public class KeyUtil extends Object
包括:
1、生成密钥(单密钥、密钥对) 2、读取密钥文件
Modifier and Type | Field and Description |
---|---|
static int |
DEFAULT_KEY_SIZE
默认密钥字节数
RSA/DSA
Default Keysize 1024
Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
|
Constructor and Description |
---|
KeyUtil() |
Modifier and Type | Method and Description |
---|---|
static PrivateKey |
decodeECPrivateKey(byte[] encodeByte,
String curveName)
解码恢复EC私钥,支持Base64和Hex编码,(基于BouncyCastle)
|
static PrivateKey |
decodeECPrivateKey(String encode,
String curveName)
解码恢复EC私钥,支持Base64和Hex编码,(基于BouncyCastle)
|
static PublicKey |
decodeECPublicKey(byte[] encodeByte,
String curveName)
解码恢复EC压缩公钥,支持Base64和Hex编码,(基于BouncyCastle)
见:... |
static PublicKey |
decodeECPublicKey(String encode,
String curveName)
解码恢复EC压缩公钥,支持Base64和Hex编码,(基于BouncyCastle)
见:... |
static byte[] |
encodeECPrivateKey(PrivateKey privateKey)
编码压缩EC私钥(基于BouncyCastle)
|
static byte[] |
encodeECPublicKey(PublicKey publicKey)
编码压缩EC公钥(基于BouncyCastle)
见:... |
static SecretKey |
generateDESKey(String algorithm,
byte[] key)
生成
SecretKey |
static SecretKey |
generateKey(String algorithm)
生成
SecretKey ,仅用于对称加密和摘要算法密钥生成 |
static SecretKey |
generateKey(String algorithm,
byte[] key)
生成
SecretKey ,仅用于对称加密和摘要算法密钥生成 |
static SecretKey |
generateKey(String algorithm,
int keySize)
生成
SecretKey ,仅用于对称加密和摘要算法密钥生成当指定keySize<0时,AES默认长度为128,其它算法不指定。 |
static SecretKey |
generateKey(String algorithm,
int keySize,
SecureRandom random)
生成
SecretKey ,仅用于对称加密和摘要算法密钥生成当指定keySize<0时,AES默认长度为128,其它算法不指定。 |
static SecretKey |
generateKey(String algorithm,
KeySpec keySpec)
生成
SecretKey ,仅用于对称加密和摘要算法 |
static KeyPair |
generateKeyPair(String algorithm)
生成用于非对称加密的公钥和私钥,仅用于非对称加密
密钥对生成算法见:... |
static KeyPair |
generateKeyPair(String algorithm,
AlgorithmParameterSpec params)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:... |
static KeyPair |
generateKeyPair(String algorithm,
byte[] seed,
AlgorithmParameterSpec param)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:... |
static KeyPair |
generateKeyPair(String algorithm,
int keySize)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:... |
static KeyPair |
generateKeyPair(String algorithm,
int keySize,
byte[] seed)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:... |
static KeyPair |
generateKeyPair(String algorithm,
int keySize,
byte[] seed,
AlgorithmParameterSpec... params)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:... |
static KeyPair |
generateKeyPair(String algorithm,
int keySize,
SecureRandom random,
AlgorithmParameterSpec... params)
生成用于非对称加密的公钥和私钥
密钥对生成算法见:... |
static SecretKey |
generatePBEKey(String algorithm,
char[] password)
生成PBE
SecretKey |
static PrivateKey |
generatePrivateKey(KeyStore keyStore,
String alias,
char[] password)
生成私钥,仅用于非对称加密
|
static PrivateKey |
generatePrivateKey(String algorithm,
byte[] key)
|
static PrivateKey |
generatePrivateKey(String algorithm,
KeySpec keySpec)
生成私钥,仅用于非对称加密
算法见:... |
static PublicKey |
generatePublicKey(String algorithm,
byte[] key)
|
static PublicKey |
generatePublicKey(String algorithm,
KeySpec keySpec)
生成公钥,仅用于非对称加密
算法见:... |
static PrivateKey |
generateRSAPrivateKey(byte[] key)
|
static PublicKey |
generateRSAPublicKey(byte[] key)
|
static String |
getAlgorithmAfterWith(String algorithm)
获取用于密钥生成的算法
获取XXXwithXXX算法的后半部分算法,如果为ECDSA或SM2,返回算法为EC |
static KeyFactory |
getKeyFactory(String algorithm)
|
static KeyGenerator |
getKeyGenerator(String algorithm)
|
static KeyPair |
getKeyPair(KeyStore keyStore,
char[] password,
String alias)
从KeyStore中获取私钥公钥
|
static KeyPair |
getKeyPair(String type,
InputStream in,
char[] password,
String alias)
从KeyStore中获取私钥公钥
|
static KeyPairGenerator |
getKeyPairGenerator(String algorithm)
|
static String |
getMainAlgorithm(String algorithm)
获取主体算法名,例如RSA/ECB/PKCS1Padding的主体算法是RSA
|
static PublicKey |
getRSAPublicKey(BigInteger modulus,
BigInteger publicExponent)
获得RSA公钥对象
|
static PublicKey |
getRSAPublicKey(PrivateKey privateKey)
通过RSA私钥生成RSA公钥
|
static PublicKey |
getRSAPublicKey(String modulus,
String publicExponent)
获得RSA公钥对象
|
static SecretKeyFactory |
getSecretKeyFactory(String algorithm)
|
static boolean |
isEmpty(KeyPair keyPair)
|
static PublicKey |
readPublicKeyFromCert(InputStream in)
|
static String |
toBase64(Key key)
将密钥编码为Base64格式
|
public static final int DEFAULT_KEY_SIZE
RSA/DSA Default Keysize 1024 Keysize must be a multiple of 64, ranging from 512 to 1024 (inclusive).
public static String toBase64(Key key)
key
- 密钥public static SecretKey generateKey(String algorithm)
SecretKey
,仅用于对称加密和摘要算法密钥生成algorithm
- 算法,支持PBE算法SecretKey
public static SecretKey generateKey(String algorithm, int keySize)
SecretKey
,仅用于对称加密和摘要算法密钥生成algorithm
- 算法,支持PBE算法keySize
- 密钥长度,<0表示不设定密钥长度,即使用默认长度SecretKey
public static SecretKey generateKey(String algorithm, int keySize, SecureRandom random)
SecretKey
,仅用于对称加密和摘要算法密钥生成algorithm
- 算法,支持PBE算法keySize
- 密钥长度,<0表示不设定密钥长度,即使用默认长度random
- 随机数生成器,null表示默认SecretKey
public static SecretKey generateKey(String algorithm, byte[] key)
SecretKey
,仅用于对称加密和摘要算法密钥生成algorithm
- 算法key
- 密钥,如果为null
自动生成随机密钥SecretKey
public static SecretKey generateDESKey(String algorithm, byte[] key)
SecretKey
algorithm
- DES算法,包括DES、DESede等key
- 密钥SecretKey
public static SecretKey generatePBEKey(String algorithm, char[] password)
SecretKey
algorithm
- PBE算法,包括:PBEWithMD5AndDES、PBEWithSHA1AndDESede、PBEWithSHA1AndRC2_40等password
- 口令SecretKey
public static SecretKey generateKey(String algorithm, KeySpec keySpec)
SecretKey
,仅用于对称加密和摘要算法public static KeyGenerator getKeyGenerator(String algorithm)
algorithm
- 对称加密算法KeyGenerator
public static PrivateKey generateRSAPrivateKey(byte[] key)
key
- 密钥,必须为DER编码存储PrivateKey
public static PrivateKey generatePrivateKey(String algorithm, byte[] key)
algorithm
- 算法,如RSA、EC、SM2等key
- 密钥,PKCS#8格式PrivateKey
public static PrivateKey generatePrivateKey(String algorithm, KeySpec keySpec)
algorithm
- 算法,如RSA、EC、SM2等keySpec
- KeySpec
PrivateKey
public static PrivateKey generatePrivateKey(KeyStore keyStore, String alias, char[] password)
keyStore
- KeyStore
alias
- 别名password
- 密码PrivateKey
public static PublicKey generateRSAPublicKey(byte[] key)
key
- 密钥,必须为DER编码存储PublicKey
public static PublicKey generatePublicKey(String algorithm, byte[] key)
algorithm
- 算法key
- 密钥,必须为DER编码存储PublicKey
public static PublicKey generatePublicKey(String algorithm, KeySpec keySpec)
public static PublicKey getRSAPublicKey(PrivateKey privateKey)
privateKey
- RSA私钥public static PublicKey getRSAPublicKey(String modulus, String publicExponent)
modulus
- ModuluspublicExponent
- Public Exponentpublic static PublicKey getRSAPublicKey(BigInteger modulus, BigInteger publicExponent)
modulus
- ModuluspublicExponent
- Public Exponentpublic static boolean isEmpty(KeyPair keyPair)
KeyPair
是否为空,空的条件是:
null
KeyPair.getPrivate()
和KeyPair.getPublic()
都为null
keyPair
- 密钥对public static KeyPair generateKeyPair(String algorithm)
algorithm
- 非对称加密算法KeyPair
public static KeyPair generateKeyPair(String algorithm, int keySize)
algorithm
- 非对称加密算法keySize
- 密钥模(modulus )长度KeyPair
public static KeyPair generateKeyPair(String algorithm, int keySize, byte[] seed)
algorithm
- 非对称加密算法keySize
- 密钥模(modulus )长度seed
- 种子KeyPair
public static KeyPair generateKeyPair(String algorithm, AlgorithmParameterSpec params)
algorithm
- 非对称加密算法params
- AlgorithmParameterSpec
KeyPair
public static KeyPair generateKeyPair(String algorithm, byte[] seed, AlgorithmParameterSpec param)
algorithm
- 非对称加密算法param
- AlgorithmParameterSpec
seed
- 种子KeyPair
public static KeyPair generateKeyPair(String algorithm, int keySize, byte[] seed, AlgorithmParameterSpec... params)
对于非对称加密算法,密钥长度有严格限制,具体如下:
RSA:
RS256、PS256:2048 bits RS384、PS384:3072 bits RS512、RS512:4096 bits
EC(Elliptic Curve):
EC256:256 bits EC384:384 bits EC512:512 bits
algorithm
- 非对称加密算法keySize
- 密钥模(modulus )长度(单位bit)seed
- 种子params
- AlgorithmParameterSpec
KeyPair
public static KeyPair generateKeyPair(String algorithm, int keySize, SecureRandom random, AlgorithmParameterSpec... params)
对于非对称加密算法,密钥长度有严格限制,具体如下:
RSA:
RS256、PS256:2048 bits RS384、PS384:3072 bits RS512、RS512:4096 bits
EC(Elliptic Curve):
EC256:256 bits EC384:384 bits EC512:512 bits
algorithm
- 非对称加密算法keySize
- 密钥模(modulus )长度(单位bit)random
- SecureRandom
对象,创建时可选传入seedparams
- AlgorithmParameterSpec
KeyPair
public static KeyPair getKeyPair(String type, InputStream in, char[] password, String alias)
type
- 类型in
- InputStream
如果想从文件读取.keystore文件,使用 FileUtil.getInputStream(java.io.File)
读取password
- 密码alias
- 别名KeyPair
public static KeyPair getKeyPair(KeyStore keyStore, char[] password, String alias)
public static KeyPairGenerator getKeyPairGenerator(String algorithm)
algorithm
- 非对称加密算法KeyPairGenerator
public static KeyFactory getKeyFactory(String algorithm)
algorithm
- 非对称加密算法KeyFactory
public static SecretKeyFactory getSecretKeyFactory(String algorithm)
algorithm
- 对称加密算法KeyFactory
public static String getMainAlgorithm(String algorithm)
algorithm
- XXXwithXXX算法public static String getAlgorithmAfterWith(String algorithm)
algorithm
- XXXwithXXX算法public static PublicKey readPublicKeyFromCert(InputStream in)
in
- InputStream
如果想从文件读取.cer文件,使用 FileUtil.getInputStream(File)
读取KeyStore
public static byte[] encodeECPrivateKey(PrivateKey privateKey)
privateKey
- PrivateKey
,必须为org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKeypublic static PrivateKey decodeECPrivateKey(String encode, String curveName)
encode
- 私钥curveName
- EC曲线名public static PrivateKey decodeECPrivateKey(byte[] encodeByte, String curveName)
encodeByte
- 私钥curveName
- EC曲线名public static byte[] encodeECPublicKey(PublicKey publicKey)
publicKey
- PublicKey
,必须为org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPublicKeypublic static PublicKey decodeECPublicKey(String encode, String curveName)
encode
- 压缩公钥curveName
- EC曲线名Copyright © 2025. All rights reserved.