java—在bouncycastle bcfks密钥库中存储x25519密钥对

zwghvu4y  于 2021-07-13  发布在  Java
关注(0)|答案(0)|浏览(494)

为了执行diffie-hellman密钥协议 Curve25519 ,我正在使用生成以下密钥对 BouncyCastle 1.68 :

// Generate a key pair
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("X25519", BouncyCastleProvider.PROVIDER_NAME);
keyPairGenerator.initialize(new XDHParameterSpec(XDHParameterSpec.X25519));
KeyPair keyPair = keyPairGenerator.generateKeyPair();

使用此密钥对,我现在可以成功执行密钥协议:

// Perform a (dummy) key agreement
KeyAgreement keyAgreement = KeyAgreement.getInstance("X25519", BouncyCastleProvider.PROVIDER_NAME);
keyAgreement.init(keyPair.getPrivate());
keyAgreement.doPhase(keyPair.getPublic(), true);
byte[] secret = keyAgreement.generateSecret();

现在,我想安全地将此密钥对存储在bcfks密钥库中,以备将来使用,如下所示:

// Create a key store for the key pair
KeyStore keyStore = KeyStore.getInstance("BCFKS", BouncyCastleProvider.PROVIDER_NAME);
keyStore.load(null, "keyStorePassword".toCharArray());

// Put the key pair in the key store as a PrivateKeyEntry
final X509Certificate selfSignedCertificate = generateSelfSignedCertificate(keyPair); // TODO: How to generate a certificate?
final KeyStore.PrivateKeyEntry entry = new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{selfSignedCertificate});
keyStore.setEntry("alias", entry, new KeyStore.PasswordProtection("keyEntryPassword".toCharArray()));

... 除了 KeyStore.PrivateKeyEntry 构造函数需要一个证书(而不是公钥),并且 X25519 根据定义,不能用于签署证书(尝试使用它创建签名者自然会失败 java.lang.IllegalArgumentException: Unknown signature type requested: X25519 )
我是不是漏掉了一些明显的东西,或者说目前还没有办法解决这个问题 X25519 a中的密钥对 BCFKS 密钥库?考虑到我并不真的需要证书,是否有一种解决方法可以应用,只需要一种在密钥库中存储私钥/公钥的方法?

暂无答案!

目前还没有任何答案,快来回答吧!

相关问题