从 hyperledger ca 生成的私钥文件中获取 java.security.PrivateKey
Posted
技术标签:
【中文标题】从 hyperledger ca 生成的私钥文件中获取 java.security.PrivateKey【英文标题】:Get java.security.PrivateKey from private key file generated by hyperledger ca 【发布时间】:2019-03-21 14:59:19 【问题描述】:使用hyperledger-fabric-ca 工具我得到如下私钥
-----BEGIN PRIVATE KEY-----
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrECQDuXL87QJKYDO
O/Z1TT+vzVPqF3106wT75dJF5OqhRANCAASsFuneE46/9JmUJCiQ14zWDKcFn6TL
kYl6mirTXefU7yYglu5hmehU0pD/PKKLkoTLNbPLn5RMdUe8aum3N1sZ
-----END PRIVATE KEY-----
默认情况下,该软件使用ecdsa-with-SHA256
(prime256v1
) 签名算法
在我的 java 应用程序中,我需要有基于上述私钥的 java.security.PrivateKey 实例。
我试过下面的代码
public static void main(String[] args) throws Exception
String privateKeyString = "-----BEGIN PRIVATE KEY-----\n" +
"MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgrECQDuXL87QJKYDO\n" +
"O/Z1TT+vzVPqF3106wT75dJF5OqhRANCAASsFuneE46/9JmUJCiQ14zWDKcFn6TL\n" +
"kYl6mirTXefU7yYglu5hmehU0pD/PKKLkoTLNbPLn5RMdUe8aum3N1sZ\n" +
"-----END PRIVATE KEY-----\n";
String privateKeyContent = privateKeyString.replaceAll("\\n|-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", "");
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyContent.getBytes());
KeyFactory factory = KeyFactory.getInstance("EC");
PrivateKey privateKey = factory.generatePrivate(spec);
但我得到了
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:169)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at QueryApp.main(QueryApp.java:36)
Caused by: java.security.InvalidKeyException: invalid key format
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:330)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
at sun.security.ec.ECPrivateKeyImpl.<init>(ECPrivateKeyImpl.java:73)
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:237)
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java:165)
... 2 more
【问题讨论】:
【参考方案1】:您必须对内容进行 base64 解码,例如
String privateKeyContent = privateKeyString.replaceAll("\\n|-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----", "");
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));
KeyFactory factory = KeyFactory.getInstance("EC");
【讨论】:
以上是关于从 hyperledger ca 生成的私钥文件中获取 java.security.PrivateKey的主要内容,如果未能解决你的问题,请参考以下文章
搭建基于hyperledger fabric的联盟社区 --Fabric证书解析