如何从 coap dtls 客户端的 cer 文件生成 keyStore.jks 和 trustStore.jks
我有 cer 文件,想要生成 trustStore.jks 和 keyStore.jks 文件,这些文件将在 coap 客户端中使用来发送 dtls 请求。
我正在使用 californium coap cf-secure 模块来调用 coaps://:/ 得到以下回应
Usage: java -cp ... org.eclipse.californium.examples.SecureClient
[PSK|ECDHE_PSK] [RPK|RPK_TRUST] [X509|X509_TRUST]
Default: [PSK] [RPK] [X509]
00:33:55.267 INFO [] [Configuration]: defaults added COAP.
00:33:55.319 INFO [] [JceProviderUtil]: JCE default setup
00:33:55.760 INFO [] [JceProviderUtil]: RSA: true, EC: true, AES: not restricted
00:33:55.760 INFO [] [JceProviderUtil]: EdDSA not supported!
00:33:55.760 INFO [] [JceProviderUtil]: JCE setup: null, ready.
00:33:55.765 INFO [] [AeadBlockCipher]: AES/CBC/NoPadding is not restricted!
00:33:56.014 INFO [] [AeadBlockCipher]: AES/CBC/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/GCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/GCM/NoPadding is not restricted!
00:33:56.085 INFO [] [XECDHECryptography]: X25519/X448 not supported!
00:33:56.434 INFO [] [Configuration]: defaults added DTLS.
00:33:56.435 WARN [] [Configuration]: Add missing module DTLS.
00:33:56.436 WARN [] [Configuration]: Add missing module COAP.
00:33:56.437 INFO [] [Configuration]: loading properties from file C:\work\workspace\coaps-workspace\californium-master\demo-apps\cf-secure\Californium3SecureClient.properties
00:33:56.441 WARN [] [Configuration]: Ignore SYS.HEALTH_STATUS_INTERVAL, no configuration definition available!
00:33:56.565 INFO [] [InMemoryConnectionStore]: Created new InMemoryConnectionStore [capacity: 150000, connection expiration threshold: 1800s]
00:33:56.574 INFO [] [Configuration]: defaults added SYS.
00:33:56.591 INFO [] [RandomTokenGenerator]: using tokens of 8 bytes in length
00:33:56.628 INFO [] [ban]: Started.
00:33:56.631 INFO [] [CoapEndpoint]: coaps CoapEndpoint uses strict context
00:33:56.649 INFO [] [BlockwiseLayer]: coaps BlockwiseLayer uses MAX_MESSAGE_SIZE=1024, PREFERRED_BLOCK_SIZE=512, BLOCKWISE_STATUS_LIFETIME=300000, MAX_RESOURCE_BODY_SIZE=8192, BLOCKWISE_STRICT_BLOCK2_OPTION=false
00:33:56.669 INFO [] [CoapEndpoint]: coaps Endpoint [coaps://0.0.0.0:0] requires an executor to start, using default single-threaded daemon executor
00:33:56.962 INFO [] [DTLSConnector]: multiple network interfaces, using smallest MTU [IPv4 1500, IPv6 1500]
00:33:56.965 INFO [] [DTLSConnector]: DTLSConnector listening on 0.0.0.0/0.0.0.0:54326, recv buf = 65536, send buf = 64512, recv packet size = 16490, MTU = IPv4 1500 / IPv6 1500
00:33:56.965 INFO [] [DTLSConnector]: Starting worker thread [DTLS-Receiver-0-0.0.0.0/0.0.0.0:54326]
00:33:56.965 INFO [] [DTLSConnector]: Starting worker thread [DTLS-Receiver-1-0.0.0.0/0.0.0.0:54326]
00:33:56.967 INFO [] [CoapEndpoint]: coaps Started endpoint at coaps://0.0.0.0:54326
00:33:56.967 INFO [] [CoapClient]: started set client endpoint 0.0.0.0/0.0.0.0:54326
Error occurred while sending request: java.io.IOException: org.eclipse.californium.scandium.dtls.DtlsHandshakeTimeoutException: Handshake flight 1 failed! Stopped by timeout after 4 retransmissions!
I have cer file and want to generate trustStore.jks and keyStore.jks files which is going to use in coap client to send the dtls request.
I am using californium coap cf-secure module to call coaps://:/
Getting below response
Usage: java -cp ... org.eclipse.californium.examples.SecureClient
[PSK|ECDHE_PSK] [RPK|RPK_TRUST] [X509|X509_TRUST]
Default: [PSK] [RPK] [X509]
00:33:55.267 INFO [] [Configuration]: defaults added COAP.
00:33:55.319 INFO [] [JceProviderUtil]: JCE default setup
00:33:55.760 INFO [] [JceProviderUtil]: RSA: true, EC: true, AES: not restricted
00:33:55.760 INFO [] [JceProviderUtil]: EdDSA not supported!
00:33:55.760 INFO [] [JceProviderUtil]: JCE setup: null, ready.
00:33:55.765 INFO [] [AeadBlockCipher]: AES/CBC/NoPadding is not restricted!
00:33:56.014 INFO [] [AeadBlockCipher]: AES/CBC/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/CCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/GCM/NoPadding is not restricted!
00:33:56.015 INFO [] [AeadBlockCipher]: AES/GCM/NoPadding is not restricted!
00:33:56.085 INFO [] [XECDHECryptography]: X25519/X448 not supported!
00:33:56.434 INFO [] [Configuration]: defaults added DTLS.
00:33:56.435 WARN [] [Configuration]: Add missing module DTLS.
00:33:56.436 WARN [] [Configuration]: Add missing module COAP.
00:33:56.437 INFO [] [Configuration]: loading properties from file C:\work\workspace\coaps-workspace\californium-master\demo-apps\cf-secure\Californium3SecureClient.properties
00:33:56.441 WARN [] [Configuration]: Ignore SYS.HEALTH_STATUS_INTERVAL, no configuration definition available!
00:33:56.565 INFO [] [InMemoryConnectionStore]: Created new InMemoryConnectionStore [capacity: 150000, connection expiration threshold: 1800s]
00:33:56.574 INFO [] [Configuration]: defaults added SYS.
00:33:56.591 INFO [] [RandomTokenGenerator]: using tokens of 8 bytes in length
00:33:56.628 INFO [] [ban]: Started.
00:33:56.631 INFO [] [CoapEndpoint]: coaps CoapEndpoint uses strict context
00:33:56.649 INFO [] [BlockwiseLayer]: coaps BlockwiseLayer uses MAX_MESSAGE_SIZE=1024, PREFERRED_BLOCK_SIZE=512, BLOCKWISE_STATUS_LIFETIME=300000, MAX_RESOURCE_BODY_SIZE=8192, BLOCKWISE_STRICT_BLOCK2_OPTION=false
00:33:56.669 INFO [] [CoapEndpoint]: coaps Endpoint [coaps://0.0.0.0:0] requires an executor to start, using default single-threaded daemon executor
00:33:56.962 INFO [] [DTLSConnector]: multiple network interfaces, using smallest MTU [IPv4 1500, IPv6 1500]
00:33:56.965 INFO [] [DTLSConnector]: DTLSConnector listening on 0.0.0.0/0.0.0.0:54326, recv buf = 65536, send buf = 64512, recv packet size = 16490, MTU = IPv4 1500 / IPv6 1500
00:33:56.965 INFO [] [DTLSConnector]: Starting worker thread [DTLS-Receiver-0-0.0.0.0/0.0.0.0:54326]
00:33:56.965 INFO [] [DTLSConnector]: Starting worker thread [DTLS-Receiver-1-0.0.0.0/0.0.0.0:54326]
00:33:56.967 INFO [] [CoapEndpoint]: coaps Started endpoint at coaps://0.0.0.0:54326
00:33:56.967 INFO [] [CoapClient]: started set client endpoint 0.0.0.0/0.0.0.0:54326
Error occurred while sending request: java.io.IOException: org.eclipse.californium.scandium.dtls.DtlsHandshakeTimeoutException: Handshake flight 1 failed! Stopped by timeout after 4 retransmissions!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
航班 1 中的超时通常表示 UDP 通信问题。
尝试在客户端和服务器端创建 ip 捕获,请参阅 IP 捕获
如果您只想将 cer 与 Californium 一起使用,SslContextUtil 还将加载您的 .cer,至少如果它是 PEM 格式的话。目前我支持 .pem 和 .crt 作为结尾,因此只需尝试重命名它并加载它:
如果您希望将 cer 放在密钥库中,create-keys.sh 包含如何导入它的示例,例如
也 Keystore Explore 提供导入功能。 Californium 演示密钥库使用“endPass”作为密码,演示信任库使用“rootPass”。
Timeouts in flight 1 usually indicates a UDP communication problem.
Try to create ip captures on the client and server side, see IP-Capturing
If you only want to use the cer with Californium, SslContextUtil will also load your .cer, at least if it's in PEM format. Currently I support .pem and .crt as ending, so just try to rename it and load it with:
If you prefer to have the cer in the keystore, create-keys.sh contains examples how to import it, e.g.
Also Keystore Explore offers a import function. The Californium demo keystore uses "endPass" as password, the demo truststore uses "rootPass".