我正在使用Bouncy Castle包在平台上生成密钥对。
SecureRandom random = new SecureRandom();
ECKeyPairGenerator pGen = new ECKeyPairGenerator();
ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(params,random);
pGen.init(genParam);
AsymmetricCipherKeyPair pair = pGen.generateKeyPair();
此处pair的类型为AsymmetricCipherKeyPair。而且,我需要使用这一对在服务器上生成X509V1Certificate。但是,X509Certificate的setPublicKey(PublicKey pubkey)仅接受PublicKey类型的对象。所以我需要从服务器上的PublicKey检索AsymmetricCipherKeyPair。但是,我收到ECPublicKeyParameters,setPublicKey方法不接受。
所以,我的要求是从PublicKey获得AsymmetricCipherKeyPair。
答案 0 :(得分:3)
最简单的方法是使用BouncyCastle作为JavaCryptoProvider:
生成KeyPair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC");
ECGenParameterSpec ecsp = new ECGenParameterSpec(keyAlg);
kpg.initialize(ecsp);
KeyPair kp = kpg.generateKeyPair();
制作X509v1证书
X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
X500Principal dnName = new X500Principal("CN=C3");
Calendar c = Calendar.getInstance();
c.add(Calendar.YEAR, 10);
certGen.setSerialNumber(keyId);
certGen.setIssuerDN(dnName);
certGen.setNotBefore(new Date());
certGen.setNotAfter(c.getTime());
certGen.setSubjectDN(dnName);
certGen.setPublicKey(keyPair.getPublic());
certGen.setSignatureAlgorithm("SHA256withECDSA");
certGen.generate(keyPair.getPrivate(), "BC");