I'm a certificate noob. I've been trying to import certificates for the past couple of hours and the more I dig into security stuff, the more it feels impossible to understand.
Here is what I'm trying to achieve in java:
- the user can upload any 开发者_如何转开发kind of formatted certificate with an optional passphrase
- I need to convert the certificate to a non-binary PEM format
- Extract the private and public keys to store in a database, throw error if missing one of the two
So far I've been able to parse some certificates using java security's x509Certificate but I can't get the private key. I've also tried bouncy castle but no success there either.
Thanks for your help
An X509Certificate
only contains a public key.
Private keys are usually encoded using PKCS#8. Try KeyFactory
with a PKCS8EncodedKeySpec
.
Combined public key certificates with private keys are usually encoded using PKCS#12 (.pfx, .p12). Try a KeyStore
of "PKCS12" type (with Bouncy Castle as provider).
精彩评论