问题
I was wondering if there exists an official specification of the JKS key store format used in Java? I'd like to write a converter from/to PKCS#12, but not in Java, so keytool or Java code is not an option unfortunately.
Looking at one in a hex editor tells me that it's probably not ASN.1. Before I start digging into OpenJDK, trying to reverse-engineer the format, does anyone know if there exists a spec maybe? I couldn't find anything so far, any help would be much appreciated!
回答1:
I think you should start your research at JDK sources. There are some very useful comments there. E.g.
/*
* KEYSTORE FORMAT:
*
* Magic number (big-endian integer),
* Version of this file format (big-endian integer),
*
* Count (big-endian integer),
* followed by "count" instances of either:
*
* {
* tag=1 (big-endian integer),
* alias (UTF string)
* timestamp
* encrypted private-key info according to PKCS #8
* (integer length followed by encoding)
* cert chain (integer count, then certs; for each cert,
* integer length followed by encoding)
* }
*
* or:
*
* {
* tag=2 (big-endian integer)
* alias (UTF string)
* timestamp
* cert (integer length followed by encoding)
* }
*
* ended by a keyed SHA1 hash (bytes only) of
* { password + whitener + preceding body }
*/
来源:https://stackoverflow.com/questions/10839303/specification-of-jks-key-store-format