从 hyperledger ca 生成的私钥文件中获取 java.security.PrivateKey

Posted

技术标签:

【中文标题】从 hyperledger ca 生成的私钥文件中获取 java.security.PrivateKey【英文标题】:Get java.security.PrivateKey from private key file generated by hyperledger ca 【发布时间】:2019-03-21 14:59:19 【问题描述】:

使用hyperledger-fabric-ca 工具我得到如下私钥

-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrECQDuXL87QJKYDO
O/Z1TT+vzVPqF3106wT75dJF5OqhRANCAASsFuneE46/9JmUJCiQ14zWDKcFn6TL
kYl6mirTXefU7yYglu5hmehU0pD/PKKLkoTLNbPLn5RMdUe8aum3N1sZ
-----END PRIVATE KEY-----

默认情况下,该软件使用ecdsa-with-SHA256 (prime256v1) 签名算法

在我的 java 应用程序中,我需要有基于上述私钥的 java.security.PrivateKey 实例。

我试过下面的代码

 public static void main(String[] args) throws Exception 

        String privateKeyString = "-----BEGIN PRIVATE KEY-----\n" +
                "MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrECQDuXL87QJKYDO\n" +
                "O/Z1TT+vzVPqF3106wT75dJF5OqhRANCAASsFuneE46/9JmUJCiQ14zWDKcFn6TL\n" +
                "kYl6mirTXefU7yYglu5hmehU0pD/PKKLkoTLNbPLn5RMdUe8aum3N1sZ\n" +
                "-----END PRIVATE KEY-----\n";


        String privateKeyContent = privateKeyString.replaceAll("\\n|-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", "");
        PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyContent.getBytes());
        KeyFactory factory = KeyFactory.getInstance("EC");
        PrivateKey privateKey = factory.generatePrivate(spec);
    

但我得到了

Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
    at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
    at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
    at QueryApp.main(QueryApp.java:36)
Caused by: java.security.InvalidKeyException: invalid key format
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:330)
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
    at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73)
    at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
    at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
    ... 2 more

【问题讨论】:

【参考方案1】:

您必须对内容进行 base64 解码,例如

String privateKeyContent = privateKeyString.replaceAll("\\n|-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", "");
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));
KeyFactory factory = KeyFactory.getInstance("EC");

【讨论】:

以上是关于从 hyperledger ca 生成的私钥文件中获取 java.security.PrivateKey的主要内容,如果未能解决你的问题,请参考以下文章

搭建基于hyperledger fabric的联盟社区 --Fabric证书解析

用openssl生成SSL使用的私钥和证书,并自己做CA签名

建立私有CA

如何创建一个自签名的SSL证书(X509)

CA证书的签发和吊销

CA证书的签发和吊销