使用ECDSA密钥时获得签名的X509
https://stackoverflow.com/questions/2424121
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian题
我想签一些X509证书。我的根私钥是ECDSA secp384r1。我使用的充气城堡。有什么事发生的是,生成证书签名时,所使用的签名类是无法理解我的ECDSA键。
这产生的代码如下所示:
X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator();
v3CertGen.setSerialNumber(BigInteger.valueOf(serialNumber));
v3CertGen.setIssuerDN(issuerPrincipal);
v3CertGen.setNotBefore(notBefore);
v3CertGen.setNotAfter(notAfter);
v3CertGen.setSubjectDN(subjectDN);
v3CertGen.setPublicKey(publicKey);
v3CertGen.setSignatureAlgorithm(CERT_SIGNATURE_ALGORITHM); // this is ECDSAWITHSHA1
X509Certificate cert = v3CertGen.generate(privateKey, BOUNCY_CASTLE_PROVIDER); // "BC"
从这个输出是:
java.security.InvalidKeyException: can't identify DSA private key.
at org.bouncycastle.jce.provider.DSAUtil.generatePrivateKeyParameter(Unknown Source)
at org.bouncycastle.jce.provider.JDKDSASigner.engineInitSign(Unknown Source)
at java.security.Signature.initSign(Signature.java:480)
at org.bouncycastle.x509.X509Util.calculateSignature(Unknown Source)
at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)
at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)
at com.snip.utils.CertificateUtility.generateAndSignCertificate(CertificateUtility.java:147)
通过阅读BouncyCastle的源代码,我已经跟踪这个问题,并用下面的代码片段重现:
Signature sig = Signature.getInstance(CERT_SIGNATURE_ALGORITHM, BOUNCY_CASTLE_PROVIDER);
System.out.println(sig.getAlgorithm());
System.out.println(sig.toString());
System.out.println(sig.getClass().getName());
try
{
sig.initSign(privateKey);
System.out.println(sig.toString());
} catch (Exception e) {
e.printStackTrace();
}
产生的输出:
SHA1withECDSA
Signature object: SHA1withECDSA<not initialized>
org.bouncycastle.jce.provider.JDKDSASigner$ecDSA
java.security.InvalidKeyException: can't identify DSA private key.
at org.bouncycastle.jce.provider.DSAUtil.generatePrivateKeyParameter(Unknown Source)
at org.bouncycastle.jce.provider.JDKDSASigner.engineInitSign(Unknown Source)
at java.security.Signature.initSign(Signature.java:480)
at com.snip.utils.CertificateUtility.<init>(CertificateUtility.java:99)
的问题是,我在这一点上完全丧失。我不知道如何使证书生成给我签名的证书。有没有人有什么我做错了什么想法?
解决方案
我已经追查到其尚未从POM删除,造成BouncyCastle的版本错误归类要使用一些旧罐子。
不隶属于 StackOverflow
