1. Download bcprov-ext-jdk15on-150.jar
http://downloads.bouncycastle.org/java/bcprov-ext-jdk15on-150.jar
2. Confirm that the keytool environment of the system is the jre environment you want to operate
3. Copy bcprov-ext-jdk15on-150.jar to %JRE_HOME%\lib\ext and under %JDK_HOME%\jre\lib\ext
4、修改%JRE_HOME%\lib\security\java.security,与%JDK_HOME%\jre\lib\security\java.security
Add to the end, there are already 10 in front
security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
5. Run below cmd command
keytool -genkey -alias androidbks -keypass 11111111 -keyalg RSA -keysize 1024 -validity 365 -keystore bksserver.keystore -storepass 111111 -dname "cn=runtestuser3, ou=vpn, o=run, c=CN, l=shanghai" -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
6. Generate the bksserver.keystore file in C:\Users\Administrator
7. Generate the private key and certificate of the server and the certificate of the private key of the client, and add the client to the server and the server to trust the client
C:\Users\Administrator>keytool -genkey -alias serverkey -keypass 1993821924 -key alg RSA -keysize 1024 -validity 365 -keystore kserver.keystore -storepass 199382 1924 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider What is your first and last name? [Unknown]: mei What is your organizational unit name? [Unknown]: ccniit What is the name of your organization? [Unknown]: ccniit What is the name of your city or area? [Unknown]: chengdu What is the name of your province/city/autonomous region? [Unknown]: chengdu What is the two-letter country code for this unit? [Unknown]: cn Is CN=mei, OU=ccniit, O=ccniit, L=chengdu, ST=chengdu, C=cn correct? [no]: y C:\Users\Administrator>keytool -export -alias serverkey -keystore kserver.keysto re -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bounc yCastleProvider C:\Users\Administrator>keytool -import -alias serverkey -keystore tclient.keysto re -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bounc yCastleProvider C:\Users\Administrator>keytool -import -genkey -alias clientkey -storetype BKS - provider org.bouncycastle.jce.provider.BouncyCastleProvider C:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystor e -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy CastleProvider C:\Users\Administrator>keytool -genkey -alias clientkey -keystore klient.keystor e -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider C:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystor e -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy CastleProvider C:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysor e tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy CastleProvider C:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysto re tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.Bounc yCastleProvider
Read store file on android
package com.example.ssl; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.URL; import java.security.KeyStore; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManagerFactory; import android.os.Bundle; import android.app.Activity; import android.view.Menu; public class MainActivity extends Activity { private static final int SERVER_PORT = 50030;// port number private static final String SERVER_IP = "218.206.176.146";// 连接IP private static final String CLIENT_KET_PASSWORD = "123456";// Private key password private static final String CLIENT_TRUST_PASSWORD = "123456";// Trust certificate password private static final String CLIENT_AGREEMENT = "TLS";// Use the protocol private static final String CLIENT_KEY_MANAGER = "X509";//Key Manager private static final String CLIENT_TRUST_MANAGER = "X509";// private static final String CLIENT_KEY_KEYSTORE = "BKS";//Secret library, here is the BouncyCastle secret library private static final String CLIENT_TRUST_KEYSTORE = "BKS";// private static final String ENCONDING = "utf-8";// 字符集 SSLSocketFactory sf; @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate (savedInstanceState); setContentView(R.layout.activity_main); try { initKey(); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace (); } } @Override public boolean onCreateOptionsMenu(Menu menu) { // Inflate the menu; this adds items to the action bar if it is present. getMenuInflater().inflate(R.menu.main, menu); return true; } // First initialize the client key and client trust keystore information private void initKey() throws Exception { // Get the SSLContext instance of SSL SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT); // Get an instance of KeyManagerFactory KeyManagerFactory keyManager = KeyManagerFactory .getInstance(CLIENT_KEY_MANAGER); // Get the X509 key manager of the TrustManagerFactory TrustManagerFactory trustManager = TrustManagerFactory .getInstance(CLIENT_TRUST_MANAGER); // Get the BKS secret library instance KeyStore clientKeyStore = KeyStore.getInstance("BKS"); KeyStore trustKeyStore = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE); // Load the certificate and private key, and read the key and trust certificate by reading the resource file (kclient: key; t_client: trust certificate) clientKeyStore.load(getResources().openRawResource(R.raw.tclient), CLIENT_KET_PASSWORD.toCharArray());// kclient: key // t_client: trust certificate trustKeyStore.load(getResources().openRawResource(R.raw.klient), CLIENT_TRUST_PASSWORD.toCharArray()); // Initialize key manager, trust certificate manager keyManager.init(clientKeyStore, CLIENT_KET_PASSWORD.toCharArray()); trustManager.init (trustKeyStore); // Initialize SSLContext sslContext.init(keyManager.getKeyManagers(), trustManager.getTrustManagers(), new java.security.SecureRandom()); sf = sslContext.getSocketFactory(); } // Access the server and get the response data private String getData(String url) throws Exception { HttpsURLConnection conn = (HttpsURLConnection) new URL(url) .openConnection(); conn.setSSLSocketFactory(sf); conn.setRequestMethod("GET"); conn.setConnectTimeout(10 * 1000); conn.setDoOutput(true); conn.setDoInput(true); conn.connect(); BufferedReader br = new BufferedReader(new InputStreamReader( conn.getInputStream())); StringBuffer sb = new StringBuffer(); String line; while ((line = br.readLine()) != null) sb.append(line); return sb.toString(); } }