.pfx数字证书制作及操作使用
公司业务扩展,要对外开放接口,由于数据的安全性,主要是公司是卖数据的,需要对接口进行验证,于是使用数字证书进行加密解密对数据进行处理,防止篡改接口请求,非法获取数据,于是整理数字证书使用与制做。
创建.pfx
在options.config文件中设置证书有效期
<?xml version="1.0" encoding="utf-8" ?>
<options>
<outputPath>output</outputPath>
<start>2022/7/22</start>
<end>2030/12/31</end>
</options>
CN=名称(一般填公司名称)
OU=单位名称
O=作者名称
L=地区
C=国家
CN=*****,OU=技术部,O=**,L=北京,ST=北京,C=CN
第一步打开CertManager.exe
第二步
1、输入组织名称
2、输入pvk名称
3、输入cer名称
4、完成以上步骤后回车弹出创建私钥密码对话框
输入密码并且记住,确定之后再次确认密码
第三步
1、输入spc名称
2、输入密码
3、输入pfx名称
4、输入密码并牢记
5、出现succeeded表示成功
以上步骤完成会生成文件 output目录下
从.pfx文件提取秘钥
通过这个操作,我们能够获得所需的密钥库文件zlex.keystore。
在output目录下按住shift键右击鼠标打开命令行
CMD代码
keytool -importkeystore -v -srckeystore trumgu.pfx -srcstoretype pkcs12 -srcstorepass trumgu123 -destkeystore trumgu.keystore -deststoretype jks -deststorepass trumgu123
- **-importkeystore:**导入密钥库,通过格式设定,我们可以将PKCS#12文件转换为JKS格式。
-v显示详情 - **-srckeystore:**源密钥库,这里是trumgu.pfx
- **-srcstoretype:**源密钥库格式,这里为pkcs12
- **-srcstorepass:**源密钥库密码,这里为trumgu123
- **-destkeystore:**目标密钥库,这里为zcs.keystore
- **-deststoretype:**目标密钥库格式,这里为jks,默认值也如此
- **-deststorepass:**目标密钥库密码,这里为trumgu123
这时,我们已经获得了密钥库文件,只要确定对应的别名信息,就可以提取公钥/私钥,以及数字证书,进行加密交互了!
keytool -list -keystore trumgu.keystore -storepass trumgu123 -v
- **-list:**列举密钥库
- **-keystore:**密钥库,这里是trumgu.keystore
- **-storepass:**密钥库密码,这里是trumgu123
- **-v:**显示详情
记住命令返回的别名
我这里生成的是
pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2
导出证书
keytool -exportcert -alias pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2 -keystore trumgu.keystore -file trumgu.crt -storepass trumgu123
- **-exportcert:**导出证书
- **-alias:**别名,这里是1
- **-keystore:**密钥库,这里是trumgu.keystore
- **-file:**证书文件,这里是trumgu.crt
- **-storepass:**密钥库密码,这里是trumgu123
java开发加密解密工具类
package com.trumgu.authorization;
import javax.crypto.Cipher;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
public class CertificateCoder {
/**
* Java密钥库(Java Key Store,JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
public static final String X509 = "X.509";
/**
* 由 KeyStore获得私钥
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @param aliasPassword
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String keyStorePath,
String keyStorePassword, String alias, String aliasPassword)
throws Exception {
KeyStore ks = getKeyStore(keyStorePath, keyStorePassword);
PrivateKey key = (PrivateKey) ks.getKey(alias,
aliasPassword.toCharArray());
return key;
}
/**
* 由 Certificate获得公钥
*
* @param certificatePath
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String certificatePath)
throws Exception {
Certificate certificate = getCertificate(certificatePath);
PublicKey key = certificate.getPublicKey();
return key;
}
/**
* 获得Certificate
*
* @param certificatePath
* @return
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath)
throws Exception {
CertificateFactory certificateFactory = CertificateFactory
.getInstance(X509);
FileInputStream in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
in.close();
return certificate;
}
/**
* 获得Certificate
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @return
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath,
String keyStorePassword, String alias) throws Exception {
KeyStore ks = getKeyStore(keyStorePath, keyStorePassword);
Certificate certificate = ks.getCertificate(alias);
return certificate;
}
/**
* 获得KeyStore
*
* @param keyStorePath
* @param password
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath, String password)
throws Exception {
FileInputStream is = new FileInputStream(keyStorePath);
KeyStore ks = KeyStore.getInstance(KEY_STORE);
ks.load(is, password.toCharArray());
is.close();
return ks;
}
/**
* 私钥加密
*
* @param data
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @param aliasPassword
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath,
String keyStorePassword, String alias, String aliasPassword)
throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword,
alias, aliasPassword);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 私钥解密
*
* @param data
* @param keyStorePath
* @param alias
* @param keyStorePassword
* @param aliasPassword
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath,
String alias, String keyStorePassword, String aliasPassword)
throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword,
alias, aliasPassword);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 公钥加密
*
* @param data
* @param certificatePath
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String certificatePath)
throws Exception {
// 取得公钥
PublicKey publicKey = getPublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 公钥解密
*
* @param data
* @param certificatePath
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data, String certificatePath)
throws Exception {
// 取得公钥
PublicKey publicKey = getPublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 验证Certificate
*
* @param certificatePath
* @return
*/
public static boolean verifyCertificate(String certificatePath) {
return verifyCertificate(new Date(), certificatePath);
}
/**
* 验证Certificate是否过期或无效
*
* @param date
* @param certificatePath
* @return
*/
public static boolean verifyCertificate(Date date, String certificatePath) {
boolean status = true;
try {
// 取得证书
Certificate certificate = getCertificate(certificatePath);
// 验证证书是否过期或无效
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证证书是否过期或无效
*
* @param date
* @param certificate
* @return
*/
private static boolean verifyCertificate(Date date, Certificate certificate) {
boolean status = true;
try {
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity(date);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 签名
*
* @param keyStorePath
* @param alias
* @param keyStorePassword
* @param aliasPassword
* @return
* @throws Exception
*/
public static byte[] sign(byte[] sign, String keyStorePath, String alias,
String keyStorePassword, String aliasPassword) throws Exception {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(
keyStorePath, keyStorePassword, alias);
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword,
alias, aliasPassword);
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initSign(privateKey);
signature.update(sign);
return signature.sign();
}
/**
* 验证签名
*
* @param data
* @param sign
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, byte[] sign,
String certificatePath) throws Exception {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
/**
* 验证Certificate
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @return
*/
public static boolean verifyCertificate(Date date, String keyStorePath,
String keyStorePassword, String alias) {
boolean status = true;
try {
Certificate certificate = getCertificate(keyStorePath,
keyStorePassword, alias);
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证Certificate
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @return
*/
public static boolean verifyCertificate(String keyStorePath,
String keyStorePassword, String alias) {
return verifyCertificate(new Date(), keyStorePath, keyStorePassword,
alias);
}
}
gateway加密认证
*.crt
: 证书*.keystore
秘钥库文件keyStorePassword
: 密钥库密码 aliasPassword
: 别名密码alias
: 别名session
身份识别码appkey
应用识别码appName
:名称与证书秘钥库名称一致timeStamp
:时间戳sign
:数字签名
需签名字符串
inputStr = appkey=appKeyValue&timeStamp=timeStampValue&参数key=value;
参数的key按accsii排序
post请求
参数为JSON转Map后排序再拼接
参数为数组直接拼接
参数为RequestParam 与GET相同
请求为文件上传忽略参数签名
GET请求按accsii排序后拼接文章来源:https://www.toymoban.com/news/detail-658173.html
加密获得sign文章来源地址https://www.toymoban.com/news/detail-658173.html
private String certificatePath = "C:\\Users\\EDY\\Desktop\\pfx证书制作工具\\output\\trumgu.crt";
private String keyStorePath = "C:\\Users\\EDY\\Desktop\\pfx证书制作工具\\output\\trumgu.keystore";
private String keyStorePassword = "trumgu123";
private String aliasPassword = "trumgu123";
private String alias = "pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2";
byte[] data = inputStr.getBytes();
byte[] encodedData = CertificateCoderUtils.encryptByPrivateKey(data,
keyStorePath, keyStorePassword, alias, aliasPassword);
byte[] decodedData = CertificateCoderUtils.decryptByPublicKey(encodedData,
certificatePath);
String outputStr = new String(decodedData);
System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
assertEquals(inputStr, outputStr);
System.err.println("私钥签名——公钥验证签名");
// 产生签名
byte[] signByte = CertificateCoderUtils.sign(encodedData, keyStorePath, alias,
keyStorePassword, aliasPassword);
String sign = Hex.encodeHexString(signByte);
System.err.println("签名:\r" + sign);
到了这里,关于【pfx数字证书制作及操作使用】的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!