使用Java代码生成RSA公私钥的.pem文件
package pers.xue.encrypt.rsa; import lombok.extern.slf4j.Slf4j; import org.bouncycastle.util.io.pem.PemObject; import org.bouncycastle.util.io.pem.PemWriter; import java.io.FileWriter; import java.io.IOException; import java.nio.file.Files; import java.nio.file.Paths; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; /** * @author huangzhixue * @date 2022/11/15 09:55 * @Description * refer to https://www.baeldung.com/java-rsa */ @Slf4j public class GeneratePemPariKeyFile { private static final String pairKeyDirectory = "src/main/resources/rsa"; private static final String publicKeyPath = "src/main/resources/rsa/rsaPublicKey.pem"; /** * 上面已经创建了src/main/resources/rsa,这里可以用全称,然后通过Paths.get去创建rsaPrivateKey.pem文件 */ private static final String privateKeyPath = "src/main/resources/rsa/rsaPrivateKey.pem"; private static final String publicKeyPrefix = "PUBLIC KEY"; private static final String privateKeyPrefix = "PRIVATE KEY"; public static void generatePublicKeyPemFile() throws NoSuchAlgorithmException, IOException { // algorithm 指定算法为RSA KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA"); // 指定密钥长度为2048 keyPairGenerator.initialize(2048); // 生成密钥 KeyPair keyPair = keyPairGenerator.generateKeyPair(); // 文件夹不存在,则先创建 Files.createDirectories(Paths.get(pairKeyDirectory)); try(FileWriter priFileWriter = new FileWriter(privateKeyPath); PemWriter priPemWriter = new PemWriter(priFileWriter); FileWriter pubFileWriter = new FileWriter(publicKeyPath); PemWriter pubPemWriter = new PemWriter(pubFileWriter)) { priPemWriter.writeObject(new PemObject(privateKeyPrefix, keyPair.getPrivate().getEncoded())); pubPemWriter.writeObject(new PemObject(publicKeyPrefix, keyPair.getPublic().getEncoded())); } catch (IOException e) { log.error("generate pem file fail", e); } } public static void main(String[] args) throws NoSuchAlgorithmException, IOException { generatePublicKeyPemFile(); } }
代码首先通过KeyPairGenerator指定algorithm为RSA,长度为2048,生成长度为48的RSA密钥。然后通过PemWriter这个类来写出PemObject文件
其它代码都是文件输出的基础,这里不再介绍。
需要注意的点,这里必须指定为PUBLIC KEY 而不是RSA PUBLIC KEY,后果指定后者,后续使用可能会出现错误,比如转Jwt时会报序列错误,这里简单提一下。
最后会在资源目录下生成两个pem文件,如下所示