RSA密钥BEGIN CERTIFICATE、BEGIN RSA PRIVATE KEY和BEGIN PRIVATE KEY的区别

最近在用RSA做签名校验,遇到个坑,对方给的RSA密钥一直不能解析成PublicKey对象,
他们那边使用PHP可以直接使用,我这边是用java代码却用不了,百度相关的资料也很少,
后来才发现是RSA密钥的证书格式不一样,今天做一下总结;

一、区别:

1.1、-----BEGIN CERTIFICATE-----格式密钥:

这种密钥的格式是cer的密钥证书,如下图:
​​​​RSA密钥BEGIN CERTIFICATE、BEGIN RSA PRIVATE KEY和BEGIN PRIVATE KEY的区别_第1张图片
在PHP代码中是可以直接使用的,但是java代码中就不能直接使用,需要转换成pem的密钥文件.

-----BEGIN CERTIFICATE-----
MIIDpjCCAo6gAwIBAgIJAKCM0axVhVORMA0GCSqGSIb3DQEBBQUAMEAxCzAJBgNV
BAYTAkpQMQ8wDQYDVQQIEwZJbmdhbWUxDzANBgNVBAcTBlRveWt5bzEPMA0GA1UE
ChMGSW5nYW1lMB4XDTE4MDgwNzA1NTQzM1oXDTE4MDkwNjA1NTQzM1owQDELMAkG
A1UEBhMCSlAxDzANBgNVBAgTBkluZ2FtZTEPMA0GA1UEBxMGVG95a3lvMQ8wDQYD
VQQKEwZJbmdhbWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAAQRd
CZs9G/Hg7A2WDWQTjeT1VGkCKSe6K7mHwgcl8RwDN8T9CKZ5Mb1ikSsWt9v9/wQl
aBAqCo2VKnhoxR4IaDRuJUxRk4aJZnH6Grw76jmHIiE1Y90Xz+ZUwjghQv9lZuuy
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
O1sHSFwcDgm+8hXGf/8OT8x0xRPOMXBnupe4CUFiDlwk7ljuDkVfBCCyk6igkUP7
SkLcrINomtl3UA5GY9dcDJN9S3DzVIMsA5vlXwhNdmy9yScJOz6B/Efup/tUNI5X
4vTVtsXH1gnPOp6nAgMBAAGjgaIwgZ8wHQYDVR0OBBYEFJbpNb+s2P6uCyKiijYK
LSpdV/K1MHAGA1UdIwRpMGeAFJbpNb+s2P6uCyKiijYKLSpdV/K1oUSkQjBAMQsw
CQYDVQQGEwJKUDEPMA0GA1UECBMGSW5nYW1lMQ8wDQYDVQQHEwZUb3lreW8xDzAN
BgNVBAoTBkluZ2FtZYIJAKCM0axVhVORMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEFBQADggEBABLE9SFoq53M1FxSa/IAbmg6gAw7JmMLN7S51NJ6rLAI13CFmg0a
TfXlVnLfNGYmg4ZVNeRPX9m4MPI1N1SHQecA+2B9i90R7RSoV2y6ZemQ8HqESlvj
BbTHJDCVhLiV0KxIysuZPg+FQzDs/ZSK2cvMC7rKIQ/JyyWvE+1dAeTGLEbLOYlK
uF08lGQDwKH8abxCbmlTSZv0xqwTPooU6oQpwFjSqbQoLky6nk1jyUHHxmYCmHLF
yX+WYhT+nPeO+PU8dLUeQhsIxkWyTShaKjyZVoNPnk1yuPZKYmSV3exPK5ISKU7q
oU3nydGPgTq0EWdauElL5dUQtY5K3UkiesQ=
-----END CERTIFICATE-----

1.2、-----BEGIN RSA PRIVATE KEY-----格式:

这个是RSA直接生成没有进行转换的密钥格式,公钥可以直接使用,私钥需要转换格式

-----BEGIN RSA PRIVATE KEY-----
MIICWwIBAAKBgQC2gzhE9THGQ9IVf5mtWJUmY4ptNK1cK3V3n6jh11hKpvPx8Wd4
lpijf4xlltWgKGBUQINAjWq9Xg2qeHN8CgdbP7qo2ldUrQoE4w3R/dHyKB/OAiiH
YX4q0ERolt2VGO68ymutzfbtmOvWA8Xwfn5z/Fi1VZi7SpmzotqVcUdADwIDAQAB
AoGAZSe3MSkArFV8g6PUJepZyAwVdc9jYhlIIsPf00QKUF3WCLt2ULSO5tdTlh6S
ShD2yttyo319snUFd/0IbLAWQME9RIueiZ1zEaxCouceXeu/eWbcGusOCWyY+wAO
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
5VB5JaZWrbw+HB4wvH5m0fK2fwCa8QDPts9fsa06W2fDNmEhkpCvqk8vyskiwKqu
o65R/x/ZAkEAxhPw9IWDH4Onu8btS81EDsCU6QvXckC1RECriBu22oR9OBOA+8eQ
nJm52A2O+SMPd+0YibmtyGbYin4FENrWJwJAGQD+mo23v7mscqZUMHNYPYnvEVpj
rODeOUH6C3RM+R+g6WPEea1Y4n278wp5o1ho8+YGvNcvGPr5XMfG+7QiiQJAE7cK
ZZwgV/Onr0X2enP80ScT6zo1gHa2VAvHxu1TPt6vA/TVArpzR1L5r2pyD5QQxxP/
PD4R8P9jkC1I3cuaQwJAQImLMQrzTTy19lpVwF4ICmb6aM5IoPyepJQDfKVb8DOA
T4CQy5PoZZTPDKMDsZTY6B7CN+JQEINe0lEtRESCvg==
-----END RSA PRIVATE KEY-----

1.3、-----BEGIN PRIVATE KEY-----格式:

这个密钥就是上面的密钥PKCS#8格式化后的密钥格式,java中用的私钥一般就是这种格式,但是公钥就不需要转换,可以直接使用

-----BEGIN PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBALaDOET1McZD0hV/
ma1YlSZjim00rVwrdXefqOHXWEqm8/HxZ3iWmKN/jGWW1aAoYFRAg0CNar1eDap4
c3wKB1s/uqjaV1StCgTjDdH90fIoH84CKIdhfirQRGiW3ZUY7rzKa63N9u2Y69YD
xfB+fnP8WLVVmLtKmbOi2pVxR0APAgMBAAECgYBlJ7cxKQCsVXyDo9Ql6lnIDBV1
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
zUQOwJTpC9dyQLVEQKuIG7bahH04E4D7x5CcmbnYDY75Iw937RiJua3IZtiKfgUQ
2tYnAkAZAP6ajbe/uaxyplQwc1g9ie8RWmOs4N45QfoLdEz5H6DpY8R5rVjifbvz
CnmjWGjz5ga81y8Y+vlcx8b7tCKJAkATtwplnCBX86evRfZ6c/zRJxPrOjWAdrZU
C8fG7VM+3q8D9NUCunNHUvmvanIPlBDHE/88PhHw/2OQLUjdy5pDAkBAiYsxCvNN
PLX2WlXAXggKZvpozkig/J6klAN8pVvwM4BPgJDLk+hllM8MowOxlNjoHsI34lAQ
g17SUS1ERIK+
-----END PRIVATE KEY-----

二、格式之间的转换:

2.1、BEGIN CERTIFICATE 转成 BEGIN PUBLIC KEY:
如果对方给的cer格式的证书,需要转换之成java可以使用的PKCS#8格式密钥,具体如下

    /**
     * BEGIN CERTIFICATE格式解析密钥
     * @Return: java.security.PublicKey
     */
    public static String getCerToPublicKey() throws FileNotFoundException, CertificateException {
     
        FileInputStream file = new FileInputStream("D://publicKey.cer");

        CertificateFactory ft = CertificateFactory.getInstance("X.509");
        X509Certificate certificate = (X509Certificate) ft.generateCertificate(file);
        PublicKey publicKey = certificate.getPublicKey();

        String strKey = "-----BEGIN PUBLIC KEY-----\n" 
				        + Base64.encodeBase64String(publicKey.getEncoded()) 
				        + "\n-----END PUBLIC KEY-----";
		System.out.println(strKey);
        return strKey;
    }

2.2、BEGIN RSA PRIVATE KEY 转成 BEGIN PRIVATE KEY:
这两种格式之间的转换百度很多,这里就不写了,包括DER 转换 PEM格式都有,只是用工具进行转换;
贴个链接:https://www.jianshu.com/p/15d58b1ada5b

你可能感兴趣的:(java,java,rsa,jwt)