我想将 X509Certificate 及其私钥保存到 Android KeyStore 中,我认为我应该“合并” X509Certificate(包含公钥)及其私钥。私钥用于创建 CSR,然后服务器方签署证书并返回应用程序,我可以将证书和私钥合并为一个唯一的证书吗?我也在使用 spongycastle(又名 bouncycastle 的 android 包装器)。
【问题讨论】:
标签: java android bouncycastle x509certificate
我不知道 Android KeyStore,但也许您可以尝试以下方法:
PrivateKey privateKey = ... //this is what you already have
X509Certificate certificate = ... //this is what you already have
KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
keyStore.load(null);
Certificate[] certChain = new Certificate[1];
certChain[0] = certificate;
char[] myKeyPassword = "myKeyPassword".toCharArray();
keyStore.setKeyEntry("mykeyalias", (Key)privateKey, myKeyPassword, certChain);
有关 KeyStore.setKeyEntry 的更多信息,请参阅https://docs.oracle.com/javase/9/docs/api/java/security/KeyStore.html#setKeyEntry-java.lang.String-java.security.Key-char:A-java.security.cert.Certificate:A-
【讨论】: