Generate a RSA-2048 private kay.
>openssl genrsa -out prv.pem 2048
>openssl rsa -in prv.pem -pubout > pub.pem
Convert public key portino in DER format (so Java can read it)
>openssl rsa -in prv.pem -pubout -outform DER -out pub.der
Convert private key to PKCS#8 format (so Java can read it).
>openssl pkcs8 -topk8 -inform PEM -outform DER -in prv.pem -out prv.der -nocrypt
Generate a CSR signed by prv.pem
>openssl req -new -key prv.pem -out test.csr
password 1234
Generate a certificate, signed by prv.pem, for the CSR.
>openssl x509 -req -days 365 -in test.csr -signkey prv.pem -sha1 -out test.cert
password 1234
Generate another RSA-2048 private kay.
>openssl genrsa -out prv2.pem 2048
Convert public key portion in DER format (so Java can read it)
>openssl rsa -in prv2.pem -pubout -outform DER -out pub2.der
Run the java program to read certificate and to verify it.
D:\Cyber Space\Examples\JavaSecurity
>javac ReadCert.java
>java ReadCert
The portion Java program, ReadCert.java, is as below.
//
// Read an X.509 certificate from "test.cert".
//
FileInputStream fis = new FileInputStream ("test.cert");
BufferedInputStream bis = new BufferedInputStream (fis);
CertificateFactory cf = CertificateFactory.getInstance ("X.509");
if (bis.available () == 0) {
System.exit (0);
}
//
// Dump the certificate.
//
java.security.cert.Certificate cert = cf.generateCertificate (bis);
System.out.println (cert.toString());
//
// Get public key of the certificate.
//
PublicKey pub = cert.getPublicKey ();
System.out.println ("Get the public key of the certificate with " + pub.getEncoded().length + " bytes.");
//
// Verify the cert with public key (pub).
//
System.out.println ("Verify the certificate with the public key.");
try {
cert.verify (pub);
}
catch (Exception e) {
System.out.println ("Exception.");
}
//
// Read public key (pub2) from the file (pub.der).
//
File f = new File ("pub.der");
fis = new FileInputStream (f);
DataInputStream dis = new DataInputStream (fis);
byte [] pubBlob = new byte [(int) f.length()];
System.out.println ("pubBlob.length = " + pubBlob.length);
dis.readFully (pubBlob);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pub2 = keyFactory.generatePublic(new X509EncodedKeySpec (pubBlob));
System.out.println ("Get the public key, pub2, from the file with " + pub2.getEncoded().length + " bytes.");
//
// Check if pub and pub2 are same.
// They should be same.
//
if (pub.equals (pub2)) {
System.out.println ("pub and pub2 are same.");
} else {
System.out.println ("pub and pub2 are different.");
}
//
// Read another public key (pub3) from the file (pub2.der).
//
f = new File ("pub2.der");
fis = new FileInputStream (f);
dis = new DataInputStream (fis);
byte [] pub2Blob = new byte [(int) f.length()];
dis.readFully (pub2Blob);
keyFactory = KeyFactory.getInstance("RSA");
PublicKey pub3 = keyFactory.generatePublic(new X509EncodedKeySpec (pub2Blob));
System.out.println ("Get the public key, pub3, from the file with " + pub3.getEncoded().length + " bytes.");
//
// Verify the certificate with the public key (pub3).
// The verification should be failed.
//
System.out.println ("Verify the certificate with the public key, pub3.");
try {
cert.verify (pub3);
}
catch (Exception e) {
System.out.println ("Error. An exception occurs. The result is expected.");
}
-Count
No comments:
Post a Comment