不想存储p12证书内容,只想存储证书密钥,可通过以下2種方式实现
一、通過java读取证书的密钥出来:
1 package com.zat.ucop.service.util; 2 3 import org.apache.commons.codec.binary.Base64; 4 5 import java.io.FileInputStream; 6 import java.io.IOException; 7 import java.security.*; 8 import java.security.cert.Certificate; 9 import java.security.cert.CertificateException; 10 import java.util.Enumeration; 11 12 /** 13 * 读取P12格式证书的密钥. 14 * 15 * @author weixiong.cao 16 * @date 2019/4/3 17 */ 18 public class ReadP12Demo { 19 20 public static void main(String[] args) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException { 21 String keyStorePath = "E:/client_01.p12"; 22 String password = "123456"; 23 24 // 实例化密钥库,默认JKS类型 25 KeyStore ks = KeyStore.getInstance("PKCS12"); 26 // 获得密钥库文件流 27 FileInputStream is = new FileInputStream(keyStorePath); 28 // 加载密钥库 29 ks.load(is, password.toCharArray()); 30 // 关闭密钥库文件流 31 is.close(); 32 33 //私钥 34 Enumeration aliases = ks.aliases(); 35 String keyAlias = null; 36 if (aliases.hasMoreElements()){ 37 keyAlias = (String)aliases.nextElement(); 38 System.out.println("p12's alias----->"+keyAlias); 39 } 40 PrivateKey privateKey = (PrivateKey) ks.getKey(keyAlias, password.toCharArray()); 41 String privateKeyStr = Base64.encodeBase64String(privateKey.getEncoded()); 42 System.out.println("私钥------------->" + privateKeyStr); 43 44 //公钥 45 Certificate certificate = ks.getCertificate(keyAlias); 46 String publicKeyStr = Base64.encodeBase64String(certificate.getPublicKey().getEncoded()); 47 System.out.println("公钥------------->"+publicKeyStr); 48 } 49 }
二、通過openssl命令讀取
進入linux控制臺,輸入以下命令
openssl pkcs12 -in ./client_01.p12 -nocerts -nodes -out ./priKey.prikey
會在指定目錄下生成1個priKey.prikey,我們在提取裏面的內容: