如何从用户的公钥中读取颁发者字符串?
我想使用 Bouncy Castle 从用户的公钥中读取发行者字符串。有没有示例代码或者可以学习的东西?
I want to read issuer String from user's public key with Bouncy Castle. Is there example code or something from which I can learn?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您可以获得证书对象,那么您可以执行以下操作:
公钥本身没有颁发者 - 只有证书有。您可以从证书中获取公钥,但反之则不然。
更新:由于您似乎想要验证用户的有效性,因此公钥本身并不能提供此信息。公钥用于加密/数字签名验证,但对于 PKI 的其余部分,您需要证书。实际上,验证证书中写入的颁发者并不能为您提供任何保证。您需要检查:
If you can obtain the certificate object, then you can do the following:
The public key itself does not have an issuer - only a certificate has. And you can get the public key from the certificate, but not vice-versa.
Update: Since it appears that you want to verify the validity of your users, the public key alone does not provide this info. Public keys are used for encryption / digital signature verification, but for the rest of PKI you need the certificate. Actually, verifying the issuer that is written in the certificate gives you no guarantee whatsoever. You need to check:
公钥对象没有说明是谁生成的。它只包含您需要使用公钥加密(或验证)的内容。
如果您从证书 (java.security.cert.X509Certificate) 获取公钥,则可以使用 getIssuerX500Principal() 从中获取证书颁发者。
证书是身份与公钥的绑定。作为其中的一部分,证书表明了它的颁发者。因此,您可以验证您是否信任该发行者以及绑定。
此外,密钥对很可能不是由证书颁发者生成。主体只是向发行者证明它确实拥有相关的私钥。
The public key object doesn't say who generated it. It just contains what you need to encrypt (or verify) with the public key.
If you got the public key from a certificate (java.security.cert.X509Certificate), then you can get the certificate issuer from that by using getIssuerX500Principal().
The certificate is a binding of an identity to a public key. As part of that, the certificate indicates who it was issued by. So you can verify whether you trust that issuer and, therefore, the binding.
Also, the key pair very likely wasn't generated by the certificate issuer. The subject just proved to the issuer that it did possess the associated private key.