根据Bouncy Castle文档,KeyStore有三种实现:
The Bouncy Castle package has three implementation of a keystore.
The first “BKS” is a keystore that will work with the keytool in the
same fashion as the Sun “JKS” keystore. The keystore is resistent to
tampering but not inspection.> The second, Keystore.BouncyCastle, or Keystore.UBER will only work
with the keytool if the password is provided on the command line, as
the entire keystore is encrypted with a PBE based on SHA1 and Twofish.
PBEWithSHAAndTwofish-CBC. This makes the entire keystore resistant to
tampering and inspection, and forces verification. The Sun JDK
provided keytool will attempt to load a keystore even if no password
is given, this is impossible for this version. (One might wonder about
going to all this trouble and then having the password on the command
line! New keytool anyone?).In the first case, the keys are encrypted with 3-Key-TripleDES.
The third is a PKCS12 compatible keystore. PKCS12 provides a slightly
different situation from the regular key store, the keystore password
is currently the only password used for storing keys. Otherwise it
supports all the functionality required for it to be used with the
keytool. In some situations other libraries always expect to be
dealing with Sun certificates, if this is the case use PKCS12-DEF, and
the certificates produced by the key store will be made using the
default provider. In the default case PKCS12 uses 3DES for key
protection and 40 bit RC2 for protecting the certificates. It is also
possible to use 3DES for both by using PKCS12-3DES-3DES or
PKCS12-DEF-3DES-3DES as the KeyStore type.
我在Internet上找不到有关此的任何有趣信息,似乎没人使用它.
可以在Android上使用Keystore.BouncyCastle或Keystore.UBER吗?如何获得实例? KeyStore.getInstance(“ UBER”,“ BC”); ?它是否适用于所有android版本?
解决方法:
是的,可以使用它,通过以下方式获取实例:
KeyStore.getInstance("UBER", "SC");
在正常的Java代码中,此处应为“ BC”(BouncyCastle)提供程序,但是在Android上使用SpongyCastle,因此我们需要在此处放置“ SC”.