Pem私钥pkcs1和pkcs8之间互转
pkcs8私钥转pkcs1私钥
方法1:使用OpenSSL工具转化
openssl rsa -in pkcs8.pem -out pkcs1.pem
命令执行完后,当前文件目录下将出现一个名为pkcs1.pem的文件,即为pkcs1格式。
方法2:通过代码实现
jar包版本
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.72</version>
</dependency>
代码如下
private static final String CHARSET = "utf-8";
/**
* pkcs8私钥文件转化为pkcs1私钥文件
* @param pkcs8Key
* @param pkcs1KeyFilePath
* @param pkcs1KeyFileName
* @return
* @throws Exception
*/
public static File formatPkcs8ToPkcs1(File pkcs8Key,String pkcs1KeyFilePath,String pkcs1KeyFileName) throws Exception {
PemObject object = null;
try (PemReader pemReader = new PemReader(new FileReader(pkcs8Key))){
object = pemReader.readPemObject();
}
/**将私钥从PKCS8转换为PKCS1**/
PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(object.getContent());
ASN1Encodable encodable = pkInfo.parsePrivateKey();
ASN1Primitive primitive = encodable.toASN1Primitive();
byte[] privateKeyPKCS1 = primitive.getEncoded();
/**将PKCS1中的私钥转换为PEM**/
PemObject pemObject = new PemObject("RSA PRIVATE KEY", privateKeyPKCS1);
try(StringWriter stringWriter = new StringWriter()){
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.flush();
String pemString = stringWriter.toString();
File pem = new File(pkcs1KeyFilePath, pkcs1KeyFileName);
FileUtils.writeStringToFile(pem, pemString, CHARSET);
return pem;
}
}
方法3:通过hutool实现
该实现方法通过hutool读取秘钥文件,既没有降低代码复杂度,也没有减少jar包依赖,并不推荐使用。
jar版本
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.8</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.72</version>
</dependency>
代码如下
private static final String CHARSET = "utf-8";
/**
* pkcs8私钥转化为pkcs1私钥
* @param pkcs8Key
* @param pkcs1KeyFilePath
* @param pkcs1KeyFileName
* @return
* @throws Exception
*/
public static File formatPkcs8ToPkcs1ByHutool(File pkcs8Key,String pkcs1KeyFilePath,String pkcs1KeyFileName) throws Exception {
PrivateKey privKeyInfo = PemUtil.readPemPrivateKey(new FileInputStream(pkcs8Key));
/**将私钥从PKCS8转换为PKCS1**/
PrivateKeyInfo pkInfo = PrivateKeyInfo.getInstance(privKeyInfo.getEncoded());
ASN1Encodable encodable = pkInfo.parsePrivateKey();
ASN1Primitive primitive = encodable.toASN1Primitive();
byte[] privateKeyPKCS1 = primitive.getEncoded();
/**将PKCS1中的私钥转换为PEM**/
PemObject pemObject = new PemObject("RSA PRIVATE KEY", privateKeyPKCS1);
try(StringWriter stringWriter = new StringWriter()){
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.flush();
String pemString = stringWriter.toString();
File pem = new File(pkcs1KeyFilePath, pkcs1KeyFileName);
FileUtils.writeStringToFile(pem, pemString, CHARSET);
return pem;
}
}
pkcs1私钥转pkcs8私钥
方法1:使用OpenSSL工具转化
openssl pkcs8 -topk8 -inform PEM -in rsa_private_key_pkcs1.pem -outform PEM -out rsa_private_key_pkcs8.pem -nocrypt
命令执行完后,当前文件目录下将会出现一个名为rsa_private_key_pkcs8.pem的文件,即为pkcs8格式。
方法2:通过代码实现
jar包版本
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.72</version>
</dependency>
代码如下
private static final String CHARSET = "utf-8";
/***
静态代码块创建Bouncy Castle提供者
*/
static{
org.bouncycastle.jce.provider.BouncyCastleProvider provider = new org.bouncycastle.jce.provider.BouncyCastleProvider();
Security.addProvider(provider);
}
/**
* pkcs1私钥转化为pkcs8私钥
* @param pkcs1Key
* @param pkcs8KeyFilePath
* @param pkcs8KeyFileName
* @return
* @throws Exception
*/
public static File formatPkcs1ToPkcs8(File pkcs1Key,String pkcs8KeyFilePath,String pkcs8KeyFileName) throws Exception {
PemObject object = null;
try (PemReader pemReader = new PemReader(new FileReader(pkcs1Key))){
object = pemReader.readPemObject();
}
PrivateKey privKeyInfo = KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(object.getContent()));
/**将PKCS8中的私钥转换为PEM**/
PemObject pemObject = new PemObject("PRIVATE KEY", privKeyInfo.getEncoded());
try(StringWriter stringWriter = new StringWriter()){
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.flush();
String pemString = stringWriter.toString();
File pem = new File(pkcs8KeyFilePath, pkcs8KeyFileName);
FileUtils.writeStringToFile(pem, pemString, CHARSET);
return pem;
}
}
方法3:通过第三方工具集hutool实现
hutool在5.8.5版本已经提供对pkcs#1格式秘钥的支持。
jar版本
<dependency>
<groupId>cn.hutool</groupId>
<artifactId>hutool-all</artifactId>
<version>5.8.8</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk18on</artifactId>
<version>1.72</version>
</dependency>
代码如下
private static final String CHARSET = "utf-8";
/**
* pkcs1私钥转化为pkcs8私钥
* @param pkcs1Key
* @param pkcs8KeyFilePath
* @param pkcs8KeyFileName
* @return
* @throws Exception
*/
public static File formatPkcs1ToPkcs8ByHutool(File pkcs1Key,String pkcs8KeyFilePath,String pkcs8KeyFileName) throws Exception {
PrivateKey privKeyInfo = PemUtil.readPemPrivateKey(new FileInputStream(pkcs1Key));
/**将PKCS8中的私钥转换为PEM**/
PemObject pemObject = new PemObject("PRIVATE KEY", privKeyInfo.getEncoded());
try(StringWriter stringWriter = new StringWriter()){
PemWriter pemWriter = new PemWriter(stringWriter);
pemWriter.writeObject(pemObject);
pemWriter.flush();
String pemString = stringWriter.toString();
File pem = new File(pkcs8KeyFilePath, pkcs8KeyFileName);
FileUtils.writeStringToFile(pem, pemString, CHARSET);
return pem;
}
}