节点js从PKCS12密钥库中读取密钥
我正在使用pem模块从PKCS12密钥库中读取使用我的Java类创build的密钥。 Java类工作正常,我检查,以确保有keytool条目,但是当我读取节点的密钥库文件,什么都没有显示。
节点代码:
const pfx = fs.readFileSync("myKeyStore.pfx"); pem.readPkcs12(pfx, { p12Password: "password" }, (err, cert) => { console.log(cert); }); 节点输出:
{ cert: undefined, ca: [], key: undefined }
Keytool输出:
$ keytool -list -keystore myKeyStore.pfx -storepass password -storetype PKCS12 -v Keystore type: PKCS12 Keystore provider: SunJSSE Your keystore contains 3 entries Alias name: test Creation date: 21-Sep-2017 Entry type: SecretKeyEntry ******************************************* ******************************************* Alias name: key1 Creation date: 21-Sep-2017 Entry type: SecretKeyEntry ******************************************* ******************************************* Alias name: key3 Creation date: 22-Sep-2017 Entry type: SecretKeyEntry ******************************************* *******************************************
编辑:
Java代码:
import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.security.Key; import java.security.KeyStore; import java.security.KeyStoreException; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; public class Main { final private static boolean IS_CREATE = false; final private static boolean IS_DEBUG = true; final private static String KEYSTORE_FILE = "../../../Desktop/crypto/myKeyStore.pfx"; final private static char[] PASSWORD = "password".toCharArray(); final private static KeyStore.ProtectionParameter PP = new KeyStore.PasswordProtection(PASSWORD); private static KeyStore ks; public static void main(String[] args) throws Exception { if (IS_CREATE) { createFile(); } else { init(); key = "123456789aabbccddeefffffffffffff"; addEntry("key3", key); saveKeyStore(); printKey("key3"); printKey("key3"); } } private static void init() throws Exception { ks = KeyStore.getInstance("PKCS12"); try (FileInputStream fis = new FileInputStream(KEYSTORE_FILE)) { ks.load(fis, PASSWORD); } } public static void addEntry(String alias, String key) throws KeyStoreException { SecretKey spec = new SecretKeySpec(key.getBytes(), "AES"); KeyStore.SecretKeyEntry entry = new KeyStore.SecretKeyEntry(spec); ks.setEntry(alias, entry, PP); } public static void deleteEntry(String alias) throws KeyStoreException { ks.deleteEntry(alias); } public static void saveKeyStore() throws Exception { try (FileOutputStream fos = new FileOutputStream(KEYSTORE_FILE)) { ks.store(fos, PASSWORD); } } public static void printKey(String alias) throws Exception { Key key = ks.getKey(alias, PASSWORD); System.out.println(new String(key.getEncoded())); } public static void debugPrint(String msg) { String toPrint = (IS_DEBUG) ? msg : ""; System.out.println(toPrint); } public static void debugPrint(Integer val) { int toPrint = (IS_DEBUG) ? val : null; System.out.println(toPrint); } private static void createFile() throws Exception { ks = KeyStore.getInstance("PKCS12"); ks.load(null, PASSWORD); addEntry("test", "value"); saveKeyStore(); } }
我也尝试使用openssl来检查由Java代码生成的密钥库文件,并得到这个输出:
openssl pkcs12 -in myKeyStore.pfx -nocerts -out key3 -nodes Enter Import Password: MAC verified OK Warning unsupported bag type: secretBag Warning unsupported bag type: secretBag Warning unsupported bag type: secretBag
这是否意味着节点代码无法正确读取密钥,因为它的格式不正确?