我如何格式化导出的Vault专用密钥以供使用?

问题描述 投票:1回答:1

我正在使用运输秘密引擎在本地运行Vault。我在内存中本地运行,创建了一个可导出的私钥,可以使用以下信息进行检索:

{
    "request_id": "ad4401f3-b88b-19f1-0bec-ce710dc647ee",
    "lease_id": "",
    "renewable": false,
    "lease_duration": 0,
    "data": {
        "keys": {
            "1": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQEAnLs+5HqCJzJBcdLU+m5hO70ELEBdh2Iy/dp4hGwR2dZiHYGD\nD7jUyTkjDAOpjqsCcqK/bAqCFS/1781s7n37IzVwtu4wU7fXjGdW7582QxfEpUms\n9IYFvzWfIhPDE5VmeXJb7yKiW8rySAbyqQ/ctmOUZtZi/PbHQgS3rmcLvOidp8kJ\nGLb7LYjsZB9tS+Hk4YWKo/3LEyyEkeWtUTQVKzkOOlOZtBmlSkkpz0nV0af/yqkT\nVvvh+RarwlrVwiJvgB8bpSq/gl68Fv28TKa7j0lsHINLgEy1W69KKXg8BVfZvxKn\nwwdtkhlnLN+qtuqk3uO4EOxzZojKdLTXEpp1QwIDAQABAoIBACfoKXBlnSQ70JwZ\n0a7eUhWy4BAgZ3AkWdV3Pj6Bgd4UjzDyHBvxtQRzbvANMqwn8Nydgd4RouOgLZ/c\nj4L+QubJIaUCav22DsUqPuGOiXN15tUrOEWepnH0RkuX+pDO9qOvsabnC64Rs7UR\nR9IyPsGWA2BX8CZ2829k4hwfEscLkae5KHd9bDvIRBH8XnafcUgf6cB3V3GVwZsU\nGuT1UUGcuubRXTrsOger9Rb0L3lgTXwpIXeOqAjeOEtjL6+bVOpMdiequmJf5VfK\nQ0If9gW6XHMQoPdx3+fBzC0/UU6BBNzfojZ9itHp1kQX3h7zilJbPJpm33Jgzg1J\nAUSPZtECgYEAzTmZwF0Mjb/FUZR884HZ23sVn81oW0mPDmgc3NtmY2YsRhyvd2nc\nsCAuQjDgmXyraEZ8IKoGQxHJn7t1yxpxISaGMCDQ1XvfHdSJxxQHGJW+/JjANN/F\nBGyMhCD3rQA8MIiDbe7PyfIhb2dOgza34e19V/5JwaCSd+nP4N10rXkCgYEAw4Ix\nTmY/RdhZABsPn0CymkJZ+y+rTKRNUNclNxuUAgVkOBlHt6ILa+B7gzI0bKX9+YZQ\nXIEsbREl6KvaJe9d5x/JHYcRhJJoHqPoJuvGlfxH7azEoyrdZcR57ayldhfVsvjJ\nsLD7b2lX9JzNnGtipx2PE4ppuB7oN5oU1VpulZsCgYAJHzNPUpN5RXney2vWYwIs\n+EaYyMeHrzhVmpkV1Aa0ClmTcDj4ZNMzXOrRdFy3VcxEoUVpKkWG+6ZrnCh7M5yt\nrYmvX/YIVy4upEDPgXtjQ1yu25dHgl6+eJiyUsjPfsAuJBM7cq73ufR0gDIEMQ1x\nVF4K6DmdCqcX/2OHCjDieQKBgQC7XtYUVgfDz5GUeVrifGXvUzHbexcHz9tNY7QF\n+YdC3Jns7cV+521cyPp2hTIbAobCkogH78B9EtcrAzCB9MMhE6RyiRUv4gSpgNqo\nGoTrD6p7zX1zB0zCEKfuMe0tnbAv4yGhFi0S3HnwNCsWAxC8KqcJyjiBvhU93Iyk\n4RNkiwKBgF8YeD0lrrD8C+gddQrhblTRA8mGvMKEfh992hG8bPpiac0n4uBe3bmH\nUvf66mHBScq/77bF4gMZpafWoTX7AAHS1NpIdg46WWUKQZTW593awCsjKByqxP0I\nFIsGZZNvdK2iw7iVAzIj1TqUdnpKjGw85iO0n2GsLTupy3qR7IdH\n-----END RSA PRIVATE KEY-----\n"
        },
        "name": "testkey",
        "type": "rsa-2048"
    },
    "wrap_info": null,
    "warnings": null,
    "auth": null
}

我删除了换行符和页眉/页脚,并获得以下Base64编码的字符串:

val privKeystring = "MIIEowIBAAKCAQEAnLs+5HqCJzJBcdLU+m5hO70ELEBdh2Iy/dp4hGwR2dZiHYGDD7jUyTkjDAOpjqsCcqK/bAqCFS/1781s7n37IzVwtu4wU7fXjGdW7582QxfEpUms9IYFvzWfIhPDE5VmeXJb7yKiW8rySAbyqQ/ctmOUZtZi/PbHQgS3rmcLvOidp8kJGLb7LYjsZB9tS+Hk4YWKo/3LEyyEkeWtUTQVKzkOOlOZtBmlSkkpz0nV0af/yqkTVvvh+RarwlrVwiJvgB8bpSq/gl68Fv28TKa7j0lsHINLgEy1W69KKXg8BVfZvxKnwwdtkhlnLN+qtuqk3uO4EOxzZojKdLTXEpp1QwIDAQABAoIBACfoKXBlnSQ70JwZ0a7eUhWy4BAgZ3AkWdV3Pj6Bgd4UjzDyHBvxtQRzbvANMqwn8Nydgd4RouOgLZ/cj4L+QubJIaUCav22DsUqPuGOiXN15tUrOEWepnH0RkuX+pDO9qOvsabnC64Rs7URR9IyPsGWA2BX8CZ2829k4hwfEscLkae5KHd9bDvIRBH8XnafcUgf6cB3V3GVwZsUGuT1UUGcuubRXTrsOger9Rb0L3lgTXwpIXeOqAjeOEtjL6+bVOpMdiequmJf5VfKQ0If9gW6XHMQoPdx3+fBzC0/UU6BBNzfojZ9itHp1kQX3h7zilJbPJpm33Jgzg1JAUSPZtECgYEAzTmZwF0Mjb/FUZR884HZ23sVn81oW0mPDmgc3NtmY2YsRhyvd2ncsCAuQjDgmXyraEZ8IKoGQxHJn7t1yxpxISaGMCDQ1XvfHdSJxxQHGJW+/JjANN/FBGyMhCD3rQA8MIiDbe7PyfIhb2dOgza34e19V/5JwaCSd+nP4N10rXkCgYEAw4IxTmY/RdhZABsPn0CymkJZ+y+rTKRNUNclNxuUAgVkOBlHt6ILa+B7gzI0bKX9+YZQXIEsbREl6KvaJe9d5x/JHYcRhJJoHqPoJuvGlfxH7azEoyrdZcR57ayldhfVsvjJsLD7b2lX9JzNnGtipx2PE4ppuB7oN5oU1VpulZsCgYAJHzNPUpN5RXney2vWYwIs+EaYyMeHrzhVmpkV1Aa0ClmTcDj4ZNMzXOrRdFy3VcxEoUVpKkWG+6ZrnCh7M5ytrYmvX/YIVy4upEDPgXtjQ1yu25dHgl6+eJiyUsjPfsAuJBM7cq73ufR0gDIEMQ1xVF4K6DmdCqcX/2OHCjDieQKBgQC7XtYUVgfDz5GUeVrifGXvUzHbexcHz9tNY7QF+YdC3Jns7cV+521cyPp2hTIbAobCkogH78B9EtcrAzCB9MMhE6RyiRUv4gSpgNqoGoTrD6p7zX1zB0zCEKfuMe0tnbAv4yGhFi0S3HnwNCsWAxC8KqcJyjiBvhU93Iyk4RNkiwKBgF8YeD0lrrD8C+gddQrhblTRA8mGvMKEfh992hG8bPpiac0n4uBe3bmHUvf66mHBScq/77bF4gMZpafWoTX7AAHS1NpIdg46WWUKQZTW593awCsjKByqxP0IFIsGZZNvdK2iw7iVAzIj1TqUdnpKjGw85iO0n2GsLTupy3qR7IdH"

但是当我尝试在Java(Kotlin)中实例化PrivateKey对象时,出现“ InvalidKeyException:错误解析错误,而不是序列”。

val privByteKey = Base64.getDecoder().decode(privKeystring)
val privKey = PKCS8EncodedKeySpec(privByteKey)
val privateKey = KeyFactory.getInstance("RSA").generatePrivate(privKey) // throws an exception

在使用私钥之前,我是否还缺少其他步骤来格式化保险柜的输出?

Edit:根据要求进行堆栈跟踪:

java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : algid parse error, not a sequence
    at java.base/sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:251) ~[na:na]
    at java.base/java.security.KeyFactory.generatePrivate(KeyFactory.java:390) ~[na:na]
    at com.mycompany.testClass.service.MyService.testMethod(MyService.kt:83) ~[classes/:na]
java public-key-encryption private-key hashicorp-vault
1个回答
2
投票

Vault默认情况下以PKCS1格式导出RSA密钥。因此,您可以考虑使用openssl将PKCS1格式转换为PKCS8格式:

openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in PKCS1_KEY.key -out PKCS8_KEY.key

然后使用您的代码来准备它。

或使用BouncyCastle,并且它是PEMReader来读取此密钥:

Security.addProvider(new BouncyCastleProvider());
FileReader fileReader = new FileReader("path/to/your/key/key.key");
PEMReader pemReader = new PEMReader(fileReader);
KeyPair keyPair = (KeyPair) pemReader.readObject();
PrivateKey aPrivate = keyPair.getPrivate();
© www.soinside.com 2019 - 2024. All rights reserved.