RSA 非对称加解密

    xiaoxiao2021-03-25  198

    步骤1keystore的生成: keytool -genkeypair -alias cjmexPrivateKey -keypass 123456 -keyalg RSA -keysize 1024 -validity 365 -keystore  /home/app/vexchange-front/cjmex123.keystore -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)" 步骤2keystore信息的查看: keytool -list  -v -keystore d:/cjmex_rsa/cjmex.keystore -storepass 123456 步骤3生成密钥库(自签名的证书和私钥): keytool -genkey -alias cjmexPrivateKey -keyalg RSA -keystore /home/app/vexchange-front/cjmex.keystore 步骤4查看密钥库: keytool -list -v -keystore /home/app/vexchange-front/cjmex.keystore  步骤5导出密钥库公钥、信息等到证书中: keytool -export -alias cjmexPrivateKey -keystore /home/app/vexchange-front/cjmex.keystore -storepass 123456 -file /home/app/vexchange-front/scert.cer 上面的输出如果用文本编辑器打开***.cer或**.cer,将会发现它是二进制文件,有些内容无法显示,这不利于公布证书。在导出证书时加上-rfc参数则可以使用一种可打印的编码格式来保存证书。如: keytool -export -alias cjmexServerPrivateKey -keystore /home/app/vexchange-front/cjmex.keystore -storepass 123456 -file /home/app/vexchange-front/scert.cer  -keystore /home/app/vexchange-front/cjmex.keystore -storepass 123456 -rfc 步骤6建立信任密钥库(将服务端证书,导入到客户端的信任密钥库中): keytool -import -alias  cjmexPrivateKey  -file /home/app/vexchange-front/scert.cer -keystore ctruststore 补助7查看信任密钥库:        keytool -list -v -keystore /home/app/vexchange-front/cjmex.jks 同理,生成客户端的密钥库和证书,服务器端导入客户端证书。 keytool -genkey -alias cksalias -keyalg RSA -keystore ckeystore.jks keytool -export -alias cksalias -keystore ckeystore.jks -storepass 123456 -file ccert.cer keytool -import -alias  cksalias  -file ccert.cer -keystore struststore 注:scert.cer证书里面放的是公钥,可以直接读取文件使用,私钥无法通过keytool工具输出到文件,可以用代码读取cjmex.keystore,通过keystore获取私钥。 keytool -delete -keystore /home/app/vexchange-front/cjmex.keystore  -alias cjmexServerPrivateKey 三步骤: 生成一对密钥 keytool -genkeypair -alias cjmexWeipanPrivateKey -keypass 123456 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -validity 3650 -keystore  /home/app/vexchange-front/cjmex.jks -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)" 导出证书(公钥) keytool -export -alias cjmexWeipanPrivateKey -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/scert.cer  -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -rfc 让密钥库信任证书 keytool -import -alias  cjmexWeipanPrivateKey  -file /home/app/vexchange-front/scert.cer -keystore ctruststore keytool -export -alias cjmexWeipanPrivateKey -keystore /home/app/vexchange-front/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/scertB.cer 检查是否存在同名证书: keytool -list -v -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit 删除已创建的证书: keytool -delete -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -storepass changeit 三、创建证书 1.   服务器中生成证书: (注:生成证书时,CN要和服务器的域名相同,如果在本地测试,则使用localhost) keytool -genkey -alias tomcat -keyalg RSA -keystore d:/mykeystore -dname "CN=localhost, OU=localhost, O=localhost, L=SH, ST=SH, C=CN" -keypass changeit -storepass changeit 2.   导出证书,由客户端安装: keytool -export -alias tomcat -keystore d:/mykeystore -file d:/mycerts.cer -storepass changeit 3.   客户端配置:为客户端的JVM导入密钥(将服务器下发的证书导入到JVM中)

    keytool -import -trustcacerts -alias tomcat -keystore "%JAVA_HOME%/jre/lib/security/cacerts" -file d:/mycerts.cer -storepass changeit

    例:分会员生成密钥对: 规则: alias:cjwpAppId  keypass:cjwpAppId storepass:123456 证书命名:cjwpAppId 交易中心: alias:cjmexPrivateKey keypass:cjmexPrivateKey storepass:123456 证书命名;cjmexPrivateKey 密钥库命名:cjmexServer.jks 信任证书命名:cjmexServerCtrustStore 818  cjwp_8182875: keytool -genkeypair -alias cjwp_8182875 -keypass cjwp_8182875 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -validity 3650 -keystore  /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)" keytool -export -alias cjwp_8182875 -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/cer/cjwp_8182875.cer  -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -rfc keytool -import -alias  cjwp_8182875  -file /home/app/vexchange-front/cer/cjwp_8182875.cer  -keystore /home/app/tomcat7/bin/ctruststore 266  cjwp_2664215: keytool -genkeypair -alias cjwp_2664215 -keypass cjwp_2664215 -keyalg RSA -sigalg SHA1withRSA -keysize 1024 -validity 3650 -keystore  /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -dname "CN=(CJMEX), OU=(CJMEX), O=(CJMEX), L=(SH), ST=(SH), C=(CN)" keytool -export -alias cjwp_2664215 -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -file /home/app/vexchange-front/cer/cjwp_2664215.cer  -keystore /home/app/tomcat7/bin/cjmex.jks -storepass 123456 -rfc keytool -import -alias  cjwp_2664215  -file /home/app/vexchange-front/cer/cjwp_2664215.cer  -keystore /home/app/tomcat7/bin/ctruststore

    注意:javaweb 项目,需要把密钥库cjmex.jks ,放进tomcat的bin目录下,否则应用程序将无法匹配公钥和私钥。

    转载请注明原文地址: https://ju.6miu.com/read-4519.html

    最新回复(0)