1. 技术文章
  2. Private and public key separately

Private and public key separately

倖福魔咒の 提交于 2019-12-23 02:36:26

问题


οκ!I want to establish a client server communication oves SSL/TLS in java. The server is multithreaded. With openssl I acted as my own CA (created private key and self-signed certificate for the authority). Now I want to create keys and certs for my server and clients which are signed from the CA I created.

1)Do I have to create certs and keys from the prompt for every single client? Or is it another "automated" way eg with a script?

2) I have seen that this code for setting up keystores

private void setupClientKeyStore() throws GeneralSecurityException, IOException 
    {
    clientKeyStore = KeyStore.getInstance( "JKS" );
    clientKeyStore.load( new FileInputStream( "client1publickey.jks" ),
                       "password".toCharArray() );
    }

    private void setupServerKeystore() throws GeneralSecurityException, IOException
    {
    InputStream keyStoreResource = new FileInputStream("serverprivatekey.jks");
    char[] keyStorePassphrase = "password".toCharArray();
    serverKeyStore = KeyStore.getInstance("JKS");
    serverKeyStore.load(keyStoreResource, keyStorePassphrase);
}

I have run the command to see what type of entries are these and client1publickey is a TrustedCert entry while serverprivatekey is a PrivateKey entry. This code is on my server class. I have this code on my client class 

 private void setupServerKeystore() throws GeneralSecurityException, IOException {
    serverKeyStore = KeyStore.getInstance( "JKS" );
    serverKeyStore.load( new FileInputStream("serverpublickwy.jks"), 
                        "university".toCharArray() );
  } 
   private void setupClientKeyStore() throws GeneralSecurityException, IOException {
    clientKeyStore = KeyStore.getInstance( "JKS" );
    clientKeyStore.load( new FileInputStream( "client1privatekey.jks" ),
                       "university".toCharArray() );}
The question is that how can I create these jks files separately? The publickey.jks file is cert, right? How can I have it in another file from the private key and be signed from CA? Or is it another way I can estabvlish connections between client/server? Firstly I had created the CA with openssl and then the two jks files for server and client included the certs and the key. Sorry for the english.

来源:https://stackoverflow.com/questions/33479597/private-and-public-key-separately

标签
java
OpenSSL
keystore
private-key
public-key
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!