Android 的 X.509 认证

发布于 2024-12-22 20:55:34 字数 739 浏览 1 评论 0原文

关于我的项目的一些背景：

我正在使用 ECDH for Android (BouncyCastle) 实现 SMS 加密程序，并且我需要通过 SMS 发送我的公钥。就功能而言，一切都正常运行，但我对我实现的 X.509 代码有点怀疑。

在发送方：

        byte[] pubEnc = aKeyPair.getPublic().getEncoded();
        X509EncodedKeySpec  pubX509 = new X509EncodedKeySpec(pubEnc);

然后将 pubX509 编码为 Base64 并通过 SMS 发送

在接收方：

        KeyFactory          keyFac = KeyFactory.getInstance("ECDH", "SC");
        X509EncodedKeySpec  pubX509 = new X509EncodedKeySpec(SharedS);
        ECPublicKey         pubKey = (ECPublicKey)keyFac.generatePublic(pubX509);

接收到的值被 Base64 解码为 SharedS，然后将其转换为新的 pubX509

正如我所提到的，在实现方面，此代码似乎可以正常工作很好，但是我想知道我是否正确实施了 X509。

任何建议将不胜感激。

原文

Just a little background on my project:

I'm implementing an SMS encryption program using ECDH for Android (BouncyCastle) and I need to send my public keys over SMS. Functionality wise, all is up and working but I'm a little skeptical about the X.509 code I've implemented.

On the sender side:

        byte[] pubEnc = aKeyPair.getPublic().getEncoded();
        X509EncodedKeySpec  pubX509 = new X509EncodedKeySpec(pubEnc);

pubX509 is then encoded into Base64 and sent via SMS

On the receiver side:

        KeyFactory          keyFac = KeyFactory.getInstance("ECDH", "SC");
        X509EncodedKeySpec  pubX509 = new X509EncodedKeySpec(SharedS);
        ECPublicKey         pubKey = (ECPublicKey)keyFac.generatePublic(pubX509);

The received value is Base64 decoded into SharedS which is cast into a new pubX509

As I've mentioned, implementation wise, this code seems to be working fine, however I'd like to find out if I am implementing the X509 properly.

Any advise would be much appreciated.

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

[旋木] 2024-12-29 20:55:34

Sun（现在的 Oracle）将其称为 X509EncodedKeySpec 的事实只是因为公钥是使用更大的 X.509 证书标准中指定的格式进行编码的。对于互联网，RFC 5280 中指定了 X.509 证书的正确实现。正如您所看到的，该 RFC 的长度超过 140 页。在整个文档中，这 3 行描述了如何表示公钥：

   SubjectPublicKeyInfo  ::=  SEQUENCE  {
        algorithm            AlgorithmIdentifier,
        subjectPublicKey     BIT STRING  }

这是由 Java 类 X509EncodedKeySpec 生成的格式。您可以忽略 X509 标准的所有其余部分，不必使用证书。

The fact that Sun (now Oracle) called this an X509EncodedKeySpec is simply because the public key is encoded using a format that was specified in the much larger X.509 certificate standard. For the internet, a proper implementation of X.509 certificates is specified in RFC 5280. As you can see, this RFC is over 140 pages in length. In the whole document, these 3 lines describe how to represent a public key:

   SubjectPublicKeyInfo  ::=  SEQUENCE  {
        algorithm            AlgorithmIdentifier,
        subjectPublicKey     BIT STRING  }

And this is format that is produced by the Java class X509EncodedKeySpec. You can ignore all the rest of the X509 standard, you don't have to use certificates.

回复收藏 0 原文

~没有更多了~