Java将原始字节转换为PublicKey,反之亦然
我正在尝试从一个仅仅是原始密钥的byte[]中生成一个byte[]--它不在X.509或ASN.1中。在其他语言中,人们正在使用gives,这给了他们一个原始的byte[]。我还需要能够将我的java.security.PublicKey转换成byte[]供他们使用。java.security似乎不遗余力地使这一挑战,而不是让我依赖预先编码的X509 SubjectPublicKeyInfo。我是不是漏掉了一个简单的答案?
回答 1
Stack Overflow用户
发布于 2020-11-11 14:18:36
利伯钠和所有NaCl衍生物一样,使用Curve25519作为密码操作,即用于DH密钥交换的X25519和用于签名的Ed25519。Java支持X25519,因为第11版支持Ed25519,从第15版开始支持Ed25519。这两种功能都由SunEC提供程序提供。
对于原始密钥的导入/导出,使用一些BouncyCastle函数是最容易的。下面的代码为X25519 (Java11及更高版本)创建了X.509格式的公共测试密钥,并从它导出原始的32字节密钥。之后,原始密钥再次导入到X.509密钥中:
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.util.encoders.Hex;
...
// Generate public test key in X.509 format
PublicKey publicKey = loadPublicKey("X25519");
byte[] publicKeyBytes = publicKey.getEncoded();
System.out.println(Base64.getEncoder().encodeToString(publicKeyBytes)); // X.509-key, check this in an ASN.1 Parser, e.g. https://lapo.it/asn1js/
// PublicKey to raw key
X25519PublicKeyParameters x25519PublicKeyParameters = (X25519PublicKeyParameters)PublicKeyFactory.createKey(publicKeyBytes);
byte[] rawKey = x25519PublicKeyParameters.getEncoded();
System.out.println(Hex.toHexString(rawKey)); // equals the raw 32 bytes key from the X.509 key
// Raw key to PublicKey
KeyFactory keyFactory = KeyFactory.getInstance("X25519");
SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(new AlgorithmIdentifier(EdECObjectIdentifiers.id_X25519), rawKey);
X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded());
publicKey = keyFactory.generatePublic(x509EncodedKeySpec);
publicKeyBytes = publicKey.getEncoded();
System.out.println(Base64.getEncoder().encodeToString(publicKeyBytes)); // equals the X.509 key from above其中,X.509测试密钥是用以下方法创建的:
private static PublicKey loadPublicKey(String algorithm) throws Exception {
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(algorithm);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
return keyPair.getPublic();
}和模拟Ed25519 (Java 15和更高版本)。
X25519和Ed25519都可以单独使用来自BouncyCastle的类来实现,例如org.bouncycastle.math.ec.rfc7748.X25519 (密钥协议)、org.bouncycastle.crypto.generators.X25519KeyPairGenerator (密钥生成)、org.bouncycastle.crypto.params.X25519PublicKeyParameters (密钥容器)和Ed25519的模拟类。
https://stackoverflow.com/questions/64777136
复制相似问题
腾讯云开发者
