0

我有以下测试代码来创建测试 PKCS#12 密钥库:

X509Certificate[] chain = new X509Certificate[1];    
long currentTime = new Date().getTime();
Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000);
long validity = (long) 30 * 24 * 60 * 60 * 365;
Date lastDate = new Date(currentTime + validity * 1000);
String myName = "CN=TestKeys, L=Test, C=US";

X509V3CertificateGenerator cg = new X509V3CertificateGenerator();

cg.setSerialNumber(BigInteger.valueOf(firstDate.getTime()));
cg.setSignatureAlgorithm("SHA1withRSA");
cg.setSubjectDN(new X500Principal(myName));

if ( publicKey==null ) {
    throw new Exception("Public key is null");
}
cg.setPublicKey(publicKey);
cg.setNotBefore(firstDate);
cg.setNotAfter(lastDate);
cg.setIssuerDN(new X500Principal(myName));

chain[0] = cg.generate(keyPair.getPrivate());

char[] pwd = "0000000000000000".toCharArray();

KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, pwd);
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(pwd);
KeyStore.PrivateKeyEntry pkEntry = new KeyStore.PrivateKeyEntry(privateKey, chain);
ks.setEntry("keypair", pkEntry, protParam);

String keyStoreFile = "rsakey.p12";
FileOutputStream fos = new FileOutputStream(keyStoreFile);
ks.store(fos, pwd);
fos.close();

然后我想将创建的导入rsakey.p12到 MS 证书存储中,但出现以下错误:

发生了内部错误。这可能是用户配置文件不可访问,或者您正在导入的私钥可能需要系统上未安装的加密服务提供程序。

privateKey是 的实例时会发生这种情况RSAPrivateKey。那么导入privateKey的实例何时有效。RSAPrivateCRTKey

您可以通过以下链接查看两个文件的示例: https ://onedrive.live.com/?cid=321f74d3665268eb&id=321F74D3665268EB%2120994

  • rsakey.p12使用上述代码和 privateKey 创建 RSAPrivateCRTKey- 可以导入到 MS
  • rsakey-not.p12使用上述代码和 privateKey 创建RSAPrivateKey- 无法导入到 MS

有什么不同?为什么 import 仅适用于RSAPrivateCRTKey

4

0 回答 0