为一个别名加载 Java KeyStore?
有谁知道是否可以加载密钥库,以便仅提示输入给定别名的密码?
示例:
在我的密钥存储中,我有两个私钥:Alice 的加密证书和 Bob 的加密证书。
当我加载密钥存储时:
keyStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
keyStore.load(null);
系统会提示我输入 Alice 和 Bob 的密钥存储密码。输入后,我可以使用 getKey("Alice's Encryption Certificate", null); 来检索 Alice 的私钥。我的密钥受到 Entrust 安全提供商的保护,它在加载密钥存储时提示我输入密码。如果我不输入鲍勃的密码并尝试获取他的密钥,它将返回 null,这很好,但我想避免出现密码提示。
是否可以以某种方式指定我在加载密钥存储之前只需要爱丽丝的密钥,这样我就不会被提示输入鲍勃的密码?
谢谢。
Does anyone know if it is possible to load a KeyStore so that it only prompts for the password for the given alias?
Example:
In my key store i have two private keys: Alice's Encryption Certificate and Bob's Encryption Certificate.
When i load my key store:
keyStore = KeyStore.getInstance("Windows-MY", "SunMSCAPI");
keyStore.load(null);
I am prompted for both Alice's and Bob's key store password. Once they are entered i can use getKey("Alice's Encryption Certificate", null); to retrieve Alice's private key. My keys are protected by Entrust's Security Provider, it is who prompts me for the passwords upon loading the key store. If i do not enter Bob's password and try to get his key it will return null, which is fine, but i would like to avoid the password prompt.
Is it possible to somehow specify that i only want Alice's key before loading the key store so i am never prompted for Bob's password?
Thanks.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我们遇到了同样的问题,但找不到方法。基本上,您是在询问是否有办法部分加载密钥库。 MSCAPI 提供商会忽略您提供的任何密码,这让事情变得更加复杂。
我们通过使用 MSCAPI 密钥库仅存储一个密钥来解决这个问题。事实证明,这也适用于智能卡的安全模型。
We had the same issue and couldn't find a way to do it. Basically, you are asking if there is a way to load the keystore partially. It makes things more complicated that MSCAPI provider ignores any password you provide.
We get around the issue by storing only one key With MSCAPI keystore. It turns out this works better with the security model of Smartcard also.