1

任何人都可以发布 Java 代码以添加到 PKCS10 bouncycastle 证书请求有关 KeyUsage 的扩展(例如 KeyUsage.keyEncipherment)。

我没有找到任何广告,我找不到带有 KeyUsage 的 X509Extension 的合适构造器。

谢谢

4

2 回答 2

3

尝试这个

import org.bouncycastle.asn1.x509.KeyUsage;

KeyUsage keyUsage = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);

X509Extension extension = new X509Extension(true, new DEROctetString(keyUsage));
于 2010-11-08T10:39:03.453 回答
2

这似乎是正确的方法。您必须向您的 CSR 构建器添加扩展请求属性:

... generate X500Name name and a SubjectPublicKeInfo spki ...
PKCS10CertificationRequestBuilder p10Builder =
        new PKCS10CertificationRequestBuilder(name,spki);
KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign);
ExtensionsGenerator extgen = new ExtensionsGenerator();
extgen.addExtension(Extension.keyUsage,true,ku);
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest,
                        extgen.generate());
...set up your signer here ...
PKCS10CertificationRequest csr = p10Builder.build(signer);
于 2018-06-01T19:54:15.667 回答