Java asymmetric encryption: preferred way to store public/private keys
This code generates a pair of public/private keys:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance(\"RSA\");
keyGen.initialize(1024);
KeyPair keypair = ke
-
In our applications, we store public and private keys in DER format so they can be used and manipulated outside java more easily. In our case, the private keys do not have passwords on them.
To convert the private key to something more easily usable in java:
openssl pkcs8 -topk8 -nocrypt -in key.pem -inform PEM -out key.der -outform DERThen you can obtain an RSA private key directly by:
public static RSAPrivateKey getPrivateKey(File privateKeyFile) throws IOException, GeneralSecurityException { byte[] keyBytes = new byte[(int)privateKeyFile.length()]; FileInputStream fis = new FileInputStream(privateKeyFile); fis.read(keyBytes); PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(spec); return privKey; }The public key is similar:
openssl rsa -in private.pem -pubout -outform DER -out public.derand to read it:
public static RSAPublicKey getPublicKey(File publicKeyFile) throws IOException, GeneralSecurityException { byte[] keyBytes = new byte[(int)publicKeyFile.length()]; FileInputStream fis = new FileInputStream(publicKeyFile); fis.read(keyBytes); X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(keyBytes); KeyFactory factory = KeyFactory.getInstance("RSA"); RSAPublicKey pubKey = (RSAPublicKey)factory.generatePublic(publicKeySpec); return pubKey; }Many people store then keystores. For our purposes, we needed the same key to be shared across multiple applications in several different languages, and didn't want to duplicate the files on disk.
In either case, the performance shouldn't be a huge concern, because you're likely to store those keys in some sort of Singleton or cache instead of regenerating them each time.
加载中...
- 热议问题