1. 技术文章
  2. Converting PEM file to PKCS8 programmatically

Converting PEM file to PKCS8 programmatically

旧巷老猫 提交于 2021-02-09 01:42:28

问题


I want to convert pem file to pk8. I can do this with openssl on terminal as ;

openssl pkcs8 -topk8 -inform PEM -outform DER -in client-key.pem -out client-key.pk8 -nocrypt

But I need to do this programmatically on java. Its look like there is a package for cryptography which contains openssl implementation as Bounty Castle but I couldn't figure out how can do this converting process. Is there a way for doing that ?


回答1:


The test code of Bouncy Castle contains an example of how to read an RSA Private key, in the function ParserTest.doOpenSslRsaTest. Here is a slight modification of that example, it can handle both encrypted and non-encrypted keys as input (and in the latter case, the passphrase will not be used):

private static KeyPair pemRSAP1ReadKeyPair(String pemfilename, String passphrase)
throws FileNotFoundException, IOException
{
    KeyPair result = null;

    FileReader reader = new FileReader(pemfilename);
    PEMParser parser = new PEMParser(reader);
    Object pemobj = parser.readObject();
    parser.close();
    reader.close();

    if (pemobj  == null || 
        !((pemobj instanceof PEMKeyPair) || (pemobj instanceof PEMEncryptedKeyPair))) {
        System.out.println("Unable to read key pair");
    } else {
        PEMKeyPair pemkp;
        if (pemobj instanceof PEMEncryptedKeyPair) {
            PEMEncryptedKeyPair kp = (PEMEncryptedKeyPair)pemobj;
            PEMDecryptorProvider decprov = new BcPEMDecryptorProvider(passphrase.toCharArray());
            pemkp = kp.decryptKeyPair(decprov);
        } else {
            pemkp = (PEMKeyPair)pemobj;
        }
        result = new JcaPEMKeyConverter().setProvider("BC").getKeyPair(pemkp);
    }
    return result;
}

An example for the writer side can be found in AllTests.encryptedTestNew, which roughly looks like this:

private static void pemRSAP8WritePrivateKey(PrivateKey key, String pemfilename, String passphrase)
throws IOException, OperatorCreationException
{
    FileWriter writer = new FileWriter(pemfilename);
    JcaPEMWriter pemwriter = new JcaPEMWriter(writer);

    JceOpenSSLPKCS8EncryptorBuilder encryptorbuilder =
        new JceOpenSSLPKCS8EncryptorBuilder(PKCS8Generator.AES_128_CBC).
            setProvider("BC").
            setPasssword(passphrase.toCharArray());

    OutputEncryptor encryptor = encryptorbuilder.build();
    PKCS8Generator pkcs8 = new JcaPKCS8Generator(key, encryptor);
    pemwriter.writeObject(pkcs8);

    pemwriter.close();
    writer.close();
}

Putting it together to do the conversion:

Security.addProvider(new BouncyCastleProvider());

try {
    KeyPair kp = pemRSAP1ReadKeyPair("rsakey_enc.pem", "changeit");
    PrivateKey privkey = kp.getPrivate();
    if (!(privkey instanceof RSAPrivateKey)) {
        System.out.println("PEM input file does not contain an RSA private key");
    } else {
        pemRSAP8WritePrivateKey(privkey, "rsakey.p8", "abracadabra");
    }    
} catch (Exception e) {
    System.out.println("Caught exception: " + e.getMessage());
}


来源:https://stackoverflow.com/questions/52402352/converting-pem-file-to-pkcs8-programmatically

标签
java
OpenSSL
certificate
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!