用java代码加密私钥

Question

我用java代码生成了一个私钥，并保存了它，因此：

KeyPair keys;
    try {
        keys = KeyTools.genKeys("2048", AlgorithmConstants.KEYALGORITHM_RSA);
        //SAVE PRIVKEY
        //PrivateKey privKey = keys.getPrivate();
        //byte[] privateKeyBytes = privKey.getEncoded();
        PKCS10CertificationRequest  pkcs10 = new PKCS10CertificationRequest("SHA256WithRSA",
                CertTools.stringToBcX509Name("CN=NOUSED"), keys.getPublic(), null, keys.getPrivate());

        //Save Privatekey
        String privateKeyFilename = "C:/Users/l.calicchio/Downloads/privateKey.key";
        String password="prismaPrivateKey";
        byte[] start="-----BEGIN PRIVATE KEY-----\n".getBytes();
        byte[] end="\n-----END PRIVATE KEY-----".getBytes();
        byte[] privateKeyBytes = keys.getPrivate().getEncoded();

        byte[] encryptedPrivateKeyBytes = passwordEncrypt(password.toCharArray(), privateKeyBytes);

        File f=new File(privateKeyFilename);
        if (f.exists()){
            f.delete();
        }

        FileOutputStream fos = new FileOutputStream(f,true);
        fos.write(start);
        fos.write(Base64.encode(encryptedPrivateKeyBytes));
        fos.write(end);
        fos.close();

现在我要在私钥中添加密码。所以我找到了这个密码：

private static byte[] passwordEncrypt(char[] password, byte[] plaintext) throws Exception {
    String MYPBEALG = "PBEWithSHA1AndDESede";

    int count = 20;// hash iteration count
    SecureRandom random = new SecureRandom();
    byte[] salt = new byte[8];
    random.nextBytes(salt);

    // Create PBE parameter set
    PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, count);
    PBEKeySpec pbeKeySpec = new PBEKeySpec(password);
    SecretKeyFactory keyFac = SecretKeyFactory.getInstance(MYPBEALG);
    SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec);

    Cipher pbeCipher = Cipher.getInstance(MYPBEALG);

    // Initialize PBE Cipher with key and parameters
    pbeCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec);

    // Encrypt the encoded Private Key with the PBE key
    byte[] ciphertext = pbeCipher.doFinal(plaintext);

    // Now construct  PKCS #8 EncryptedPrivateKeyInfo object
    AlgorithmParameters algparms = AlgorithmParameters.getInstance(MYPBEALG);
    algparms.init(pbeParamSpec);
    EncryptedPrivateKeyInfo encinfo = new EncryptedPrivateKeyInfo(algparms, ciphertext);

    // and here we have it! a DER encoded PKCS#8 encrypted key!
    return encinfo.getEncoded();

但是，当我使用openssl命令openssl asn1parse -in privateKey.key时，我没有错误，但是当我尝试以下操作时: openssl rsa -noout -modulus -in privatekey.it，我有一个错误：

无法加载私钥9964:error:0D0680A8:asn1 1编码routines:ASN1_CHECK_TLEN:wrong标记：.\crypto\as n1\tasn_dec.c:1319: 9964:error:0D06C03A:asn1 1编码routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 err or:.\crypto\asn1\tasn_dec.c:831: 9964:error:0D08303: asn1 1编码routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 e or：.\crypto\asn1\tasn_dec.c:831Type=PKCS8_PRIV_KEY_INFO 9964:错误:0907B00D:pem routines:PEM_READ_BIO_PRIVATEKEY:ASN1 lib:.\crypto\pem\p em_pkey.c:132：

我想私钥遗漏了以下一行: Proc-Type: 4，加密的"DEK-Info：“+”AES-256-CBC“.但是我是如何添加这个(我从哪里得到这些信息的？)？tnx

Answer 1

请阅读手册，man rsa给出了以下细节：

注意，此命令使用传统的SSLeay兼容格式进行私钥加密:较新的应用程序应该使用更安全的PKCS#8格式，使用pkcs8实用程序。