我通过以下命令使用keytool生成了密钥库:
keytool -genkey -alias serverprivate -keystore serverprivate.jks -storetype JKS -keyalg RSA -sigalg SHA256withRSA -keysize 2048 -storepass doyouknowdewey
密钥密码和存储密码相同。然后,我提取公钥并将其插入到它自己的密钥库中:
keytool -export -alias serverprivate -keystore serverprivate.jks -file temp.key -storepass doyouknowdewey
keytool -import -noprompt -alias serverpublic -keystore serverpublic.jks -file temp.key -storepass public
现在,我在Java中使用密钥库创建一个InputStream并创建一个密钥库对象:
InputStream is = getClass().getResourceAsStream("keys/serverprivate.jks");
KeyStore serverPrivate = KeyStore.getInstance("JKS");
serverPrivate.load(is, "doyouknowdewey".toCharArray());
然后我提取密钥以创建密码实例,以便可以对文本进行加密和解密:
Key key = serverPrivate.getKey("serverprivate", "douyouknowdewey".toCharArray());
一切正常,我可以使用私钥加密数据。但是,如果我尝试使用公钥解密/加密,则
Key对象为null:InputStream is = getClass().getResourceAsStream("keys/serverpublic.jks");
KeyStore serverPublic = KeyStore.getInstance("JKS");
serverPublic.load(is, "public".toCharArray());
Key key = serverPrivate.getKey("serverpublic", "public".toCharArray());
if(key == null) {
System.err.println("Key is null");
}
//returns null
那么我该如何做呢?
编辑:
显然serverpublic不是密钥,而是证书。我通过运行
serverPublic.isKeyEntry("serverpublic");发现了错误,而serverPublic.isCertificateEntry("serverpublic");返回了true。所以我将代码更改为此:InputStream is = getClass().getResourceAsStream("keys/serverpublic.jks");
KeyStore serverPublic = KeyStore.getInstance("JKS");
serverPublic.load(is, "public".toCharArray());
Certificate cert = serverPrivate.getCertificate("serverpublic");
if(cert == null) {
System.err.println("Key is null");
}
这不再返回null。但是当我运行此命令时,
cipher.init仍然会引发nullpointer异常:Cipher cipher;
cipher.init(Cipher.ENCRYPT_MODE, cert);
最佳答案
serverpublic不是密钥,而是证书。我必须使用加载
Certificate cert = serverPrivate.getCertificate("serverpublic");
然后打电话
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, cert);