从 DEROctetString 到 KeyUsage

发布于 2024-09-07 14:29:37 字数 447 浏览 2 评论 0原文

在 bouncycastle 中，我可以从 KeyUsage 开始创建 DEROctetString。

那么如何从 DEROctetString 开始获取 KeyUsage 呢？

示例：

DEROctetString derString = new DEROctetString(new KeyUsage(KeyUsage.digitalSignature));
KeyUsage ku = ...(some code to get back KeyUsage starting from derString)...

我需要这个，因为我能够使用 KeyUsage 扩展请求创建证书请求，但是，仅考虑证书请求，我无法取回 KeyUsage 扩展。

原文

In bouncycastle I can create a DEROctetString starting from a KeyUsage.

How can I obtain KeyUsage starting from a DEROctetString then?

Example:

DEROctetString derString = new DEROctetString(new KeyUsage(KeyUsage.digitalSignature));
KeyUsage ku = ...(some code to get back KeyUsage starting from derString)...

I need this because I'm able to create Certificate Requests with KeyUsage extension request, but then, given the Certificate Request alone, I'm not able to get back the KeyUsage extension.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

渡你暖光 2024-09-14 14:29:37

我找到了使用 ASN1InputStream 的解决方案：

ASN1InputStream ais = new ASN1InputStream(derOctetString.getOctetStream());
KeyUsage ku = new KeyUsage((DERBitString) ais.readObject());

有效！

I've found the solution using ASN1InputStream:

ASN1InputStream ais = new ASN1InputStream(derOctetString.getOctetStream());
KeyUsage ku = new KeyUsage((DERBitString) ais.readObject());

That works!

回复收藏 0 原文

泡沫很甜 2024-09-14 14:29:37

KeyUsage在X.509中是这样定义的，

 id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }

 KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }

所以为其创建Octet String是错误的。如果您创建 DERBitString，KeyUsage 有一个它的构造函数。

KeyUsage is defined as this in X.509,

 id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 }

 KeyUsage ::= BIT STRING {
      digitalSignature        (0),
      nonRepudiation          (1),
      keyEncipherment         (2),
      dataEncipherment        (3),
      keyAgreement            (4),
      keyCertSign             (5),
      cRLSign                 (6),
      encipherOnly            (7),
      decipherOnly            (8) }

So it's wrong to create Octet String for it. If you create DERBitString, KeyUsage has a constructor for it.

回复收藏 0 原文

~没有更多了~