RSA密鑰對生成並存儲到密鑰庫

Question

我嘗試生成RSA密鑰對並將其存儲在HSM密鑰庫中。該代碼，我現在看起來是這樣的：

String configName = "C:\\eTokenConfig.cfg"; 
    Provider p = new sun.security.pkcs11.SunPKCS11(configName); 
    Security.addProvider(p); 
    // Read the keystore form the smart card 
    char[] pin = { 'p', '4', 's', 's', 'w', '0', 'r', 'd' }; 
    KeyStore keyStore = KeyStore.getInstance("PKCS11",p); 
    keyStore.load(null, pin); 
    //generate keys 
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p); 
    kpg.initialize(512); 
    KeyPair pair = kpg.generateKeyPair(); 

    PrivateKey privateKey = pair.getPrivate(); 
    PublicKey publicKey = pair.getPublic(); 
    // Save Keys How ??? 

我試圖用keyStore.setEntry方法，但問題是，它需要一個證書鏈，我不知道如何得到這個證書？

Answer 1

如果您在令牌中生成密鑰，則不應該能夠讀取私鑰。 您需要創建一個虛擬證書（例如自簽名）並使用別名進行存儲，密鑰庫模型依賴證書才能使用。

Answer 2

見http://docs.oracle.com/javase/tutorial/security/apisign/vstep2.html

把公鑰：

X509EncodedKeySpec x509ks = new X509EncodedKeySpec(
      publicKey.getEncoded()); 
    FileOutputStream fos = new FileOutputStream(strPathFilePubKey); 
    fos.write(x509ks.getEncoded()); 

負載公鑰：

byte[] encodedKey = IOUtils.toByteArray(new FileInputStream(strPathFilePubKey)); 
    KeyFactory keyFactory = KeyFactory.getInstance("RSA", p); 
    X509EncodedKeySpec pkSpec = new X509EncodedKeySpec(
      encodedKey); 
    PublicKey publicKey = keyFactory.generatePublic(pkSpec); 

保存私鑰：

PKCS8EncodedKeySpec pkcsKeySpec = new PKCS8EncodedKeySpec(
      privateKey.getEncoded()); 
    FileOutputStream fos = new FileOutputStream(strPathFilePrivbKey); 
    fos.write(pkcsKeySpec.getEncoded()); 

負載私鑰：

byte[] encodedKey = IOUtils.toByteArray(new FileInputStream(strPathFilePrivKey)); 
    KeyFactory keyFactory = KeyFactory.getInstance("RSA", p); 
    PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(
      encodedKey); 
    PrivateKey privateKey = keyFactory.generatePrivate(privKeySpec);