1. 首页
  2. 问答
  3. 使用ECDSA密钥时获取签名的x509

使用ECDSA密钥时获取签名的x509

2010-03-11 133 views
4

我正在尝试签署一些X509证书。我的根私钥是ECDSA secp384r1。我正在使用充气城堡。看起来会发生的是,当生成证书签名时,所使用的Signature类无法理解我的ECDSA密钥。使用ECDSA密钥时获取签名的x509

生成的代码如下:

X509V3CertificateGenerator v3CertGen = new X509V3CertificateGenerator(); 
    v3CertGen.setSerialNumber(BigInteger.valueOf(serialNumber)); 
    v3CertGen.setIssuerDN(issuerPrincipal); 
    v3CertGen.setNotBefore(notBefore); 
    v3CertGen.setNotAfter(notAfter); 
    v3CertGen.setSubjectDN(subjectDN); 
    v3CertGen.setPublicKey(publicKey); 
    v3CertGen.setSignatureAlgorithm(CERT_SIGNATURE_ALGORITHM); // this is ECDSAWITHSHA1 
    X509Certificate cert = v3CertGen.generate(privateKey, BOUNCY_CASTLE_PROVIDER); // "BC"

从这个输出是:

java.security.InvalidKeyException: can't identify DSA private key. 
    at org.bouncycastle.jce.provider.DSAUtil.generatePrivateKeyParameter(Unknown Source) 
    at org.bouncycastle.jce.provider.JDKDSASigner.engineInitSign(Unknown Source) 
    at java.security.Signature.initSign(Signature.java:480) 
    at org.bouncycastle.x509.X509Util.calculateSignature(Unknown Source) 
    at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source) 
    at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source) 
    at com.snip.utils.CertificateUtility.generateAndSignCertificate(CertificateUtility.java:147)

通过阅读BouncyCastle的源代码,我已经跟踪这个问题,并具有下列重现代码片段:

Signature sig = Signature.getInstance(CERT_SIGNATURE_ALGORITHM, BOUNCY_CASTLE_PROVIDER); 
System.out.println(sig.getAlgorithm()); 
System.out.println(sig.toString()); 
System.out.println(sig.getClass().getName()); 
try 
{ 
    sig.initSign(privateKey); 
    System.out.println(sig.toString()); 
} catch (Exception e) { 
    e.printStackTrace(); 
}

它产生的输出:

SHA1withECDSA 
Signature object: SHA1withECDSA<not initialized> 
org.bouncycastle.jce.provider.JDKDSASigner$ecDSA 
java.security.InvalidKeyException: can't identify DSA private key. 
     at org.bouncycastle.jce.provider.DSAUtil.generatePrivateKeyParameter(Unknown Source) 
     at org.bouncycastle.jce.provider.JDKDSASigner.engineInitSign(Unknown Source) 
     at java.security.Signature.initSign(Signature.java:480) 
     at com.snip.utils.CertificateUtility.<init>(CertificateUtility.java:99)

问题是我完全失去了这一点。我不知道如何让证书生成器给我一个签名证书。有没有人知道我做错了什么?

来源

2010-03-11 laura

回答

2

我将它追溯到一些旧的罐子里,这些罐子还没有从POM中删除,并导致Bouncycastle分类的错误版本被使用。

来源

2010-03-11 10:51:58 laura

相关问题

 相关问题