将Java ssh-rsa字符串转换为公钥
将Java ssh-rsa字符串转换为公钥
提问于 2017-12-14 23:30:57
我想要获取.pub文件内容的公钥。这是一个使用ssh-keygen生成的.pub文件内容的示例:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBPL2s+25Ank3zS6iHUoVk0tS63dZM0LzAaniiDon0tdWwq4vcL4+fV8BsAEcpMeijS92JhDDc9FccXlHbdDcmd6c4ITOt9h9xxhIefGsi1FTVJ/EjVtbqF5m0bu7ruIMGvuP1p5s004roHx9y0UdHvD/yNWLISMhy4nio6jLailIj3FS53Emj1WRNsOrpja3LzPXzhuuj6YnD9yfByT7iGZipxkmleaXrknChPClLI9uhcqtAzBLdd0NVTJLOt/3+d1cSNwdBw9e53wJvpEmH+P8UOZd+oV/y7cHIej4jQpBXVvpJR1Yaluh5RuxY90B0hSescUAj4g/3HVPpR/gE7op6i9Ab//0iXF15uWGlGzipI4lA2/wYEtv8swTjmdCTMNcTDw/1huTDEzZjghIKVpskHde/Lj416c7eSByLqsMg2OhlZGChKznpIjhuNRXz93DwqKuIKvJKSnhqaJDxmDGfG7nlQ/eTwGeAZ6VR50yMPiRTIpuYd767+Nsg486z7p0pnKoBlL6ffTbfeolUX2b6Nb9ZIOxJdpCSNTQRKQ50p4Y3S580cUM1Y2EfjlfIQG1JdmTQYB75AZXi/cB2PvScmF0bXRoj7iHg4lCnSUvRprWA0xbwzCW/wjNqw6MyRX42FFlvSRrmfaxGZxKYbmk3TzBv+Fp+CADPqQm3OQ== test@test.com如果我是对的,这不是公钥,但是可以从这个字符串中获得公钥。
这个答案回答了我的问题https://stackoverflow.com/a/19387517/2735398
但答案似乎并不管用。我得到了一个异常:
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: invalid key format在查看答案的评论时,我并不是唯一一个有问题的人……
如何修复异常?或者,是否有其他方法可以从字符串中获取公钥?
回答 5
Stack Overflow用户
发布于 2018-05-15 23:59:14
您必须将您的密钥转换为pkcs8规范。使用下面的命令
ssh-keygen -f private.key -e -m pkcs8 > test-pkcs8.pub然后将其转换为x509
openssl rsa -pubin -in test-pkcs8.pub -outform pem > test-x509.pem然后,您可以使用以下代码在Java语言中将公钥读取为RSAPublicKey
import java.io.IOException;
import java.net.URISyntaxException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
/**
* This file is intended to be used on a IDE for testing purposes.
* ClassLoader.getSystemResource won't work in a JAR
*/
public class Main {
public static void main(String[] args) throws InvalidKeySpecException, NoSuchAlgorithmException, IOException, URISyntaxException {
String privateKeyContent = new String(Files.readAllBytes(Paths.get(ClassLoader.getSystemResource("private_key_pkcs8.pem").toURI())));
String publicKeyContent = new String(Files.readAllBytes(Paths.get(ClassLoader.getSystemResource("public_key.pem").toURI())));
privateKeyContent = privateKeyContent.replaceAll("\\n", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");
publicKeyContent = publicKeyContent.replaceAll("\\n", "").replace("-----BEGIN PUBLIC KEY-----", "").replace("-----END PUBLIC KEY-----", "");;
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpecPKCS8 = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKeyContent));
PrivateKey privKey = kf.generatePrivate(keySpecPKCS8);
X509EncodedKeySpec keySpecX509 = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKeyContent));
RSAPublicKey pubKey = (RSAPublicKey) kf.generatePublic(keySpecX509);
System.out.println(privKey);
System.out.println(pubKey);
}
}我从下面两个链接得到了答案
Converting ssh-rsa to X509 Spec in Java
Loading X509 spec key in Java as RSAPublicKey object
希望这能给你一些直觉。
Stack Overflow用户
发布于 2019-02-09 05:49:16
下面是我的SSH RSA -> RSAPublicKey转换器实现。我在网上的某个地方找到了关键格式描述,所以感谢提供它的人。
public class CertificateUtils {
private static final int VALUE_LENGTH = 4;
private static final byte[] INITIAL_PREFIX = new byte[]{0x00, 0x00, 0x00, 0x07, 0x73, 0x73, 0x68, 0x2d, 0x72, 0x73, 0x61};
private static final Pattern SSH_RSA_PATTERN = Pattern.compile("ssh-rsa[\\s]+([A-Za-z0-9/+]+=*)[\\s]+.*");
// SSH-RSA key format
//
// 00 00 00 07 The length in bytes of the next field
// 73 73 68 2d 72 73 61 The key type (ASCII encoding of "ssh-rsa")
// 00 00 00 03 The length in bytes of the public exponent
// 01 00 01 The public exponent (usually 65537, as here)
// 00 00 01 01 The length in bytes of the modulus (here, 257)
// 00 c3 a3... The modulus
public static RSAPublicKey parseSSHPublicKey(String key) throws InvalidKeyException {
Matcher matcher = SSH_RSA_PATTERN.matcher(key.trim());
if (!matcher.matches()) {
throw new InvalidKeyException("Key format is invalid for SSH RSA.");
}
String keyStr = matcher.group(1);
ByteArrayInputStream is = new ByteArrayInputStream(Base64.decodeBase64(keyStr));
byte[] prefix = new byte[INITIAL_PREFIX.length];
try {
if (INITIAL_PREFIX.length != is.read(prefix) || !ArrayUtils.isEquals(INITIAL_PREFIX, prefix)) {
throw new InvalidKeyException("Initial [ssh-rsa] key prefix missed.");
}
BigInteger exponent = getValue(is);
BigInteger modulus = getValue(is);
return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(modulus, exponent));
} catch (IOException | InvalidKeySpecException | NoSuchAlgorithmException e) {
throw new InvalidKeyException("Failed to read SSH RSA certificate from string", e);
}
}
private static BigInteger getValue(InputStream is) throws IOException {
byte[] lenBuff = new byte[VALUE_LENGTH];
if (VALUE_LENGTH != is.read(lenBuff)) {
throw new InvalidParameterException("Unable to read value length.");
}
int len = ByteBuffer.wrap(lenBuff).getInt();
byte[] valueArray = new byte[len];
if (len != is.read(valueArray)) {
throw new InvalidParameterException("Unable to read value.");
}
return new BigInteger(valueArray);
}
}希望这能有所帮助。
Stack Overflow用户
发布于 2019-08-22 17:47:42
我发现了很多如何获取公钥的答案--但没有一个真正包含如何将openssh公钥作为字符串获取的部分--它有一种特殊的格式。
Cudos到@Jcs和@James K Polk
这取决于BouncyCastle。也许没有它也可以做到。
package cuul.stuff;
import lombok.SneakyThrows;
import org.bouncycastle.jcajce.provider.asymmetric.rsa.BCRSAPrivateCrtKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Security;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Base64;
/**
* Takes an private SSH key and cranks out the corresponding public one.
*
* Just what this command would have done: <pre>ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub</pre>
*
* @link https://stackoverflow.com/questions/3706177/how-to-generate-ssh-compatible-id-rsa-pub-from-java
* @link https://stackoverflow.com/questions/7216969/getting-rsa-private-key-from-pem-base64-encoded-private-key-file/7221381#7221381
*
* Why - because I can.
*/
public class ExtractPublicFromPrivateSshKey {
private static final String BEGIN_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----\n";
private static final String END_RSA_PRIVATE_KEY = "-----END RSA PRIVATE KEY-----";
static {
Security.addProvider(new BouncyCastleProvider());
}
@SneakyThrows
public static String extract(String privateKeyString) {
if (!privateKeyString.startsWith(BEGIN_RSA_PRIVATE_KEY)) {
throw new InvalidKeySpecException("Can only extract public key from a RSA private. "
+ "This is not an RSA key (header should have been '" + BEGIN_RSA_PRIVATE_KEY + "'");
}
privateKeyString = privateKeyString.replace(BEGIN_RSA_PRIVATE_KEY, "");
privateKeyString = privateKeyString.replace(END_RSA_PRIVATE_KEY, "");
privateKeyString = privateKeyString.trim();
byte[] privateKeyBytes = Base64.getMimeDecoder().decode(privateKeyString);
BCRSAPrivateCrtKey rsaPrivateKey = (BCRSAPrivateCrtKey) getPrivate(privateKeyBytes);
//create a KeySpec and let the Factory due the Rest. You could also create the KeyImpl by your own.
RSAPublicKey publicKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(
new RSAPublicKeySpec(rsaPrivateKey.getModulus(), rsaPrivateKey.getPublicExponent()));
byte[] bytes = encodePublicKey(publicKey);
return "ssh-rsa " + new String(Base64.getEncoder().encode(bytes), StandardCharsets.UTF_8) + " some@user";
}
private static PrivateKey getPrivate(byte[] privateKeyBytes)
throws Exception {
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(privateKeyBytes);
KeyFactory kf = KeyFactory.getInstance("RSA");
return kf.generatePrivate(spec);
}
/**
* @link https://stackoverflow.com/questions/3706177/how-to-generate-ssh-compatible-id-rsa-pub-from-java
*
* The key format used by ssh is defined in the RFC #4253. The format for RSA public key is the following :
* string "ssh-rsa"
* mpint e // key public exponent
* mpint n // key modulus
*
* All data type encoding is defined in the section #5 of RFC #4251. string and mpint (multiple precision integer) types are encoded this way :
*
* 4-bytes word: data length (unsigned big-endian 32 bits integer)
* n bytes : binary representation of the data
*
* or instance, the encoding of the string "ssh-rsa" is:
*
* byte[] data = new byte[] {0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a'};
*/
private static byte[] encodePublicKey(RSAPublicKey key) throws IOException {
ByteArrayOutputStream out = new ByteArrayOutputStream();
/* encode the "ssh-rsa" string */
byte[] sshrsa = new byte[] {0, 0, 0, 7, 's', 's', 'h', '-', 'r', 's', 'a'};
out.write(sshrsa);
/* Encode the public exponent */
BigInteger e = key.getPublicExponent();
byte[] data = e.toByteArray();
encodeUInt32(data.length, out);
out.write(data);
/* Encode the modulus */
BigInteger m = key.getModulus();
data = m.toByteArray();
encodeUInt32(data.length, out);
out.write(data);
return out.toByteArray();
}
private static void encodeUInt32(int value, OutputStream out) throws IOException {
byte[] tmp = new byte[4];
tmp[0] = (byte)((value >>> 24) & 0xff);
tmp[1] = (byte)((value >>> 16) & 0xff);
tmp[2] = (byte)((value >>> 8) & 0xff);
tmp[3] = (byte)(value & 0xff);
out.write(tmp);
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/47816938
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号