我有一种生成密钥对的方法,如下所示:
public void create() throws Exception{
StringWriter pemStrWriter = new StringWriter();
JcaPEMWriter pemWriter = new JcaPEMWriter(pemStrWriter);
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
g.initialize(spec);
KeyPair keyPair = g.generateKeyPair();
pemWriter.writeObject(keyPair.getPrivate());
pemWriter.close();
BufferedWriter writer = new BufferedWriter(new FileWriter("privatekeyjca.pem"));
writer.write(pemStrWriter.toString());
writer.close();
writer = new BufferedWriter(new FileWriter("publickeyjca.pem"));
pemStrWriter = new StringWriter();
pemWriter = new JcaPEMWriter(pemStrWriter);
pemWriter.writeObject(keyPair.getPublic());
pemWriter.close();
writer.write(pemStrWriter.toString());
writer.close();
}
下面是生成的私钥的样子:
-----BEGIN EC PRIVATE KEY----- MHcCAQEEIHKaV0qkw5ZyJlaH8oEGEGg066O/zH3zxUTGM+p1bwKPoAoGCCqGSM49 AwEHoUQDQgAEKfR0VmGHRDqtnRkSPHrAWYhG8c2W2tI/tyGhqs19/U2d/DRy8f/z BEnl3knytYsZtP5og0xoNODnsM0+k8xyOA== -----END EC PRIVATE KEY-----
我还有另一种读取私钥的方法,如下所示:
private void readKey(String key) {
StringReader stringReader = new StringReader(key);
KeyFactory keyFactory = KeyFactory.getInstance("EC");
PEMParser pemParser = new PEMParser(stringReader);
PrivateKeyInfo kp = (PrivateKeyInfo) pemParser.readObject();
Key key = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(kp.getEncoded()));
}
在阅读时,我遇到一个异常:
Exception in thread "main" java.lang.ClassCastException: org.bouncycastle.openssl.PEMKeyPair cannot be cast to org.bouncycastle.asn1.pkcs.PrivateKeyInfo
当在pemfile中编写私钥时,如上所述,我正在使用JCAPemWriter。但是,如果我不使用它,而是使用下面的代码编写pem,则reader方法可以很好地工作。
public static void main(String args[]) throws Exception{
Security.addProvider(new BouncyCastleProvider());
KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA", "BC");
ECGenParameterSpec spec = new ECGenParameterSpec("secp256r1");
g.initialize(spec);
KeyPair keyPair = g.generateKeyPair();
byte[] publicKeyBytes = keyPair.getPublic().getEncoded();
String publicKeyContent = Base64.encode(publicKeyBytes);
String publicKeyFormatted = "-----BEGIN PUBLIC KEY-----" + System.lineSeparator();
for (final String row:
Splitter
.fixedLength(64)
.split(publicKeyContent)
)
{
publicKeyFormatted += row + System.lineSeparator();
}
publicKeyFormatted += "-----END PUBLIC KEY-----";
BufferedWriter writer = new BufferedWriter(new FileWriter("publickey.pem"));
writer.write(publicKeyFormatted);
writer.close();
byte[] privateKeyBytes = keyPair.getPrivate().getEncoded();
String privateKeyContent = Base64.encode(privateKeyBytes);
String privateKeyFormatted = "-----BEGIN PRIVATE KEY-----" + System.lineSeparator();
for (final String row:
Splitter
.fixedLength(64)
.split(privateKeyContent)
)
{
privateKeyFormatted += row + System.lineSeparator();
}
privateKeyFormatted += "-----END PRIVATE KEY-----";
BufferedWriter writer2 = new BufferedWriter(new FileWriter("privatekey.pem"));
writer2.write(privateKeyFormatted);
writer2.close();
}
由于使用JCAPemWriter可使代码简洁明了,所以我想使用它而不是拆分Base64
编码的密钥字节。这里有什么区别?