<?xml version="1.0" encoding="utf-8" ?><options> <outputPath>output</outputPath> <start>2022/7/22</start> <end>2030/12/31</end></options>
CN=名称(一样平常填公司名称) OU=单位名称 O=作者名称 L=地区 C=国家
CN=川谷金融科技,OU=技能部,O=田略,L=北京,ST=北京,C=CN
第一步打开CertManager.exe 第二步 1、输入组织名称 2、输入pvk名称 3、输入cer名称 4、完成以上步骤后回车弹出创建私钥密码对话框 输入密码并且记住,确定之后再次确认密码 第三步 1、输入spc名称 2、输入密码 3、输入pfx名称 4、输入密码并牢记 5、涌现succeeded表示成功 以上步骤完成会天生文件 output目录下
通过这个操作,我们能够得到所需的密钥库文件zlex.keystore。 在output目录下按住shift键右击鼠标打开命令行
CMD代码
keytool -importkeystore -v -srckeystore trumgu.pfx -srcstoretype pkcs12 -srcstorepass trumgu123 -destkeystore trumgu.keystore -deststoretype jks -deststorepass trumgu123-importkeystore:导入密钥库,通过格式设定,我们可以将PKCS#12文件转换为JKS格式。 -v显示详情-srckeystore:源密钥库,这里是trumgu.pfx-srcstoretype:源密钥库格式,这里为pkcs12-srcstorepass:源密钥库密码,这里为trumgu123-destkeystore:目标密钥库,这里为zcs.keystore-deststoretype:目标密钥库格式,这里为jks,默认值也如此-deststorepass:目标密钥库密码,这里为trumgu123
这时,我们已经得到了密钥库文件,只要确定对应的别名信息,就可以提取公钥/私钥,以及数字证书,进行加密交互了!
keytool -list -keystore trumgu.keystore -storepass trumgu123 -v
-list: 列举密钥库-keystore:密钥库,这里是trumgu.keystore-storepass:密钥库密码,这里是trumgu123-v:显示详情记住命令返回的别名 我这里天生的是 pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2
导出证书
keytool -exportcert -alias pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2 -keystore trumgu.keystore -file trumgu.crt -storepass trumgu123-exportcert:导出证书-alias:别名,这里是1-keystore:密钥库,这里是trumgu.keystore-file:证书文件,这里是trumgu.crt-storepass:密钥库密码,这里是trumgu123java开拓加密解密工具类
package com.trumgu.authorization;import javax.crypto.Cipher;import java.io.FileInputStream;import java.security.KeyStore;import java.security.PrivateKey;import java.security.PublicKey;import java.security.Signature;import java.security.cert.Certificate;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.util.Date;public class CertificateCoder { / Java密钥库(Java Key Store,JKS)KEY_STORE / public static final String KEY_STORE = "JKS"; public static final String X509 = "X.509"; / 由 KeyStore得到私钥 @param keyStorePath @param keyStorePassword @param alias @param aliasPassword @return @throws Exception / private static PrivateKey getPrivateKey(String keyStorePath, String keyStorePassword, String alias, String aliasPassword) throws Exception { KeyStore ks = getKeyStore(keyStorePath, keyStorePassword); PrivateKey key = (PrivateKey) ks.getKey(alias, aliasPassword.toCharArray()); return key; } / 由 Certificate得到公钥 @param certificatePath @return @throws Exception / private static PublicKey getPublicKey(String certificatePath) throws Exception { Certificate certificate = getCertificate(certificatePath); PublicKey key = certificate.getPublicKey(); return key; } / 得到Certificate @param certificatePath @return @throws Exception / private static Certificate getCertificate(String certificatePath) throws Exception { CertificateFactory certificateFactory = CertificateFactory .getInstance(X509); FileInputStream in = new FileInputStream(certificatePath); Certificate certificate = certificateFactory.generateCertificate(in); in.close(); return certificate; } / 得到Certificate @param keyStorePath @param keyStorePassword @param alias @return @throws Exception / private static Certificate getCertificate(String keyStorePath, String keyStorePassword, String alias) throws Exception { KeyStore ks = getKeyStore(keyStorePath, keyStorePassword); Certificate certificate = ks.getCertificate(alias); return certificate; } / 得到KeyStore @param keyStorePath @param password @return @throws Exception / private static KeyStore getKeyStore(String keyStorePath, String password) throws Exception { FileInputStream is = new FileInputStream(keyStorePath); KeyStore ks = KeyStore.getInstance(KEY_STORE); ks.load(is, password.toCharArray()); is.close(); return ks; } / 私钥加密 @param data @param keyStorePath @param keyStorePassword @param alias @param aliasPassword @return @throws Exception / public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath, String keyStorePassword, String alias, String aliasPassword) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword, alias, aliasPassword); // 对数据加密 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, privateKey); return cipher.doFinal(data); } / 私钥解密 @param data @param keyStorePath @param alias @param keyStorePassword @param aliasPassword @return @throws Exception / public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath, String alias, String keyStorePassword, String aliasPassword) throws Exception { // 取得私钥 PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword, alias, aliasPassword); // 对数据加密 Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, privateKey); return cipher.doFinal(data); } / 公钥加密 @param data @param certificatePath @return @throws Exception / public static byte[] encryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得公钥 PublicKey publicKey = getPublicKey(certificatePath); // 对数据加密 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, publicKey); return cipher.doFinal(data); } / 公钥解密 @param data @param certificatePath @return @throws Exception / public static byte[] decryptByPublicKey(byte[] data, String certificatePath) throws Exception { // 取得公钥 PublicKey publicKey = getPublicKey(certificatePath); // 对数据加密 Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, publicKey); return cipher.doFinal(data); } / 验证Certificate @param certificatePath @return / public static boolean verifyCertificate(String certificatePath) { return verifyCertificate(new Date(), certificatePath); } / 验证Certificate是否过期或无效 @param date @param certificatePath @return / public static boolean verifyCertificate(Date date, String certificatePath) { boolean status = true; try { // 取得证书 Certificate certificate = getCertificate(certificatePath); // 验证证书是否过期或无效 status = verifyCertificate(date, certificate); } catch (Exception e) { status = false; } return status; } / 验证证书是否过期或无效 @param date @param certificate @return / private static boolean verifyCertificate(Date date, Certificate certificate) { boolean status = true; try { X509Certificate x509Certificate = (X509Certificate) certificate; x509Certificate.checkValidity(date); } catch (Exception e) { status = false; } return status; } / 署名 @param keyStorePath @param alias @param keyStorePassword @param aliasPassword @return @throws Exception / public static byte[] sign(byte[] sign, String keyStorePath, String alias, String keyStorePassword, String aliasPassword) throws Exception { // 得到证书 X509Certificate x509Certificate = (X509Certificate) getCertificate( keyStorePath, keyStorePassword, alias); // 取得私钥 PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword, alias, aliasPassword); // 构建署名 Signature signature = Signature.getInstance(x509Certificate .getSigAlgName()); signature.initSign(privateKey); signature.update(sign); return signature.sign(); } / 验证署名 @param data @param sign @param certificatePath @return @throws Exception / public static boolean verify(byte[] data, byte[] sign, String certificatePath) throws Exception { // 得到证书 X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath); // 得到公钥 PublicKey publicKey = x509Certificate.getPublicKey(); // 构建署名 Signature signature = Signature.getInstance(x509Certificate .getSigAlgName()); signature.initVerify(publicKey); signature.update(data); return signature.verify(sign); } / 验证Certificate @param keyStorePath @param keyStorePassword @param alias @return / public static boolean verifyCertificate(Date date, String keyStorePath, String keyStorePassword, String alias) { boolean status = true; try { Certificate certificate = getCertificate(keyStorePath, keyStorePassword, alias); status = verifyCertificate(date, certificate); } catch (Exception e) { status = false; } return status; } / 验证Certificate @param keyStorePath @param keyStorePassword @param alias @return / public static boolean verifyCertificate(String keyStorePath, String keyStorePassword, String alias) { return verifyCertificate(new Date(), keyStorePath, keyStorePassword, alias); }}gateway加密认证
.crt : 证书
.keystore 秘钥库文件
keyStorePassword: 密钥库密码
aliasPassword: 别名密码
alias: 别名
session 身份识别码
appkey 运用识别码
appName :名称与证书秘钥库名称同等
timeStamp :韶光戳
sign :数字署名
需署名字符串 inputStr = appkey=appKeyValue&timeStamp=timeStampValue&参数key=value; 参数的key按accsii排序 post要求 参数为JSON转Map后排序再拼接 参数为数组直接拼接 参数为RequestParam 与GET相同 要求为文件上传忽略参数署名
GET要求按accsii排序后拼接
加密得到sign
private String certificatePath = "C:\\Users\\EDY\\Desktop\\pfx证书制作工具\\output\\trumgu.crt"; private String keyStorePath = "C:\\Users\\EDY\\Desktop\\pfx证书制作工具\\output\\trumgu.keystore"; private String keyStorePassword = "trumgu123"; private String aliasPassword = "trumgu123"; private String alias = "pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2"; byte[] data = inputStr.getBytes(); byte[] encodedData = CertificateCoderUtils.encryptByPrivateKey(data,keyStorePath, keyStorePassword, alias, aliasPassword); byte[] decodedData = CertificateCoderUtils.decryptByPublicKey(encodedData, certificatePath); String outputStr = new String(decodedData); System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr); assertEquals(inputStr, outputStr); System.err.println("私钥署名——公钥验证署名"); // 产生署名 byte[] signByte = CertificateCoderUtils.sign(encodedData, keyStorePath, alias, keyStorePassword, aliasPassword); String sign = Hex.encodeHexString(signByte); System.err.println("署名:\r" + sign);
