public class KeyUtil extends Object
包括:
1、生成密钥(单密钥、密钥对) 2、读取密钥文件
| Modifier and Type | Field and Description |
|---|---|
static String |
CERT_TYPE_X509
Certification类型:X.509
|
static int |
DEFAULT_KEY_SIZE
默认密钥字节数
RSA/DSA
Default Keysize 1024
Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
|
static String |
KEY_TYPE_JCEKS
jceks
|
static String |
KEY_TYPE_JKS
Java密钥库(Java Key Store,JKS)KEY_STORE
|
static String |
KEY_TYPE_PKCS12
PKCS12是公钥加密标准,它规定了可包含所有私钥、公钥和证书。
|
static String |
SM2_DEFAULT_CURVE
SM2默认曲线
Default SM2 curve
|
| Constructor and Description |
|---|
KeyUtil() |
| Modifier and Type | Method and Description |
|---|---|
static PublicKey |
decodeECPoint(byte[] encodeByte,
String curveName)
解码恢复EC压缩公钥,支持Base64和Hex编码,(基于BouncyCastle)
见:https://www.cnblogs.com/xinzhao/p/8963724.html |
static PublicKey |
decodeECPoint(String encode,
String curveName)
解码恢复EC压缩公钥,支持Base64和Hex编码,(基于BouncyCastle)
见:https://www.cnblogs.com/xinzhao/p/8963724.html |
static byte[] |
encodeECPublicKey(PublicKey publicKey)
编码压缩EC公钥(基于BouncyCastle)
见:https://www.cnblogs.com/xinzhao/p/8963724.html |
static SecretKey |
generateDESKey(String algorithm,
byte[] key)
生成
SecretKey |
static SecretKey |
generateKey(String algorithm)
生成
SecretKey,仅用于对称加密和摘要算法密钥生成 |
static SecretKey |
generateKey(String algorithm,
byte[] key)
生成
SecretKey,仅用于对称加密和摘要算法密钥生成 |
static SecretKey |
generateKey(String algorithm,
int keySize)
生成
SecretKey,仅用于对称加密和摘要算法密钥生成当指定keySize<0时,AES默认长度为128,其它算法不指定。 |
static SecretKey |
generateKey(String algorithm,
int keySize,
SecureRandom random)
生成
SecretKey,仅用于对称加密和摘要算法密钥生成当指定keySize<0时,AES默认长度为128,其它算法不指定。 |
static SecretKey |
generateKey(String algorithm,
KeySpec keySpec)
生成
SecretKey,仅用于对称加密和摘要算法 |
static KeyPair |
generateKeyPair(String algorithm)
生成用于非对称加密的公钥和私钥,仅用于非对称加密
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator |
static KeyPair |
generateKeyPair(String algorithm,
AlgorithmParameterSpec params)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator |
static KeyPair |
generateKeyPair(String algorithm,
byte[] seed,
AlgorithmParameterSpec param)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator |
static KeyPair |
generateKeyPair(String algorithm,
int keySize)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator |
static KeyPair |
generateKeyPair(String algorithm,
int keySize,
byte[] seed)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator |
static KeyPair |
generateKeyPair(String algorithm,
int keySize,
byte[] seed,
AlgorithmParameterSpec... params)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator 对于非对称加密算法,密钥长度有严格限制,具体如下: RSA: RS256、PS256:2048 bits RS384、PS384:3072 bits RS512、RS512:4096 bits EC(Elliptic Curve): EC256:256 bits EC384:384 bits EC512:512 bits |
static KeyPair |
generateKeyPair(String algorithm,
int keySize,
SecureRandom random,
AlgorithmParameterSpec... params)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyPairGenerator 对于非对称加密算法,密钥长度有严格限制,具体如下: RSA: RS256、PS256:2048 bits RS384、PS384:3072 bits RS512、RS512:4096 bits EC(Elliptic Curve): EC256:256 bits EC384:384 bits EC512:512 bits |
static SecretKey |
generatePBEKey(String algorithm,
char[] key)
生成PBE
SecretKey |
static PrivateKey |
generatePrivateKey(KeyStore keyStore,
String alias,
char[] password)
生成私钥,仅用于非对称加密
|
static PrivateKey |
generatePrivateKey(String algorithm,
byte[] key)
生成私钥,仅用于非对称加密
采用PKCS#8规范,此规范定义了私钥信息语法和加密私钥语法 算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyFactory |
static PrivateKey |
generatePrivateKey(String algorithm,
KeySpec keySpec)
生成私钥,仅用于非对称加密
算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyFactory |
static PublicKey |
generatePublicKey(String algorithm,
byte[] key)
生成公钥,仅用于非对称加密
采用X509证书规范 算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyFactory |
static PublicKey |
generatePublicKey(String algorithm,
KeySpec keySpec)
生成公钥,仅用于非对称加密
算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyFactory |
static PrivateKey |
generateRSAPrivateKey(byte[] key)
生成RSA私钥,仅用于非对称加密
采用PKCS#8规范,此规范定义了私钥信息语法和加密私钥语法 算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyFactory |
static PrivateKey |
generateRSAPrivateKey(KeySpec keySpec)
生成RSA私钥,仅用于非对称加密
算法见:... |
static PrivateKey |
generateRSAPrivateKey(String key)
生成RSA私钥,仅用于非对称加密
算法见:...
|
static PublicKey |
generateRSAPublicKey(byte[] key)
生成RSA公钥,仅用于非对称加密
采用X509证书规范 算法见:https://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#KeyFactory |
static String |
getAlgorithmAfterWith(String algorithm)
获取用于密钥生成的算法
获取XXXwithXXX算法的后半部分算法,如果为ECDSA或SM2,返回算法为EC |
static Certificate |
getCertificate(KeyStore keyStore,
String alias)
获得 Certification
|
static CertificateFactory |
getCertificateFactory(String type)
|
static KeyFactory |
getKeyFactory(String algorithm)
|
static KeyGenerator |
getKeyGenerator(String algorithm)
|
static KeyPair |
getKeyPair(KeyStore keyStore,
char[] password,
String alias)
从KeyStore中获取私钥公钥
|
static KeyPair |
getKeyPair(String type,
InputStream in,
char[] password,
String alias)
从KeyStore中获取私钥公钥
|
static KeyPairGenerator |
getKeyPairGenerator(String algorithm)
|
static KeyStore |
getKeyStore(String type)
获取
KeyStore对象 |
static String |
getMainAlgorithm(String algorithm)
获取主体算法名,例如RSA/ECB/PKCS1Padding的主体算法是RSA
|
static PublicKey |
getRSAPublicKey(BigInteger modulus,
BigInteger publicExponent)
获得RSA公钥对象
|
static PublicKey |
getRSAPublicKey(PrivateKey privateKey)
通过RSA私钥生成RSA公钥
|
static PublicKey |
getRSAPublicKey(String modulus,
String publicExponent)
获得RSA公钥对象
|
static SecretKeyFactory |
getSecretKeyFactory(String algorithm)
|
static Certificate |
readCertificate(String type,
InputStream in)
读取Certification文件
Certification为证书文件 see: http://snowolf.iteye.com/blog/391931 |
static Certificate |
readCertificate(String type,
InputStream in,
char[] password,
String alias)
读取Certification文件
Certification为证书文件 see: http://snowolf.iteye.com/blog/391931 |
static KeyStore |
readJKSKeyStore(File keyFile,
char[] password)
读取密钥库(Java Key Store,JKS) KeyStore文件
KeyStore文件用于数字证书的密钥对保存 see: http://snowolf.iteye.com/blog/391931 |
static KeyStore |
readJKSKeyStore(InputStream in,
char[] password)
读取密钥库(Java Key Store,JKS) KeyStore文件
KeyStore文件用于数字证书的密钥对保存 see: http://snowolf.iteye.com/blog/391931 |
static KeyStore |
readKeyStore(String type,
File keyFile,
char[] password)
读取KeyStore文件
KeyStore文件用于数字证书的密钥对保存 see: http://snowolf.iteye.com/blog/391931 |
static KeyStore |
readKeyStore(String type,
InputStream in,
char[] password)
读取KeyStore文件
KeyStore文件用于数字证书的密钥对保存 see: http://snowolf.iteye.com/blog/391931 |
static KeyStore |
readPKCS12KeyStore(File keyFile,
char[] password)
读取PKCS12 KeyStore文件
KeyStore文件用于数字证书的密钥对保存 |
static KeyStore |
readPKCS12KeyStore(InputStream in,
char[] password)
读取PKCS12 KeyStore文件
KeyStore文件用于数字证书的密钥对保存 |
static PublicKey |
readPublicKeyFromCert(InputStream in)
读取X.509 Certification文件中的公钥
Certification为证书文件 see: https://www.cnblogs.com/yinliang/p/10115519.html |
static Certificate |
readX509Certificate(InputStream in)
读取X.509 Certification文件
Certification为证书文件 see: http://snowolf.iteye.com/blog/391931 |
static Certificate |
readX509Certificate(InputStream in,
char[] password,
String alias)
读取X.509 Certification文件
Certification为证书文件 see: http://snowolf.iteye.com/blog/391931 |
static String |
toBase64(Key key)
将密钥编码为Base64格式
|
public static final String KEY_TYPE_JKS
public static final String KEY_TYPE_JCEKS
public static final String KEY_TYPE_PKCS12
public static final String CERT_TYPE_X509
public static final int DEFAULT_KEY_SIZE
RSA/DSA Default Keysize 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
public static final String SM2_DEFAULT_CURVE
Default SM2 curve
public static SecretKey generateKey(String algorithm)
SecretKey,仅用于对称加密和摘要算法密钥生成algorithm - 算法,支持PBE算法SecretKeypublic static SecretKey generateKey(String algorithm, int keySize)
SecretKey,仅用于对称加密和摘要算法密钥生成algorithm - 算法,支持PBE算法keySize - 密钥长度,<0表示不设定密钥长度,即使用默认长度SecretKeypublic static SecretKey generateKey(String algorithm, int keySize, SecureRandom random)
SecretKey,仅用于对称加密和摘要算法密钥生成algorithm - 算法,支持PBE算法keySize - 密钥长度,<0表示不设定密钥长度,即使用默认长度random - 随机数生成器,null表示默认SecretKeypublic static SecretKey generateKey(String algorithm, byte[] key)
SecretKey,仅用于对称加密和摘要算法密钥生成algorithm - 算法key - 密钥,如果为null 自动生成随机密钥SecretKeypublic static SecretKey generateDESKey(String algorithm, byte[] key)
SecretKeyalgorithm - DES算法,包括DES、DESede等key - 密钥SecretKeypublic static SecretKey generatePBEKey(String algorithm, char[] key)
SecretKeyalgorithm - PBE算法,包括:PBEWithMD5AndDES、PBEWithSHA1AndDESede、PBEWithSHA1AndRC2_40等key - 密钥SecretKeypublic static SecretKey generateKey(String algorithm, KeySpec keySpec)
SecretKey,仅用于对称加密和摘要算法public static PrivateKey generateRSAPrivateKey(String key)
key - 密钥,支持XML和Base64两种格式,XML为C#生成格式,见SpecUtil.xmlToRSAPrivateCrtKeySpec(String)PrivateKeypublic static PrivateKey generateRSAPrivateKey(byte[] key)
key - 密钥,必须为DER编码存储PrivateKeypublic static PrivateKey generateRSAPrivateKey(KeySpec keySpec)
keySpec - KeySpecPrivateKeypublic static PrivateKey generatePrivateKey(String algorithm, byte[] key)
algorithm - 算法,如RSA、EC、SM2等key - 密钥,PKCS#8格式PrivateKeypublic static PrivateKey generatePrivateKey(String algorithm, KeySpec keySpec)
algorithm - 算法,如RSA、EC、SM2等keySpec - KeySpecPrivateKeypublic static PrivateKey generatePrivateKey(KeyStore keyStore, String alias, char[] password)
keyStore - KeyStorealias - 别名password - 密码PrivateKeypublic static PublicKey generateRSAPublicKey(byte[] key)
key - 密钥,必须为DER编码存储PublicKeypublic static PublicKey generatePublicKey(String algorithm, byte[] key)
algorithm - 算法key - 密钥,必须为DER编码存储PublicKeypublic static PublicKey generatePublicKey(String algorithm, KeySpec keySpec)
public static KeyPair generateKeyPair(String algorithm)
algorithm - 非对称加密算法KeyPairpublic static KeyPair generateKeyPair(String algorithm, int keySize)
algorithm - 非对称加密算法keySize - 密钥模(modulus )长度KeyPairpublic static KeyPair generateKeyPair(String algorithm, int keySize, byte[] seed)
algorithm - 非对称加密算法keySize - 密钥模(modulus )长度seed - 种子KeyPairpublic static KeyPair generateKeyPair(String algorithm, AlgorithmParameterSpec params)
algorithm - 非对称加密算法params - AlgorithmParameterSpecKeyPairpublic static KeyPair generateKeyPair(String algorithm, byte[] seed, AlgorithmParameterSpec param)
algorithm - 非对称加密算法param - AlgorithmParameterSpecseed - 种子KeyPairpublic static KeyPair generateKeyPair(String algorithm, int keySize, byte[] seed, AlgorithmParameterSpec... params)
对于非对称加密算法,密钥长度有严格限制,具体如下:
RSA:
RS256、PS256:2048 bits RS384、PS384:3072 bits RS512、RS512:4096 bits
EC(Elliptic Curve):
EC256:256 bits EC384:384 bits EC512:512 bits
algorithm - 非对称加密算法keySize - 密钥模(modulus )长度(单位bit)seed - 种子params - AlgorithmParameterSpecKeyPairpublic static KeyPair generateKeyPair(String algorithm, int keySize, SecureRandom random, AlgorithmParameterSpec... params)
对于非对称加密算法,密钥长度有严格限制,具体如下:
RSA:
RS256、PS256:2048 bits RS384、PS384:3072 bits RS512、RS512:4096 bits
EC(Elliptic Curve):
EC256:256 bits EC384:384 bits EC512:512 bits
algorithm - 非对称加密算法keySize - 密钥模(modulus )长度(单位bit)random - SecureRandom 对象,创建时可选传入seedparams - AlgorithmParameterSpecKeyPairpublic static KeyPairGenerator getKeyPairGenerator(String algorithm)
algorithm - 非对称加密算法KeyPairGeneratorpublic static KeyFactory getKeyFactory(String algorithm)
algorithm - 非对称加密算法KeyFactorypublic static SecretKeyFactory getSecretKeyFactory(String algorithm)
algorithm - 对称加密算法KeyFactorypublic static KeyGenerator getKeyGenerator(String algorithm)
algorithm - 对称加密算法KeyGeneratorpublic static String getMainAlgorithm(String algorithm)
algorithm - XXXwithXXX算法public static String getAlgorithmAfterWith(String algorithm)
algorithm - XXXwithXXX算法public static KeyStore readJKSKeyStore(File keyFile, char[] password)
keyFile - 证书文件password - 密码KeyStorepublic static KeyStore readJKSKeyStore(InputStream in, char[] password)
in - InputStream 如果想从文件读取.keystore文件,使用 FileUtil.getInputStream(java.io.File) 读取password - 密码KeyStorepublic static KeyStore readPKCS12KeyStore(File keyFile, char[] password)
keyFile - 证书文件password - 密码KeyStorepublic static KeyStore readPKCS12KeyStore(InputStream in, char[] password)
in - InputStream 如果想从文件读取.keystore文件,使用 FileUtil.getInputStream(java.io.File) 读取password - 密码KeyStorepublic static KeyStore readKeyStore(String type, File keyFile, char[] password)
type - 类型keyFile - 证书文件password - 密码,null表示无密码KeyStorepublic static KeyStore readKeyStore(String type, InputStream in, char[] password)
type - 类型in - InputStream 如果想从文件读取.keystore文件,使用 FileUtil.getInputStream(java.io.File) 读取password - 密码,null表示无密码KeyStorepublic static KeyStore getKeyStore(String type)
KeyStore对象type - 类型KeyStorepublic static KeyPair getKeyPair(String type, InputStream in, char[] password, String alias)
type - 类型in - InputStream 如果想从文件读取.keystore文件,使用 FileUtil.getInputStream(java.io.File) 读取password - 密码alias - 别名KeyPairpublic static KeyPair getKeyPair(KeyStore keyStore, char[] password, String alias)
public static Certificate readX509Certificate(InputStream in, char[] password, String alias)
in - InputStream 如果想从文件读取.cer文件,使用 FileUtil.getInputStream(java.io.File) 读取password - 密码alias - 别名KeyStorepublic static PublicKey readPublicKeyFromCert(InputStream in)
in - InputStream 如果想从文件读取.cer文件,使用 FileUtil.getInputStream(java.io.File) 读取KeyStorepublic static Certificate readX509Certificate(InputStream in)
in - InputStream 如果想从文件读取.cer文件,使用 FileUtil.getInputStream(java.io.File) 读取KeyStorepublic static Certificate readCertificate(String type, InputStream in, char[] password, String alias)
type - 类型,例如X.509in - InputStream 如果想从文件读取.cer文件,使用 FileUtil.getInputStream(java.io.File) 读取password - 密码alias - 别名KeyStorepublic static Certificate readCertificate(String type, InputStream in)
type - 类型,例如X.509in - InputStream 如果想从文件读取.cer文件,使用 FileUtil.getInputStream(java.io.File) 读取Certificatepublic static Certificate getCertificate(KeyStore keyStore, String alias)
keyStore - KeyStorealias - 别名Certificatepublic static CertificateFactory getCertificateFactory(String type)
type - 类型,例如X.509KeyPairGeneratorpublic static byte[] encodeECPublicKey(PublicKey publicKey)
publicKey - PublicKey,必须为org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKeypublic static PublicKey decodeECPoint(String encode, String curveName)
encode - 压缩公钥curveName - EC曲线名public static PublicKey decodeECPoint(byte[] encodeByte, String curveName)
encodeByte - 压缩公钥curveName - EC曲线名public static PublicKey getRSAPublicKey(PrivateKey privateKey)
privateKey - RSA私钥public static PublicKey getRSAPublicKey(String modulus, String publicExponent)
modulus - ModuluspublicExponent - Public Exponentpublic static PublicKey getRSAPublicKey(BigInteger modulus, BigInteger publicExponent)
modulus - ModuluspublicExponent - Public ExponentCopyright © 2025. All rights reserved.