Jav*_*ear 9 java security keystore x509certificate
我正在尝试验证证书的公钥.使用以下命令将证书导入密钥库:
keytool -importcert -file cert.cer -keystore kstore.jks -alias mycert -storepass changeit
这是我用来验证公钥的java代码:
File keyStore = new File("kstore.jks");
String keyStorePassword = "changeit";
KeyStore ks = null;
try {
ks = KeyStore.getInstance("jks");
ks.load(keyStore.toURI().toURL().openStream(), keyStorePassword.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
try {
Certificate cert = ks.getCertificate("mycert");
PublicKey pk = cert.getPublicKey();
cert.verify(pk);
//cert.verify(pk, "SunRsaSign");
System.out.println("Keys verified");
} catch (Exception e) {
e.printStackTrace();
}
我得到的例外是:
java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:446)
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:389)
at VerifyEBXMLSignature.runIt3(VerifyEBXMLSignature.java:62)
at VerifyEBXMLSignature.main(VerifyEBXMLSignature.java:41)
证书包含公钥,我无权访问私钥.是否可以根据我导入密钥库的证书验证公钥?公钥来自证书本身,所以它应该是正确的.
我还应该在证书上找到什么?
我刚刚得到了一些关于证书的iformation:它是从私钥导出的.这个过程中有什么可能做错了吗?
| 归档时间: |
|
| 查看次数: |
15316 次 |
| 最近记录: |