keytool -genkey -dname "CN=demo, OU=softDept, O=company, L=puddong,S=shanghai, C=cn" -alias demo -keyalg RSA -keysize 1024 -keystore demoKeystore -validity 3650 -storepass storePwd -keypass demoPwd
生成保存公鑰和私鑰的密鑰倉庫,保存在demoKeystore文件中。這里storepass 和 keypass 不要有java 正則表達(dá)式中的特殊字符,否則程序里要轉(zhuǎn)義麻煩。
keytool -export -alias demo -keystore demoKeystore -rfc -file demo.cer //從密鑰倉庫中導(dǎo)出保存公鑰的證書
輸入keypass 即demoPwd
try{
//密鑰倉庫
KeyStore ks = KeyStore.getInstance("JKS");
//讀取密鑰倉庫
FileInputStream ksfis = new FileInputStream("demoKeystore");
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
char[] storePwd = "storePwd".toCharArray();
ks.load(ksbufin, storePwd);
ksbufin.close();
char[] keyPwd = "demoPwd".toCharArray();
//從密鑰倉庫得到私鑰
PrivateKey priK = (PrivateKey) ks.getKey("demo", keyPwd);
//生成cipher
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding",new org.bouncycastle.jce.provider.BouncyCastleProvider());
//用私鑰初始化cipher
cipher.init(Cipher.ENCRYPT_MODE, priK);
byte[] plain = "This is plain text".getBytes("UTF-8");
//因為用的1024位rsa算法,一次只能加密1024/8-11字節(jié)數(shù)據(jù),分開加密
byte[] code = new byte[(((plain.length-1)/117+1))*128];
int ixplain = 0;
int ixcode = 0;
while((plain.length - ixplain) > 117) {//每117字節(jié)做一次加密
ixcode += cipher.doFinal(plain, ixplain, 117, code, ixcode);
ixplain += 117;
}
cipher.doFinal(plain, ixplain, plain.length - ixplain, code, ixcode);
//加密后的code
System.out.println(Arrays.toString(code));
//通常會用base64編碼
String base64 = encoder.encode(code);
CertificateFactory certificatefactory = CertificateFactory
.getInstance("X.509");
//讀取證書
FileInputStream fin = new FileInputStream("demo.cer");
X509Certificate certificate = (X509Certificate) certificatefactory
.generateCertificate(fin);
fin.close();
//得到公鑰
PublicKey pubK = certificate.getPublicKey();
//初始化cipher
cipher.init(Cipher.DECRYPT_MODE, pubK);
//base64解碼
code = decoder.decodeBuffer(base64);
System.out.println(Arrays.toString(code));
byte[] plain2 = new byte[code.length];
int ixplain2 = 0;
int ixcode2 = 0;
while((code.length - ixcode2) > 128) {//每128字節(jié)做一次解密
ixplain2 += cipher.doFinal(code, ixcode2, 128, plain2, ixplain2);
ixcode2 += 128;
}
ixplain2 += cipher.doFinal(code, ixcode2, code.length - ixcode2, plain2, ixplain2);
String s2 = new String(plain2, 0, ixplain2, "UTF-8");
System.out.println(s2);
}catch(Exception ex){
ex.printStackTrace();
}
keytool使用方法可以參考jdk文檔
Java keytool工具的作用及使用方法
posted on 2006-03-02 14:32
小鐵匠 閱讀(3433)
評論(0) 編輯 收藏