0

我已经用java代码生成了一个私钥并保存了它:

KeyPair keys;
    try {
        keys = KeyTools.genKeys("2048", AlgorithmConstants.KEYALGORITHM_RSA);
        //SAVE PRIVKEY
        //PrivateKey privKey = keys.getPrivate();
        //byte[] privateKeyBytes = privKey.getEncoded();
        PKCS10CertificationRequest  pkcs10 = new PKCS10CertificationRequest("SHA256WithRSA",
                CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(), null, keys.getPrivate());

        //Save Privatekey
        String privateKeyFilename = "C:/Users/l.calicchio/Downloads/privateKey.key";
        String password="prismaPrivateKey";
        byte[] start="-----BEGIN PRIVATE KEY-----\n".getBytes();
        byte[] end="\n-----END PRIVATE KEY-----".getBytes();
        byte[] privateKeyBytes = keys.getPrivate().getEncoded();

        byte[] encryptedPrivateKeyBytes = passwordEncrypt(password.toCharArray(), privateKeyBytes);

        File f=new File(privateKeyFilename);
        if (f.exists()){
            f.delete();
        }

        FileOutputStream fos = new FileOutputStream(f,true);
        fos.write(start);
        fos.write(Base64.encode(encryptedPrivateKeyBytes));
        fos.write(end);
        fos.close();

现在我想将密码添加到私钥。所以我找到了这段代码:

private static byte[] passwordEncrypt(char[] password, byte[] plaintext) throws Exception {
    String MYPBEALG = "PBEWithSHA1AndDESede";

    int count = 20;// hash iteration count
    SecureRandom random = new SecureRandom();
    byte[] salt = new byte[8];
    random.nextBytes(salt);

    // Create PBE parameter set
    PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
    PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
    SecretKeyFactory keyFac = SecretKeyFactory.getInstance(MYPBEALG);
    SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

    Cipher pbeCipher = Cipher.getInstance(MYPBEALG);

    // Initialize PBE Cipher with key and parameters
    pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

    // Encrypt the encoded Private Key with the PBE key
    byte[] ciphertext = pbeCipher.doFinal(plaintext);

    // Now construct  PKCS #8 EncryptedPrivateKeyInfo object
    AlgorithmParameters algparms = AlgorithmParameters.getInstance(MYPBEALG);
    algparms.init(pbeParamSpec);
    EncryptedPrivateKeyInfo encinfo = new EncryptedPrivateKeyInfo(algparms, ciphertext);

    // and here we have it! a DER encoded PKCS#8 encrypted key!
    return encinfo.getEncoded();

但是当我使用这个 openssl 命令 openssl asn1parse -in privateKey.key 我没有错误,但是当我尝试这个时: openssl rsa -noout -modulus -in privatekey.it 我有一个错误:

无法加载私钥 9964:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:.\crypto\as n1\tasn_dec.c:1319: 9964:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 错误或: .\crypto\asn1\tasn_dec.c:831: 9964:error:0D08303A:asn1 编码例程:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 错误:.\crypto\asn1\tasn_dec.c:751:Field=version, Type=PKCS8_PRIV_KEY_INFO 9964:错误:0907B00D:PEM 例程:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\p em_pkey.c:132:

我认为私钥缺少以下行:Proc-Type: 4,ENCRYPTED "DEK-Info:" + "AES-256-CBC"......但是我如何添加这个(我在哪里得到这个信息?)? tnx

4

1 回答 1

1

请阅读手册,man rsa提供以下详细信息:

请注意,此命令使用传统的 SSLeay 兼容格式进行私钥加密:较新的应用程序应使用 pkcs8 实用程序使用更安全的 PKCS#8 格式。

于 2014-09-30T18:16:32.190 回答