keytool generates private key and trust certificate in BKS format

Others 2022-05-17 23:06:33 views: 0

1. Download bcprov-ext-jdk15on-150.jar

http://downloads.bouncycastle.org/java/bcprov-ext-jdk15on-150.jar

2. Confirm that the keytool environment of the system is the jre environment you want to operate

3. Copy bcprov-ext-jdk15on-150.jar to %JRE_HOME%\lib\ext and under %JDK_HOME%\jre\lib\ext

4、修改%JRE_HOME%\lib\security\java.security,与%JDK_HOME%\jre\lib\security\java.security

Add to the end, there are already 10 in front

security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
5. Run below cmd command

keytool -genkey -alias androidbks -keypass 11111111 -keyalg RSA -keysize 1024 -validity 365 -keystore bksserver.keystore -storepass 111111 -dname "cn=runtestuser3, ou=vpn, o=run, c=CN, l=shanghai" -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

6. Generate the bksserver.keystore file in C:\Users\Administrator

 

7. Generate the private key and certificate of the server and the certificate of the private key of the client, and add the client to the server and the server to trust the client

 

C:\Users\Administrator>keytool -genkey -alias serverkey -keypass 1993821924 -key
alg RSA -keysize 1024 -validity 365 -keystore kserver.keystore -storepass 199382
1924 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

What is your first and last name?
  [Unknown]:  mei
What is your organizational unit name?
  [Unknown]:  ccniit
What is the name of your organization?
  [Unknown]:  ccniit
What is the name of your city or area?
  [Unknown]:  chengdu
What is the name of your province/city/autonomous region?
  [Unknown]:  chengdu
What is the two-letter country code for this unit?
  [Unknown]:  cn
Is CN=mei, OU=ccniit, O=ccniit, L=chengdu, ST=chengdu, C=cn correct?
  [no]: y

C:\Users\Administrator>keytool -export -alias serverkey -keystore kserver.keysto
re -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bounc
yCastleProvider

C:\Users\Administrator>keytool -import -alias serverkey -keystore tclient.keysto
re -file server.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bounc
yCastleProvider

C:\Users\Administrator>keytool -import -genkey -alias clientkey -storetype BKS -
provider org.bouncycastle.jce.provider.BouncyCastleProvider

C:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystor
e -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy
CastleProvider

C:\Users\Administrator>keytool -genkey -alias clientkey -keystore klient.keystor
e -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider

C:\Users\Administrator>keytool -export -alias clientkey -keystore klient.keystor
e -file client.crt -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy
CastleProvider

C:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysor
e tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.Bouncy
CastleProvider

C:\Users\Administrator>keytool -import -alias clientkey -file client.crt -keysto
re tserver.keystore -storetype BKS -provider org.bouncycastle.jce.provider.Bounc
yCastleProvider

 

 

Read store file on android

 

package com.example.ssl;

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.KeyStore;

import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;

import android.os.Bundle;
import android.app.Activity;
import android.view.Menu;

public class MainActivity extends Activity {

	private static final int SERVER_PORT = 50030;// port number
	private static final String SERVER_IP = "218.206.176.146";// 连接IP
	private static final String CLIENT_KET_PASSWORD = "123456";// Private key password
	private static final String CLIENT_TRUST_PASSWORD = "123456";// Trust certificate password
	private static final String CLIENT_AGREEMENT = "TLS";// Use the protocol
	private static final String CLIENT_KEY_MANAGER = "X509";//Key Manager
	private static final String CLIENT_TRUST_MANAGER = "X509";//
	private static final String CLIENT_KEY_KEYSTORE = "BKS";//Secret library, here is the BouncyCastle secret library
	private static final String CLIENT_TRUST_KEYSTORE = "BKS";//
	private static final String ENCONDING = "utf-8";// 字符集
	SSLSocketFactory sf;

	@Override
	protected void onCreate(Bundle savedInstanceState) {
		super.onCreate (savedInstanceState);
		setContentView(R.layout.activity_main);
		try {
			initKey();
		} catch (Exception e) {
			// TODO Auto-generated catch block
			e.printStackTrace ();
		}
	}

	@Override
	public boolean onCreateOptionsMenu(Menu menu) {
		// Inflate the menu; this adds items to the action bar if it is present.
		getMenuInflater().inflate(R.menu.main, menu);
		return true;
	}

	// First initialize the client key and client trust keystore information
	private void initKey() throws Exception {

		// Get the SSLContext instance of SSL
		SSLContext sslContext = SSLContext.getInstance(CLIENT_AGREEMENT);
		// Get an instance of KeyManagerFactory
		KeyManagerFactory keyManager = KeyManagerFactory
				.getInstance(CLIENT_KEY_MANAGER);
		// Get the X509 key manager of the TrustManagerFactory
		TrustManagerFactory trustManager = TrustManagerFactory
				.getInstance(CLIENT_TRUST_MANAGER);

		// Get the BKS secret library instance
		KeyStore clientKeyStore = KeyStore.getInstance("BKS");
		KeyStore trustKeyStore = KeyStore.getInstance(CLIENT_TRUST_KEYSTORE);

		// Load the certificate and private key, and read the key and trust certificate by reading the resource file (kclient: key; t_client: trust certificate)

		clientKeyStore.load(getResources().openRawResource(R.raw.tclient),
				CLIENT_KET_PASSWORD.toCharArray());// kclient: key

		// t_client: trust certificate
		trustKeyStore.load(getResources().openRawResource(R.raw.klient),
				CLIENT_TRUST_PASSWORD.toCharArray());

		// Initialize key manager, trust certificate manager
		keyManager.init(clientKeyStore, CLIENT_KET_PASSWORD.toCharArray());
		trustManager.init (trustKeyStore);

		// Initialize SSLContext
		sslContext.init(keyManager.getKeyManagers(),
				trustManager.getTrustManagers(),
				new java.security.SecureRandom());
		sf = sslContext.getSocketFactory();
	}

	// Access the server and get the response data
	private String getData(String url) throws Exception {
		HttpsURLConnection conn = (HttpsURLConnection) new URL(url)
				.openConnection();
		conn.setSSLSocketFactory(sf);
		conn.setRequestMethod("GET");
		conn.setConnectTimeout(10 * 1000);

		conn.setDoOutput(true);
		conn.setDoInput(true);
		conn.connect();

		BufferedReader br = new BufferedReader(new InputStreamReader(
				conn.getInputStream()));
		StringBuffer sb = new StringBuffer();
		String line;
		while ((line = br.readLine()) != null)
			sb.append(line);
		return sb.toString();

	}

}

 

 

Guess you like

Origin http://10.200.1.11:23101/article/api/json?id=326618839&siteId=291194637
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com