from http://www.cnblogs.com/rainwang/p/4252912.html
JKS文件是一个java中的密钥管理库,里面可以放各种密钥文件,JKS文件的生成这里暂且不说,这里主要是关注如何从JKS文件中将已有的密钥读取出来。
下面是两个java读取JKS文件中密钥的方法
当然在看懂下面两个方法之前要对JKS文件的结构有所了解:
JKS文件就好像一个仓库,里面可以放很多的东西,这里只存放一类东西就是密钥,仓库当然会有一把锁,防范别人随便乱拿,这个就是JKS文件的密 码。里面存放的密钥也各有不同,每个密钥都有一个名字(在下面叫别名),一类就密钥对,一类叫公钥,一类叫私钥,密钥对就是包含公钥和私钥的。这里的公钥 只要你能进入仓库你就可以随便查看拿走,私钥则是有密码的,只允许有权限的人查看拿走。所以在下面读取密钥时也就有点细微的不同之处,对于读取公钥只需要 知道JKS文件(仓库)的密码就可以了,但是在读取私钥时则必须有私钥的密码也就是你必须要有权限,在下面你会发现,在读取私钥时多了一个参数,对应的就 是私钥的密码。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 package com.java.security; import java.io.File; import java.io.FileInputStream; import java.io.FileWriter; import java.security.Key; import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.UnrecoverableKeyException; import java.security.cert.Certificate; import sun.misc.*; /** * * 从jks文件中导出私钥和证书 * */ public class ExportKey { private File keystoreFile; private String keyStoreType; private char [] password; private String alias; private File exportedPrivateKeyFile; private File exportedPublicKeyFile; public static KeyPair getKeyPair(KeyStore keystore, String alias, char [] password) { try { Key key = keystore.getKey(alias, password); if (key instanceof PrivateKey) { Certificate cert = keystore.getCertificate(alias); PublicKey publicKey = cert.getPublicKey(); return new KeyPair(publicKey, (PrivateKey) key); } } catch (UnrecoverableKeyException e) { } catch (NoSuchAlgorithmException e) { } catch (KeyStoreException e) { } return null ; } public void exportPrivate() throws Exception { KeyStore keystore = KeyStore.getInstance(keyStoreType); KeyPair keyPair = getKeyPair(keystore, alias, password); BASE64Encoder encoder = new BASE64Encoder(); keystore.load( new FileInputStream(keystoreFile), password); PrivateKey privateKey = keyPair.getPrivate(); String encoded = encoder.encode(privateKey.getEncoded()); FileWriter fw = new FileWriter(exportedPrivateKeyFile); fw.write( "-----BEGIN PRIVATE KEY-----\n" ); fw.write(encoded); fw.write( "\n" ); fw.write( "-----END PRIVATE KEY-----" ); fw.close(); } public void exportCertificate() throws Exception { KeyStore keystore = KeyStore.getInstance(keyStoreType); BASE64Encoder encoder = new BASE64Encoder(); keystore.load( new FileInputStream(keystoreFile), password); Certificate cert = keystore.getCertificate(alias); String encoded = encoder.encode(cert.getEncoded()); FileWriter fw = new FileWriter(exportedPublicKeyFile); fw.write( "-----BEGIN CERTIFICATE-----\n" ); fw.write(encoded); fw.write( "\n" ); fw.write( "-----END CERTIFICATE-----" ); fw.close(); } public static void main(String args[]) throws Exception { ExportKey export = new ExportKey(); export.keystoreFile = new File( "/home/rain/test.jks" ); export.keyStoreType = "JKS" ; export.password = "123456" .toCharArray(); export.alias = "test" ; export.exportedPrivateKeyFile = new File( "/home/rain/key/exported-pkcs8.key" ); export.exportedPublicKeyFile = new File( "/home/rain/key/exported-public.key" ); export.exportPrivate(); export.exportCertificate(); } }