.pfx数字证书制作及操作使用
创建.pfx
在options.config文件中设置证书有效期
<?xml version="1.0" encoding="utf-8" ?>
<options>
<outputPath>output</outputPath>
<start>2022/7/22</start>
<end>2030/12/31</end>
</options> CN=名称(一般填公司名称) OU=单位名称 O=作者名称 L=地区 C=国家
CN=川谷金融科技,OU=技术部,O=田略,L=北京,ST=北京,C=CN 第一步打开CertManager.exe 第二步 1、输入组织名称 2、输入pvk名称 3、输入cer名称 4、完成以上步骤后回车弹出创建私钥密码对话框 输入密码并且记住,确定之后再次确认密码 第三步 1、输入spc名称 2、输入密码 3、输入pfx名称 4、输入密码并牢记 5、出现succeeded表示成功 以上步骤完成会生成文件 output目录下
从.pfx文件提取秘钥
通过这个操作,我们能够获得所需的密钥库文件zlex.keystore。 在output目录下按住shift键右击鼠标打开命令行
CMD代码
keytool -importkeystore -v -srckeystore trumgu.pfx -srcstoretype pkcs12 -srcstorepass trumgu123 -destkeystore trumgu.keystore -deststoretype jks -deststorepass trumgu123 - **-importkeystore:**导入密钥库,通过格式设定,我们可以将PKCS#12文件转换为JKS格式。 -v显示详情
- **-srckeystore:**源密钥库,这里是trumgu.pfx
- **-srcstoretype:**源密钥库格式,这里为pkcs12
- **-srcstorepass:**源密钥库密码,这里为trumgu123
- **-destkeystore:**目标密钥库,这里为zcs.keystore
- **-deststoretype:**目标密钥库格式,这里为jks,默认值也如此
- **-deststorepass:**目标密钥库密码,这里为trumgu123
这时,我们已经获得了密钥库文件,只要确定对应的别名信息,就可以提取公钥/私钥,以及数字证书,进行加密交互了!
keytool -list -keystore trumgu.keystore -storepass trumgu123 -v
- ** -list: **列举密钥库
- **-keystore:**密钥库,这里是trumgu.keystore
- **-storepass:**密钥库密码,这里是trumgu123
- **-v:**显示详情
记住命令返回的别名 我这里生成的是 pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2
导出证书
keytool -exportcert -alias pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2 -keystore trumgu.keystore -file trumgu.crt -storepass trumgu123 - **-exportcert:**导出证书
- **-alias:**别名,这里是1
- **-keystore:**密钥库,这里是trumgu.keystore
- **-file:**证书文件,这里是trumgu.crt
- **-storepass:**密钥库密码,这里是trumgu123
java开发加密解密工具类
package com.trumgu.authorization;
import javax.crypto.Cipher;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
public class CertificateCoder {
/**
* Java密钥库(Java Key Store,JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
public static final String X509 = "X.509";
/**
* 由 KeyStore获得私钥
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @param aliasPassword
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String keyStorePath,
String keyStorePassword, String alias, String aliasPassword)
throws Exception {
KeyStore ks = getKeyStore(keyStorePath, keyStorePassword);
PrivateKey key = (PrivateKey) ks.getKey(alias,
aliasPassword.toCharArray());
return key;
}
/**
* 由 Certificate获得公钥
*
* @param certificatePath
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String certificatePath)
throws Exception {
Certificate certificate = getCertificate(certificatePath);
PublicKey key = certificate.getPublicKey();
return key;
}
/**
* 获得Certificate
*
* @param certificatePath
* @return
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath)
throws Exception {
CertificateFactory certificateFactory = CertificateFactory
.getInstance(X509);
FileInputStream in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
in.close();
return certificate;
}
/**
* 获得Certificate
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @return
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath,
String keyStorePassword, String alias) throws Exception {
KeyStore ks = getKeyStore(keyStorePath, keyStorePassword);
Certificate certificate = ks.getCertificate(alias);
return certificate;
}
/**
* 获得KeyStore
*
* @param keyStorePath
* @param password
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath, String password)
throws Exception {
FileInputStream is = new FileInputStream(keyStorePath);
KeyStore ks = KeyStore.getInstance(KEY_STORE);
ks.load(is, password.toCharArray());
is.close();
return ks;
}
/**
* 私钥加密
*
* @param data
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @param aliasPassword
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath,
String keyStorePassword, String alias, String aliasPassword)
throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword,
alias, aliasPassword);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 私钥解密
*
* @param data
* @param keyStorePath
* @param alias
* @param keyStorePassword
* @param aliasPassword
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath,
String alias, String keyStorePassword, String aliasPassword)
throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword,
alias, aliasPassword);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 公钥加密
*
* @param data
* @param certificatePath
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String certificatePath)
throws Exception {
// 取得公钥
PublicKey publicKey = getPublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 公钥解密
*
* @param data
* @param certificatePath
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data, String certificatePath)
throws Exception {
// 取得公钥
PublicKey publicKey = getPublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 验证Certificate
*
* @param certificatePath
* @return
*/
public static boolean verifyCertificate(String certificatePath) {
return verifyCertificate(new Date(), certificatePath);
}
/**
* 验证Certificate是否过期或无效
*
* @param date
* @param certificatePath
* @return
*/
public static boolean verifyCertificate(Date date, String certificatePath) {
boolean status = true;
try {
// 取得证书
Certificate certificate = getCertificate(certificatePath);
// 验证证书是否过期或无效
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证证书是否过期或无效
*
* @param date
* @param certificate
* @return
*/
private static boolean verifyCertificate(Date date, Certificate certificate) {
boolean status = true;
try {
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity(date);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 签名
*
* @param keyStorePath
* @param alias
* @param keyStorePassword
* @param aliasPassword
* @return
* @throws Exception
*/
public static byte[] sign(byte[] sign, String keyStorePath, String alias,
String keyStorePassword, String aliasPassword) throws Exception {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(
keyStorePath, keyStorePassword, alias);
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, keyStorePassword,
alias, aliasPassword);
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initSign(privateKey);
signature.update(sign);
return signature.sign();
}
/**
* 验证签名
*
* @param data
* @param sign
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, byte[] sign,
String certificatePath) throws Exception {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
/**
* 验证Certificate
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @return
*/
public static boolean verifyCertificate(Date date, String keyStorePath,
String keyStorePassword, String alias) {
boolean status = true;
try {
Certificate certificate = getCertificate(keyStorePath,
keyStorePassword, alias);
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证Certificate
*
* @param keyStorePath
* @param keyStorePassword
* @param alias
* @return
*/
public static boolean verifyCertificate(String keyStorePath,
String keyStorePassword, String alias) {
return verifyCertificate(new Date(), keyStorePath, keyStorePassword,
alias);
}
} gateway加密认证
*.crt : 证书
*.keystore 秘钥库文件
keyStorePassword: 密钥库密码
aliasPassword: 别名密码
alias: 别名
session 身份识别码
appkey 应用识别码
appName :名称与证书秘钥库名称一致
timeStamp :时间戳
sign :数字签名
需签名字符串 inputStr = appkey=appKeyValue&timeStamp=timeStampValue&参数key=value; 参数的key按accsii排序 post请求 参数为JSON转Map后排序再拼接 参数为数组直接拼接 参数为RequestParam 与GET相同 请求为文件上传忽略参数签名
GET请求按accsii排序后拼接
加密获得sign
private String certificatePath = "C:\\Users\\EDY\\Desktop\\pfx证书制作工具\\output\\trumgu.crt";
private String keyStorePath = "C:\\Users\\EDY\\Desktop\\pfx证书制作工具\\output\\trumgu.keystore";
private String keyStorePassword = "trumgu123";
private String aliasPassword = "trumgu123";
private String alias = "pvktmp:48383345-fae0-465f-a4b6-8b2619ddb8a2";
byte[] data = inputStr.getBytes();
byte[] encodedData = CertificateCoderUtils.encryptByPrivateKey(data,
keyStorePath, keyStorePassword, alias, aliasPassword);
byte[] decodedData = CertificateCoderUtils.decryptByPublicKey(encodedData,
certificatePath);
String outputStr = new String(decodedData);
System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
assertEquals(inputStr, outputStr);
System.err.println("私钥签名——公钥验证签名");
// 产生签名
byte[] signByte = CertificateCoderUtils.sign(encodedData, keyStorePath, alias,
keyStorePassword, aliasPassword);
String sign = Hex.encodeHexString(signByte);
System.err.println("签名:\r" + sign); ![FireFox 中添加智能卡驱动支持.[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)