问题
I have the following test code to create test PKCS#12 keystore:
X509Certificate[] chain = new X509Certificate[1];
long currentTime = new Date().getTime();
Date firstDate = new Date(currentTime - 24 * 60 * 60 * 1000);
long validity = (long) 30 * 24 * 60 * 60 * 365;
Date lastDate = new Date(currentTime + validity * 1000);
String myName = "CN=TestKeys, L=Test, C=US";
X509V3CertificateGenerator cg = new X509V3CertificateGenerator();
cg.setSerialNumber(BigInteger.valueOf(firstDate.getTime()));
cg.setSignatureAlgorithm("SHA1withRSA");
cg.setSubjectDN(new X500Principal(myName));
if ( publicKey==null ) {
throw new Exception("Public key is null");
}
cg.setPublicKey(publicKey);
cg.setNotBefore(firstDate);
cg.setNotAfter(lastDate);
cg.setIssuerDN(new X500Principal(myName));
chain[0] = cg.generate(keyPair.getPrivate());
char[] pwd = "0000000000000000".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, pwd);
KeyStore.ProtectionParameter protParam = new KeyStore.PasswordProtection(pwd);
KeyStore.PrivateKeyEntry pkEntry = new KeyStore.PrivateKeyEntry(privateKey, chain);
ks.setEntry("keypair", pkEntry, protParam);
String keyStoreFile = "rsakey.p12";
FileOutputStream fos = new FileOutputStream(keyStoreFile);
ks.store(fos, pwd);
fos.close();
Then I want to import created rsakey.p12 into MS Certificate Store but I get the following error:
An internal error occurred. This can be either the user profile is not accessible or the private key that you are importing might require a cryptographic service provider that is not installed on your system.
This happens when the privateKey is instance of RSAPrivateKey. When privateKey is instance of RSAPrivateCRTKey then import works.
You can see samples of two files through the following link: https://onedrive.live.com/?cid=321f74d3665268eb&id=321F74D3665268EB%2120994
rsakey.p12is created with above mentioned code and privateKey asRSAPrivateCRTKey- can be imported to MSrsakey-not.p12is created with above mentioned code and privateKey asRSAPrivateKey- can't be imported to MS
What's the difference? Why import works only with RSAPrivateCRTKey?
来源:https://stackoverflow.com/questions/30436529/cant-import-p12-file-into-ms-certificate-store