最近在用RSA做签名校验,遇到个坑,对方给的RSA密钥一直不能解析成PublicKey对象,
他们那边使用PHP可以直接使用,我这边是用java代码却用不了,百度相关的资料也很少,
后来才发现是RSA密钥的证书格式不一样,今天做一下总结;
一、区别:
1.1、-----BEGIN CERTIFICATE-----格式密钥:
这种密钥的格式是cer的密钥证书,如下图:
在PHP代码中是可以直接使用的,但是java代码中就不能直接使用,需要转换成pem的密钥文件.
-----BEGIN CERTIFICATE-----MIIDpjCCAo6gAwIBAgIJAKCM0axVhVORMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNVBAYTAkpQMQ8wDQYDVQQIEwZJbmdhbWUxDzANBgNVBAcTBlRveWt5bzEPMA0GA1UEChMGSW5nYW1lMB4XDTE4MDgwNzA1NTQzM1oXDTE4MDkwNjA1NTQzM1owQDELMAkGA1UEBhMCSlAxDzANBgNVBAgTBkluZ2FtZTEPMA0GA1UEBxMGVG95a3lvMQ8wDQYDVQQKEwZJbmdhbWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAAQRdCZs9G/Hg7A2WDWQTjeT1VGkCKSe6K7mHwgcl8RwDN8T9CKZ5Mb1ikSsWt9v9/wQlaBAqCo2VKnhoxR4IaDRuJUxRk4aJZnH6Grw76jmHIiE1Y90Xz+ZUwjghQv9lZuuyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxO1sHSFwcDgm+8hXGf/8OT8x0xRPOMXBnupe4CUFiDlwk7ljuDkVfBCCyk6igkUP7SkLcrINomtl3UA5GY9dcDJN9S3DzVIMsA5vlXwhNdmy9yScJOz6B/Efup/tUNI5X4vTVtsXH1gnPOp6nAgMBAAGjgaIwgZ8wHQYDVR0OBBYEFJbpNb+s2P6uCyKiijYKLSpdV/K1MHAGA1UdIwRpMGeAFJbpNb+s2P6uCyKiijYKLSpdV/K1oUSkQjBAMQswCQYDVQQGEwJKUDEPMA0GA1UECBMGSW5nYW1lMQ8wDQYDVQQHEwZUb3lreW8xDzANBgNVBAoTBkluZ2FtZYIJAKCM0axVhVORMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBABLE9SFoq53M1FxSa/IAbmg6gAw7JmMLN7S51NJ6rLAI13CFmg0aTfXlVnLfNGYmg4ZVNeRPX9m4MPI1N1SHQecA+2B9i90R7RSoV2y6ZemQ8HqESlvjBbTHJDCVhLiV0KxIysuZPg+FQzDs/ZSK2cvMC7rKIQ/JyyWvE+1dAeTGLEbLOYlKuF08lGQDwKH8abxCbmlTSZv0xqwTPooU6oQpwFjSqbQoLky6nk1jyUHHxmYCmHLFyX+WYhT+nPeO+PU8dLUeQhsIxkWyTShaKjyZVoNPnk1yuPZKYmSV3exPK5ISKU7qoU3nydGPgTq0EWdauElL5dUQtY5K3UkiesQ=-----END CERTIFICATE-----
1.2、-----BEGIN RSA PRIVATE KEY-----格式:
这个是RSA直接生成没有进行转换的密钥格式,公钥可以直接使用,私钥需要转换格式
-----BEGIN RSA PRIVATE KEY-----MIICWwIBAAKBgQC2gzhE9THGQ9IVf5mtWJUmY4ptNK1cK3V3n6jh11hKpvPx8Wd4lpijf4xlltWgKGBUQINAjWq9Xg2qeHN8CgdbP7qo2ldUrQoE4w3R/dHyKB/OAiiHYX4q0ERolt2VGO68ymutzfbtmOvWA8Xwfn5z/Fi1VZi7SpmzotqVcUdADwIDAQABAoGAZSe3MSkArFV8g6PUJepZyAwVdc9jYhlIIsPf00QKUF3WCLt2ULSO5tdTlh6SShD2yttyo319snUFd/0IbLAWQME9RIueiZ1zEaxCouceXeu/eWbcGusOCWyY+wAOxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx5VB5JaZWrbw+HB4wvH5m0fK2fwCa8QDPts9fsa06W2fDNmEhkpCvqk8vyskiwKquo65R/x/ZAkEAxhPw9IWDH4Onu8btS81EDsCU6QvXckC1RECriBu22oR9OBOA+8eQnJm52A2O+SMPd+0YibmtyGbYin4FENrWJwJAGQD+mo23v7mscqZUMHNYPYnvEVpjrODeOUH6C3RM+R+g6WPEea1Y4n278wp5o1ho8+YGvNcvGPr5XMfG+7QiiQJAE7cKZZwgV/Onr0X2enP80ScT6zo1gHa2VAvHxu1TPt6vA/TVArpzR1L5r2pyD5QQxxP/PD4R8P9jkC1I3cuaQwJAQImLMQrzTTy19lpVwF4ICmb6aM5IoPyepJQDfKVb8DOAT4CQy5PoZZTPDKMDsZTY6B7CN+JQEINe0lEtRESCvg==-----END RSA PRIVATE KEY-----
1.3、-----BEGIN PRIVATE KEY-----格式:
这个密钥就是上面的密钥PKCS#8格式化后的密钥格式,java中用的私钥一般就是这种格式,但是公钥就不需要转换,可以直接使用
-----BEGIN PRIVATE KEY-----MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALaDOET1McZD0hV/ma1YlSZjim00rVwrdXefqOHXWEqm8/HxZ3iWmKN/jGWW1aAoYFRAg0CNar1eDap4c3wKB1s/uqjaV1StCgTjDdH90fIoH84CKIdhfirQRGiW3ZUY7rzKa63N9u2Y69YDxfB+fnP8WLVVmLtKmbOi2pVxR0APAgMBAAECgYBlJ7cxKQCsVXyDo9Ql6lnIDBV1xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxzUQOwJTpC9dyQLVEQKuIG7bahH04E4D7x5CcmbnYDY75Iw937RiJua3IZtiKfgUQ2tYnAkAZAP6ajbe/uaxyplQwc1g9ie8RWmOs4N45QfoLdEz5H6DpY8R5rVjifbvzCnmjWGjz5ga81y8Y+vlcx8b7tCKJAkATtwplnCBX86evRfZ6c/zRJxPrOjWAdrZUC8fG7VM+3q8D9NUCunNHUvmvanIPlBDHE/88PhHw/2OQLUjdy5pDAkBAiYsxCvNNPLX2WlXAXggKZvpozkig/J6klAN8pVvwM4BPgJDLk+hllM8MowOxlNjoHsI34lAQg17SUS1ERIK+-----END PRIVATE KEY-----
二、格式之间的转换:
2.1、BEGIN CERTIFICATE 转成 BEGIN PUBLIC KEY:
如果对方给的cer格式的证书,需要转换之成java可以使用的PKCS#8格式密钥,具体如下
/*** BEGIN CERTIFICATE格式解析密钥* @Return: java.security.PublicKey*/public static String getCerToPublicKey() throws FileNotFoundException, CertificateException {FileInputStream file = new FileInputStream("D://publicKey.cer");CertificateFactory ft = CertificateFactory.getInstance("X.509");X509Certificate certificate = (X509Certificate) ft.generateCertificate(file);PublicKey publicKey = certificate.getPublicKey();String strKey = "-----BEGIN PUBLIC KEY-----\n" + Base64.encodeBase64String(publicKey.getEncoded()) + "\n-----END PUBLIC KEY-----";System.out.println(strKey);return strKey;}
2.2、BEGIN RSA PRIVATE KEY 转成 BEGIN PRIVATE KEY:
这两种格式之间的转换百度很多,这里就不写了,包括DER 转换 PEM格式都有,只是用工具进行转换;
贴个链接:/p/15d58b1ada5b
