常熟董浜招聘:征服.PFX(.p12)——个人信息交换文件

来源：百度文库编辑：偶看新闻时间：2024/04/28 06:12:27

2010-08-12

征服.PFX(.p12)——个人信息交换文件

文章分类:Java编程 与计费系统打交道，少不了用到加密/解密实现。为了安全起见，通过非对称加密交换对称加密密钥更是不可或缺。那么需要通过什么载体传递非对称算法公钥/私钥信息？数字证书是公钥的载体，而密钥库可以包含公钥、私钥信息。
JKS和PKCS#12都是比较常用的两种密钥库格式/标准。对于前者，搞Java开发，尤其是接触过HTTPS平台的朋友，并不陌生。JKS文件（通常为*.jks或*.keystore，扩展名无关）可以通过Java原生工具——KeyTool生成；而后者PKCS#12文件（通常为*.p12或*.pfx，意味个人信息交换文件），则是通过更为常用的OpenSSL工具产生。
当然，这两者之间是可以通过导入/导出的方式进行转换的！当然，这种转换需要通过KeyTool工具进行！
回归正题，计费同事遇到一个难题：合作方交给他们一个*.pfx文件，需要他们从中提取密钥，然后进行加密交互。其实，通过Java直接操作密钥库文件（或个人信息交换文件）对于一般Java开发人员来说，这都是个冷门。不接触数字安全，根本不知所云。况且，Java原生的密钥库文件格式为JKS，如何操作*.pfx文件？密钥库操作需要获知密钥库别名，*.pfx别名是什么？！这些难题都留给了我，当然，我欣然接受并回报硕果！

方案：

通过keytool密钥库导入命令importkeystore，将密钥库格式由PKCS#12转换为JKS。
检索新生成的密钥库文件，提取别名信息。
由密钥库文件导出数字证书（这里将用到别名）。
通过代码提取公钥/私钥、签名算法等

先看可是转换：
Cmd代码

echo 格式转换
keytool -importkeystore -v -srckeystore zlex.pfx -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore zlex.keystore -deststoretype jks -deststorepass 123456

echo 格式转换keytool -importkeystore -v  -srckeystore zlex.pfx -srcstoretype pkcs12 -srcstorepass 123456 -destkeystore zlex.keystore -deststoretype jks -deststorepass 123456

-importkeystore导入密钥库，通过格式设定，我们可以将PKCS#12文件转换为JKS格式。
-v显示详情
-srckeystore源密钥库，这里是zlex.pfx
-srcstoretype源密钥库格式，这里为pkcs12
-srcstorepass源密钥库密码，这里为123456
-destkeystore目标密钥库，这里为zlex.keystore
-deststoretype目标密钥库格式，这里为jks，默认值也如此
-deststorepass目标密钥库密码，这里为123456
通过这个操作，我们能够获得所需的密钥库文件zlex.keystore。

这时，我们已经获得了密钥库文件，只要确定对应的别名信息，就可以提取公钥/私钥，以及数字证书，进行加密交互了！

Cmd代码

echo 查看证书
keytool -list -keystore zlex.keystore -storepass 123456 -v

echo 查看证书keytool -list -keystore zlex.keystore -storepass 123456 -v

-list列举密钥库
-keystore密钥库，这里是zlex.keystore
-storepass密钥库密码，这里是123456
-v显示详情

这里需要细致观察一下别名信息！！！就是红框中的数字1！！！
经过我多次尝试，将PKCS#12格式的密钥库转化为JKS格式时，其别名一律为“1”!也就是说，我们完全可以不进行密钥库转换，也能获得公钥/私钥。
现在，我们把证书导出！
Cmd代码

echo 导出证书
keytool -exportcert -alias 1 -keystore zlex.keystore -file zlex.crt -storepass 123456

echo 导出证书keytool -exportcert -alias 1 -keystore zlex.keystore -file zlex.crt -storepass 123456

-exportcert导出证书
-alias别名，这里是1
-keystore密钥库，这里是zlex.keystore
-file证书文件，这里是zlex.crt
-storepass密钥库密码，这里是123456

现在证书也导出了，我们可以提取公钥/私钥，进行加密/解密，签名/验证操作了！当然，即便没有证书，我们也能够通过密钥库（JKS格式）文件获得证书，以及公钥/私钥、签名算法等。
补充代码，其实就是对Java加密技术（八）的修改！

Java代码

/**
* 2010-8-11
*/
package org.zlex.pfx;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.crypto.Cipher;
/**
* 证书操作类
*
* @author 梁栋
* @since 1.0
*/
public class CertificateCoder {
/**
* Java密钥库(Java Key Store，JKS)KEY_STORE
*/
public static final String KEY_STORE = "JKS";
public static final String X509 = "X.509";
/**
* 由 KeyStore获得私钥
*
* @param keyStorePath
* @param alias
* @param password
* @return
* @throws Exception
*/
private static PrivateKey getPrivateKey(String keyStorePath, String alias,
String password) throws Exception {
KeyStore ks = getKeyStore(keyStorePath, password);
PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray());
return key;
}
/**
* 由 Certificate获得公钥
*
* @param certificatePath
* @return
* @throws Exception
*/
private static PublicKey getPublicKey(String certificatePath)
throws Exception {
Certificate certificate = getCertificate(certificatePath);
PublicKey key = certificate.getPublicKey();
return key;
}
/**
* 获得Certificate
*
* @param certificatePath
* @return
* @throws Exception
*/
private static Certificate getCertificate(String certificatePath)
throws Exception {
CertificateFactory certificateFactory = CertificateFactory
.getInstance(X509);
FileInputStream in = new FileInputStream(certificatePath);
Certificate certificate = certificateFactory.generateCertificate(in);
in.close();
return certificate;
}
/**
* 获得Certificate
*
* @param keyStorePath
* @param alias
* @param password
* @return
* @throws Exception
*/
private static Certificate getCertificate(String keyStorePath,
String alias, String password) throws Exception {
KeyStore ks = getKeyStore(keyStorePath, password);
Certificate certificate = ks.getCertificate(alias);
return certificate;
}
/**
* 获得KeyStore
*
* @param keyStorePath
* @param password
* @return
* @throws Exception
*/
private static KeyStore getKeyStore(String keyStorePath, String password)
throws Exception {
FileInputStream is = new FileInputStream(keyStorePath);
KeyStore ks = KeyStore.getInstance(KEY_STORE);
ks.load(is, password.toCharArray());
is.close();
return ks;
}
/**
* 私钥加密
*
* @param data
* @param keyStorePath
* @param alias
* @param password
* @return
* @throws Exception
*/
public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath,
String alias, String password) throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 私钥解密
*
* @param data
* @param keyStorePath
* @param alias
* @param password
* @return
* @throws Exception
*/
public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath,
String alias, String password) throws Exception {
// 取得私钥
PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);
// 对数据加密
Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
return cipher.doFinal(data);
}
/**
* 公钥加密
*
* @param data
* @param certificatePath
* @return
* @throws Exception
*/
public static byte[] encryptByPublicKey(byte[] data, String certificatePath)
throws Exception {
// 取得公钥
PublicKey publicKey = getPublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 公钥解密
*
* @param data
* @param certificatePath
* @return
* @throws Exception
*/
public static byte[] decryptByPublicKey(byte[] data, String certificatePath)
throws Exception {
// 取得公钥
PublicKey publicKey = getPublicKey(certificatePath);
// 对数据加密
Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());
cipher.init(Cipher.DECRYPT_MODE, publicKey);
return cipher.doFinal(data);
}
/**
* 验证Certificate
*
* @param certificatePath
* @return
*/
public static boolean verifyCertificate(String certificatePath) {
return verifyCertificate(new Date(), certificatePath);
}
/**
* 验证Certificate是否过期或无效
*
* @param date
* @param certificatePath
* @return
*/
public static boolean verifyCertificate(Date date, String certificatePath) {
boolean status = true;
try {
// 取得证书
Certificate certificate = getCertificate(certificatePath);
// 验证证书是否过期或无效
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证证书是否过期或无效
*
* @param date
* @param certificate
* @return
*/
private static boolean verifyCertificate(Date date, Certificate certificate) {
boolean status = true;
try {
X509Certificate x509Certificate = (X509Certificate) certificate;
x509Certificate.checkValidity(date);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 签名
*
* @param keyStorePath
* @param alias
* @param password
*
* @return
* @throws Exception
*/
public static byte[] sign(byte[] sign, String keyStorePath, String alias,
String password) throws Exception {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(
keyStorePath, alias, password);
// 获取私钥
KeyStore ks = getKeyStore(keyStorePath, password);
// 取得私钥
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password
.toCharArray());
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initSign(privateKey);
signature.update(sign);
return signature.sign();
}
/**
* 验证签名
*
* @param data
* @param sign
* @param certificatePath
* @return
* @throws Exception
*/
public static boolean verify(byte[] data, byte[] sign,
String certificatePath) throws Exception {
// 获得证书
X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);
// 获得公钥
PublicKey publicKey = x509Certificate.getPublicKey();
// 构建签名
Signature signature = Signature.getInstance(x509Certificate
.getSigAlgName());
signature.initVerify(publicKey);
signature.update(data);
return signature.verify(sign);
}
/**
* 验证Certificate
*
* @param keyStorePath
* @param alias
* @param password
* @return
*/
public static boolean verifyCertificate(Date date, String keyStorePath,
String alias, String password) {
boolean status = true;
try {
Certificate certificate = getCertificate(keyStorePath, alias,
password);
status = verifyCertificate(date, certificate);
} catch (Exception e) {
status = false;
}
return status;
}
/**
* 验证Certificate
*
* @param keyStorePath
* @param alias
* @param password
* @return
*/
public static boolean verifyCertificate(String keyStorePath, String alias,
String password) {
return verifyCertificate(new Date(), keyStorePath, alias, password);
}
}

/*** 2010-8-11*/package org.zlex.pfx;import java.io.FileInputStream;import java.security.KeyStore;import java.security.PrivateKey;import java.security.PublicKey;import java.security.Signature;import java.security.cert.Certificate;import java.security.cert.CertificateFactory;import java.security.cert.X509Certificate;import java.util.Date;import javax.crypto.Cipher;/*** 证书操作类** @author 梁栋* @since 1.0*/public class CertificateCoder {/*** Java密钥库(Java Key Store，JKS)KEY_STORE*/public static final String KEY_STORE = "JKS";public static final String X509 = "X.509";/*** 由 KeyStore获得私钥** @param keyStorePath* @param alias* @param password* @return* @throws Exception*/private static PrivateKey getPrivateKey(String keyStorePath, String alias,String password) throws Exception {KeyStore ks = getKeyStore(keyStorePath, password);PrivateKey key = (PrivateKey) ks.getKey(alias, password.toCharArray());return key;}/*** 由 Certificate获得公钥** @param certificatePath* @return* @throws Exception*/private static PublicKey getPublicKey(String certificatePath)throws Exception {Certificate certificate = getCertificate(certificatePath);PublicKey key = certificate.getPublicKey();return key;}/*** 获得Certificate** @param certificatePath* @return* @throws Exception*/private static Certificate getCertificate(String certificatePath)throws Exception {CertificateFactory certificateFactory = CertificateFactory.getInstance(X509);FileInputStream in = new FileInputStream(certificatePath);Certificate certificate = certificateFactory.generateCertificate(in);in.close();return certificate;}/*** 获得Certificate** @param keyStorePath* @param alias* @param password* @return* @throws Exception*/private static Certificate getCertificate(String keyStorePath,String alias, String password) throws Exception {KeyStore ks = getKeyStore(keyStorePath, password);Certificate certificate = ks.getCertificate(alias);return certificate;}/*** 获得KeyStore** @param keyStorePath* @param password* @return* @throws Exception*/private static KeyStore getKeyStore(String keyStorePath, String password)throws Exception {FileInputStream is = new FileInputStream(keyStorePath);KeyStore ks = KeyStore.getInstance(KEY_STORE);ks.load(is, password.toCharArray());is.close();return ks;}/*** 私钥加密** @param data* @param keyStorePath* @param alias* @param password* @return* @throws Exception*/public static byte[] encryptByPrivateKey(byte[] data, String keyStorePath,String alias, String password) throws Exception {// 取得私钥PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);// 对数据加密Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());cipher.init(Cipher.ENCRYPT_MODE, privateKey);return cipher.doFinal(data);}/*** 私钥解密** @param data* @param keyStorePath* @param alias* @param password* @return* @throws Exception*/public static byte[] decryptByPrivateKey(byte[] data, String keyStorePath,String alias, String password) throws Exception {// 取得私钥PrivateKey privateKey = getPrivateKey(keyStorePath, alias, password);// 对数据加密Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());cipher.init(Cipher.DECRYPT_MODE, privateKey);return cipher.doFinal(data);}/*** 公钥加密** @param data* @param certificatePath* @return* @throws Exception*/public static byte[] encryptByPublicKey(byte[] data, String certificatePath)throws Exception {// 取得公钥PublicKey publicKey = getPublicKey(certificatePath);// 对数据加密Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());cipher.init(Cipher.ENCRYPT_MODE, publicKey);return cipher.doFinal(data);}/*** 公钥解密** @param data* @param certificatePath* @return* @throws Exception*/public static byte[] decryptByPublicKey(byte[] data, String certificatePath)throws Exception {// 取得公钥PublicKey publicKey = getPublicKey(certificatePath);// 对数据加密Cipher cipher = Cipher.getInstance(publicKey.getAlgorithm());cipher.init(Cipher.DECRYPT_MODE, publicKey);return cipher.doFinal(data);}/*** 验证Certificate** @param certificatePath* @return*/public static boolean verifyCertificate(String certificatePath) {return verifyCertificate(new Date(), certificatePath);}/*** 验证Certificate是否过期或无效** @param date* @param certificatePath* @return*/public static boolean verifyCertificate(Date date, String certificatePath) {boolean status = true;try {// 取得证书Certificate certificate = getCertificate(certificatePath);// 验证证书是否过期或无效status = verifyCertificate(date, certificate);} catch (Exception e) {status = false;}return status;}/*** 验证证书是否过期或无效** @param date* @param certificate* @return*/private static boolean verifyCertificate(Date date, Certificate certificate) {boolean status = true;try {X509Certificate x509Certificate = (X509Certificate) certificate;x509Certificate.checkValidity(date);} catch (Exception e) {status = false;}return status;}/*** 签名** @param keyStorePath* @param alias* @param password** @return* @throws Exception*/public static byte[] sign(byte[] sign, String keyStorePath, String alias,String password) throws Exception {// 获得证书X509Certificate x509Certificate = (X509Certificate) getCertificate(keyStorePath, alias, password);// 获取私钥KeyStore ks = getKeyStore(keyStorePath, password);// 取得私钥PrivateKey privateKey = (PrivateKey) ks.getKey(alias, password.toCharArray());// 构建签名Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());signature.initSign(privateKey);signature.update(sign);return signature.sign();}/*** 验证签名** @param data* @param sign* @param certificatePath* @return* @throws Exception*/public static boolean verify(byte[] data, byte[] sign,String certificatePath) throws Exception {// 获得证书X509Certificate x509Certificate = (X509Certificate) getCertificate(certificatePath);// 获得公钥PublicKey publicKey = x509Certificate.getPublicKey();// 构建签名Signature signature = Signature.getInstance(x509Certificate.getSigAlgName());signature.initVerify(publicKey);signature.update(data);return signature.verify(sign);}/*** 验证Certificate** @param keyStorePath* @param alias* @param password* @return*/public static boolean verifyCertificate(Date date, String keyStorePath,String alias, String password) {boolean status = true;try {Certificate certificate = getCertificate(keyStorePath, alias,password);status = verifyCertificate(date, certificate);} catch (Exception e) {status = false;}return status;}/*** 验证Certificate** @param keyStorePath* @param alias* @param password* @return*/public static boolean verifyCertificate(String keyStorePath, String alias,String password) {return verifyCertificate(new Date(), keyStorePath, alias, password);}}

相信上述代码已经帮朋友们解决了相当多的问题！

给出测试类：
Java代码

package org.zlex.pfx;
import static org.junit.Assert.*;
import org.apache.commons.codec.binary.Hex;
import org.junit.Test;
/**
* 证书操作验证类
*
* @author 梁栋
* @version 1.0
* @since 1.0
*/
public class CertificateCoderTest {
private String password = "123456";
private String alias = "1";
private String certificatePath = "zlex.crt";
private String keyStorePath = "zlex.keystore";
@Test
public void test() throws Exception {
System.err.println("公钥加密——私钥解密");
String inputStr = "Ceritifcate";
byte[] data = inputStr.getBytes();
byte[] encrypt = CertificateCoder.encryptByPublicKey(data,
certificatePath);
byte[] decrypt = CertificateCoder.decryptByPrivateKey(encrypt,
keyStorePath, alias, password);
String outputStr = new String(decrypt);
System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
// 验证数据一致
assertArrayEquals(data, decrypt);
// 验证证书有效
assertTrue(CertificateCoder.verifyCertificate(certificatePath));
}
@Test
public void testSign() throws Exception {
System.err.println("私钥加密——公钥解密");
String inputStr = "sign";
byte[] data = inputStr.getBytes();
byte[] encodedData = CertificateCoder.encryptByPrivateKey(data,
keyStorePath, alias, password);
byte[] decodedData = CertificateCoder.decryptByPublicKey(encodedData,
certificatePath);
String outputStr = new String(decodedData);
System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);
assertEquals(inputStr, outputStr);
System.err.println("私钥签名——公钥验证签名");
// 产生签名
byte[] sign = CertificateCoder.sign(encodedData, keyStorePath, alias,
password);
System.err.println("签名:\r" + Hex.encodeHexString(sign));
// 验证签名
boolean status = CertificateCoder.verify(encodedData, sign,
certificatePath);
System.err.println("状态:\r" + status);
assertTrue(status);
}
}

package org.zlex.pfx;import static org.junit.Assert.*;import org.apache.commons.codec.binary.Hex;import org.junit.Test;/*** 证书操作验证类** @author 梁栋* @version 1.0* @since 1.0*/public class CertificateCoderTest {private String password = "123456";private String alias = "1";private String certificatePath = "zlex.crt";private String keyStorePath = "zlex.keystore";@Testpublic void test() throws Exception {System.err.println("公钥加密——私钥解密");String inputStr = "Ceritifcate";byte[] data = inputStr.getBytes();byte[] encrypt = CertificateCoder.encryptByPublicKey(data,certificatePath);byte[] decrypt = CertificateCoder.decryptByPrivateKey(encrypt,keyStorePath, alias, password);String outputStr = new String(decrypt);System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);// 验证数据一致assertArrayEquals(data, decrypt);// 验证证书有效assertTrue(CertificateCoder.verifyCertificate(certificatePath));}@Testpublic void testSign() throws Exception {System.err.println("私钥加密——公钥解密");String inputStr = "sign";byte[] data = inputStr.getBytes();byte[] encodedData = CertificateCoder.encryptByPrivateKey(data,keyStorePath, alias, password);byte[] decodedData = CertificateCoder.decryptByPublicKey(encodedData,certificatePath);String outputStr = new String(decodedData);System.err.println("加密前: " + inputStr + "\n\r" + "解密后: " + outputStr);assertEquals(inputStr, outputStr);System.err.println("私钥签名——公钥验证签名");// 产生签名byte[] sign = CertificateCoder.sign(encodedData, keyStorePath, alias,password);System.err.println("签名:\r" + Hex.encodeHexString(sign));// 验证签名boolean status = CertificateCoder.verify(encodedData, sign,certificatePath);System.err.println("状态:\r" + status);assertTrue(status);}}

第一个测试方法，用于提取公钥/私钥进行加密/解密操作。
第二个测试方法，用于提取签名算法进行签名/验证操作。

OK，任务完成，密钥成功提取，剩下的都是代码基本功了！

3 楼 snowolf 2010-11-18 引用 maybe723 写道那对于单个cer格式的证书，这种证书没有私钥而只有公钥和CA的签名吧，这种证书在双向认证中，服务器端是不能认别出对方的身份并做签名的吧，而做签名要使用私钥，那这个私钥是保存在哪里?
cer证书文件本身就是算法以及公钥的载体，而私钥就需要私密保存，不对外公布了！2 楼 maybe723 2010-11-17 引用那对于单个cer格式的证书，这种证书没有私钥而只有公钥和CA的签名吧，这种证书在双向认证中，服务器端是不能认别出对方的身份并做签名的吧，而做签名要使用私钥，那这个私钥是保存在哪里?1 楼 wukele 2010-08-12 引用相信以后会用到。

什么是.pfx 命运与征服——将军寒假生活p12历史初二寒假生活p12 初1的数学题 (P12) 初二寒假生活p12地理初二寒假生活历史P12 神圣纪事——征服地底城的汉化补丁在哪下，急急！！！！初二寒假生活p12物理(4) 初二寒假生活p12物理(5) 如何查找个人信息史玉柱个人信息潘玮泊个人信息个人信息查询胡彦斌个人信息谢霆锋个人信息如何找回证书(PFX文件)的私钥口令 pfx, 证书，我不知道把它放哪了？我的QQ密码怎么改不了会提示个人信息有所受限词语————请问遇到这样的问题怎么解决征服电视连续剧征服网游阿迪达斯征服电视剧征服征服网络游戏

常熟董浜招聘:征服*.PFX(*.p12)——个人信息交换文件

征服*.PFX(*.p12)——个人信息交换文件

常熟董浜招聘:征服.PFX(.p12)——个人信息交换文件

征服.PFX(.p12)——个人信息交换文件