此代码生成一对公钥/私钥:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024); KeyPair keypair = keyGen.genKeyPair(); PrivateKey privateKey = keypair.getPrivate(); PublicKey publicKey = keypair.getPublic();
我想知道的是您通常如何存储公钥:
选项1:存储字节
byte[] privateKeyBytes = privateKey.getEncoded(); byte[] publicKeyBytes = publicKey.getEncoded(); // ... write to file // convert bytes back to public/private keys KeyFactory keyFactory = KeyFactory.getInstance("RSA"); EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(privateKeyBytes); PrivateKey privateKey = keyFactory.generatePrivate(privateKeySpec); EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKeyBytes); PublicKey publicKey = keyFactory.generatePublic(publicKeySpec);
我不喜欢将代码绑定到诸如PKCS8EncodedKeySpec和的具体实现X509EncodedKeySpec。
PKCS8EncodedKeySpec
X509EncodedKeySpec
选项2:存储模数和指数
KeyFactory fact = KeyFactory.getInstance("RSA"); RSAPublicKeySpec pub = fact.getKeySpec(publicKey, RSAPublicKeySpec.class); RSAPrivateKeySpec priv = fact.getKeySpec(privateKey,RSAPrivateKeySpec.class); // store modulus and exponent as BigIntegers BigInteger modulus = pub.getModulus()); BigInteger exponent = pub.getPublicExponent()); // ... write to file // recreate public key (the same applies to the private key) RSAPublicKeySpec keySpec = new RSAPublicKeySpec(modulus, exponent); KeyFactory fact = KeyFactory.getInstance("RSA"); PublicKey pubKey = fact.generatePublic(keySpec);
第二个选项更易于实现,但是我不知道它是否可能性能较低。
有什么建议吗?
在我们的应用程序中,我们以DER格式存储公钥和私钥,以便可以在Java外部更轻松地使用和操纵它们。在我们的情况下,私钥上没有密码。
要将私钥转换为在Java中更容易使用的东西:
openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DER
然后,您可以通过以下方式直接获取RSA私钥:
public static RSAPrivateKey getPrivateKey(File privateKeyFile) throws IOException, GeneralSecurityException { byte[] keyBytes = new byte[(int)privateKeyFile.length()]; FileInputStream fis = new FileInputStream(privateKeyFile); fis.read(keyBytes); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(spec); return privKey; }
公钥类似于:
openssl rsa -in private.pem -pubout -outform DER -out public.der
并阅读:
public static RSAPublicKey getPublicKey(File publicKeyFile) throws IOException, GeneralSecurityException { byte[] keyBytes = new byte[(int)publicKeyFile.length()]; FileInputStream fis = new FileInputStream(publicKeyFile); fis.read(keyBytes); X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory factory = KeyFactory.getInstance("RSA"); RSAPublicKey pubKey = (RSAPublicKey)factory.generatePublic(publicKeySpec); return pubKey; }
然后很多人存储密钥库。出于我们的目的,我们需要在多个应用程序中以几种不同的语言共享同一密钥,并且不想复制磁盘上的文件。
在这两种情况下,性能都不是一个大问题,因为您可能会将这些密钥存储在某种Singleton或缓存中,而不是每次都重新生成它们。
