您正在传递＆＃34; true＆＃34;到FileOutputStream构造函数。

FileOutputStream out = new FileOutputStream(new File(Constants.JKS_PRIVATE_FILE_NAME), true);

用以下内容替换上面的行：

FileOutputStream out = new FileOutputStream(new File(Constants.JKS_PRIVATE_FILE_NAME));

Answer 2

问题出在FileOutputStream指向错误的文件。

FileOutputStream out = new FileOutputStream(new File(Constants.JKS_PRIVATE_FILE_NAME), true);

应该使用getFile2这样的方法：

FileOutputStream out = new FileOutputStream(getFile2(Constants.JKS_PRIVATE_FILE_NAME));

正如Palamino所指出的，不需要在true构造函数中包含FileOutputStream。

此外，密钥存储区应该使用JKS文件密码，而不是getKeyPassword()生成的密码。

改变了这个：

keyStore.store(out, pass);

使用JKS文件密码，如下所示：

keyStore.store(out, Constants.JKS_PRIVATE_FILE_PASSWORD);

KeyStore没有保存到文件

2 个答案: