问题描述
我已经构建了一个Java程序作为服务器上数据库的前端,并且正在尝试使用SSL加密客户端和服务器之间的流量.这是我发出的用于创建服务器证书的命令:
I've built a Java program as a front end for a database on a server, and I'm trying to use SSL to encrypt traffic between clients and the server. Here is the command I issued to create the server certificate:
keytool -genkey -alias localhost -keyalg RSA -keypass kpass123 -storepass kpass123 -keystore keystore.jks
以下是相关代码:
System.setProperty("javax.net.ssl.keyStore",
"G:/Data/Android_Project/keystore.jks");
System.setProperty("javax.net.ssl.keyPassword", "kpass123");
SSLServerSocketFactory factory =
(SSLServerSocketFactory)SSLServerSocketFactory.getDefault();
SSLServerSocket accessSocket =
(SSLServerSocket)factory.createServerSocket(DB_ACCESS_PORT);
当我尝试运行此程序时,我发现了这一点:
When I try to run this, I catch this:
我还发现"KeyPairGenerator"服务具有可用的算法DIFFIEHELLMAN,DSA和RSA,而"SSLContext"服务具有的算法有SSL,TLS,SSLV3,DEFAULT,TLSV1.
I've also found that the "KeyPairGenerator" service has algorithms DIFFIEHELLMAN, DSA, RSA available to it, while "SSLContext" has algorithms SSL, TLS, SSLV3, DEFAULT, TLSV1.
我是否需要找到某种方法将RSA安装到SSLContext服务中?我什至在寻找正确的服务吗?我不应该使用RSA吗?
Do I need to find some way to install RSA into the SSLContext service? Am I even looking at the correct services? Should I not be using RSA?
我是整个SSL(安全)-证书的新手,这让我感到震惊,因为这些不同的服务中的每一个都应该使用相同的算法来访问相同的证书.
I'm new to the whole SSL - Security - Certificates thing, and it just blows me away that each of these different services don't have the same algorithms when they are supposed to be accessing the same certificates.
推荐答案
尝试使用javax.net.ssl.keyStorePassword
代替javax.net.ssl.keyPassword
: JSSE参考指南.
默认情况下,使用默认的安全提供程序,您提到的算法应该存在. NoSuchAlgorithmException
通常是由其他潜在异常(未找到文件,错误的密码,错误的密钥库类型等)引起的.查看完整的堆栈跟踪很有用.
The algorithms you mention should be there by default using the default security providers. NoSuchAlgorithmException
s are often cause by other underlying exceptions (file not found, wrong password, wrong keystore type, ...). It's useful to look at the full stack trace.
如果堆栈跟踪中的信息不足,还可以使用-Djavax.net.debug=ssl
或至少使用-Djavax.net.debug=ssl,keymanager
来获取更多调试信息.
You could also use -Djavax.net.debug=ssl
, or at least -Djavax.net.debug=ssl,keymanager
, to get more debugging information, if the information in the stack trace isn't sufficient.
这篇关于Java和SSL-java.security.NoSuchAlgorithmException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!