生活紀錄: 9月 2017

2017年9月15日星期五

Arduino pro mini

1. 製造 Arduino 燒錄器
接腳 FT232RL -> Arduino Pro Mini
DTR->DTR
RX->TXO
TX->RXI
VCC->VCC
CTX->GND
GND->GNC

選擇要當燒錄器的 Boards(Arduino Pro or Pro Mini) 和 Port
File/Examples/11.ArduinoISP/ArduinoISP
Sketch/Upload

2. 燒錄 bootloader
接腳 Arduino Pro Mini(Arduino 燒錄器)->Arduino Pro Mini
VCC->VCC
GND->GND
10->RST
11(MOSI)->11(MOSI)
12(MISO)->12(MISO)
13(SCK)->13(SCK)

File/Examples/01.Basics/Blank

選擇目標 Boards(Arduino Pro or Pro Mini)

Tools/Programmer/Arduino as ISP

Tools/Brun Bootloader

Sketch/Upload Using Programmer

2017年9月5日星期二

SSL, RaspberryPi Server, Android Client

請參考 Android 與 Raspberry 證書和 SSL 網路程式設計的 Server 端
在此提供 Android 的 Client

package com.example.mark.sslclient;

import android.content.Context;
import android.content.res.AssetManager;
import android.util.Log;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/** * Created by mark on 2017/9/1. */
public class SSLClient {
    static SSLContext ssl_ctx;

    public SSLClient(Context context) {
        try {
            Log.d("SSLClient", "SSLClient");

            //  Setup truststore            KeyStore trustStore = KeyStore.getInstance("BKS");
            InputStream trustStoreStream = context.getResources().openRawResource(R.raw.android);
            trustStore.load(trustStoreStream, "store1234".toCharArray());
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(trustStore);
            Log.d("SSLClient", "Trust " + trustStore.size());
            Log.d("SSLClient", "trustManagerFactory " + trustManagerFactory.getTrustManagers().length);

            //  Setup keystore            KeyStore keyStore = KeyStore.getInstance("BKS");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            InputStream keyStoreStream = context.getResources().openRawResource(R.raw.android);
            keyStore.load(keyStoreStream, "store1234".toCharArray());
            keyManagerFactory.init(keyStore, "key1234".toCharArray());
            Log.d("SSLClient", "Key " + keyStore.size());
            Log.d("SSLClient", "keyManagerFactory " + keyManagerFactory.getKeyManagers().length);

            // Setup the SSL context to use the truststore and keystore            ssl_ctx = SSLContext.getInstance("TLS");
            if (true) {
                ssl_ctx.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
            } else {
                TrustManager tm = new X509TrustManager() {
                    public void checkClientTrusted(X509Certificate[] chain, String authTyhpe) throws CertificateException {
                    }
                    public void checkServerTrusted(X509Certificate[] chain, String authTyhpe) throws CertificateException {
                    }
                    public X509Certificate[] getAcceptedIssuers() {
                        return null;
                    }
                };
                ssl_ctx.init(null, new TrustManager[] { tm }, null);
            }
        } catch (KeyStoreException e) {
            Log.d("SSLClient", e.getMessage());
        } catch (NoSuchAlgorithmException e) {
            Log.d("SSLClient", e.getMessage());
        } catch (CertificateException e) {
            Log.d("SSLClient", e.getMessage());
        } catch (IOException e) {
            Log.d("SSLClient", e.getMessage());
        } catch (KeyManagementException e) {
            Log.d("SSLClient", e.getMessage());
        } catch (UnrecoverableKeyException e) {
            Log.d("SSLClient", e.getMessage());
        }
    }
}

package com.example.mark.sslclient;

import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.util.Log;

import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;

import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;

public class MainActivity extends AppCompatActivity {
    private static final String TAG = "MainActivity";
    private SSLClient sslClient;

    private Runnable threadMain = new Runnable() {
        @Override        public void run() {
            SSLSocketFactory socketFactory = (SSLSocketFactory)sslClient.ssl_ctx.getSocketFactory();
            try {
                Log.d(TAG, "threadMain createSocket a");
                SSLSocket socket = (SSLSocket)socketFactory.createSocket("192.168.1.61", 8080);
                Log.d(TAG, "threadMain createSocket b");
                PrintWriter output = new PrintWriter(new OutputStreamWriter(socket.getOutputStream()));
                BufferedReader input = new BufferedReader((new InputStreamReader(socket.getInputStream())));
                output.println("\nthis is from client+++++++++++++++client send to server");
                output.flush();
                Log.d(TAG, "threadMain input.readLine() a");
                String line = input.readLine();
                while (line != null) {
                    Log.d(TAG, line);
                    line = input.readLine();
                }
                Log.d(TAG, "threadMain input.readLine() b");
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
    };
    @Override    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        Log.d(TAG, "onCreate a");
        setContentView(R.layout.activity_main);

        sslClient = new SSLClient(this);
        Thread thread = new Thread(threadMain);
        thread.start();
        Log.d(TAG, "onCreate b");
    }
}

2017年9月4日星期一

Huawei 在 Android Studio 沒有 logcat

撥打 *#*#2846579#*#*
Project Menu > Background Setting > Log setting
選擇 AP Log

Android 與 Raspberry 證書

請參考先前的 Raspberry OPENSSL 根證書伺服端客戶端
和 Java keytool and Android

// 產生 Android 要用的 key 和 keystore
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -validity 3650 -genkey -v -alias android -keyalg RSA -keystore android.jks -dname "CN=AndroidClient,OU=R&D,O=SDL,L=Taichung,ST=Taiwan,c=TW" -storepass store1234 -keypass key1234
針對 CN=AndroidClient, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW 產生有效期 3,650 天的 2,048 位元 RSA 金鑰組以及自我簽署憑證 (SHA256withRSA)

[儲存 android.jks]

D:\SVN_Repository3\pi\Key>
// 產生申請證書
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -certreq -keystore android.jks -alias android -file android.csr -storepass store1234 -keypass key1234

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/09/04 11:15 <DIR> .
2017/09/04 11:15 <DIR> ..
2017/09/04 11:15 1,086 android.csr
2017/09/04 11:14 2,231 android.jks
2 個檔案 3,317 位元組
2 個目錄 678,150,483,968 位元組可用

D:\SVN_Repository3\pi\Key>

// 傳送 android.csr 到 RaspberryPi, 並簽署
pi@raspberrypi:~/OpenSSL/openssl $ openssl ca -in android/android.csr -out android/android.crt -days 3650 -cert ca/ca.crt -keyfile ca/ca.key -config openssl.cnf

Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
The stateOrProvinceName field needed to be the same in the
CA certificate (Taiwan) and the request (Taiwan)
pi@raspberrypi:~/OpenSSL/openssl $
// 原因為編碼錯誤, 下兩個命令可以查詢, 並比較
pi@raspberrypi:~/OpenSSL/openssl $ openssl asn1parse -in androiid/android.csr
pi@raspberrypi:~/OpenSSL/openssl $ openssl asn1parse -in ca/ca.crt

// 修改設定

pi@raspberrypi:~/OpenSSL/openssl $ vi openssl.cnf
#string_mask = utf8only
string_mask = pkix
# For the CA policy
[ policy_match ]
#countryName = match
#stateOrProvinceName = match
#organizationName = match
countryName = optional
stateOrProvinceName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional

pi@raspberrypi:~/OpenSSL/openssl $ openssl ca -in android/android.csr -out android/android.crt -days 3650 -cert ca/ca.crt -keyfile ca/ca.key -config openssl.cnf
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4 (0x4)
Validity
Not Before: Sep 4 05:46:35 2017 GMT
Not After : Sep 2 05:46:35 2027 GMT
Subject:
countryName = TW
stateOrProvinceName = Taiwan
organizationName = SDL
organizationalUnitName = R&D
commonName = AndroidClient
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
99:6F:21:B8:C1:2A:DB:03:7F:37:47:17:F5:C8:6C:10:18:B2:75:50
X509v3 Authority Key Identifier:
keyid:F4:6D:3E:3D:93:2A:4A:81:85:62:C3:D7:4B:70:F9:28:F6:E6:A4:F4

Certificate is to be certified until Sep 2 05:46:35 2027 GMT (3650 days)
Sign the certificate? [y/n]:y
failed to update database
TXT_DB error number 2
// 不明原因失敗，下列為解決方法
pi@raspberrypi:~/OpenSSL/openssl $ ls newcerts/
01.pem 02.pem 03.pem
pi@raspberrypi:~/OpenSSL/openssl $ openssl ca -revoke newcerts/03.pem -config op
enssl.cnf -cert ca/ca.crt -keyfile ca/ca.key
Using configuration from openssl.cnf
Revoking Certificate 03.
Data Base Updated
pi@raspberrypi:~/OpenSSL/openssl $
// 重新簽署
pi@raspberrypi:~/OpenSSL/openssl $ openssl ca -in android/android.csr -out android/android.crt -days 3650 -cert ca/ca.crt -keyfile ca/ca.key -config openssl.cnf
Using configuration from openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 4 (0x4)
Validity
Not Before: Sep 4 05:51:48 2017 GMT
Not After : Sep 2 05:51:48 2027 GMT
Subject:
countryName = TW
stateOrProvinceName = Taiwan
organizationName = SDL
organizationalUnitName = R&D
commonName = AndroidClient
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
99:6F:21:B8:C1:2A:DB:03:7F:37:47:17:F5:C8:6C:10:18:B2:75:50
X509v3 Authority Key Identifier:
keyid:F4:6D:3E:3D:93:2A:4A:81:85:62:C3:D7:4B:70:F9:28:F6:E6:A4:F4

Certificate is to be certified until Sep 2 05:51:48 2027 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
pi@raspberrypi:~/OpenSSL/openssl $

//將 ca.crt 和 android.crt 傳回 PC
// 安裝根證書
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -import -trustcacerts -v -alias ca -file ca.crt -keystore android.jks -storepass store1234
擁有者: CN=PiCA, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
發出者: CN=PiCA, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
序號: e595993377a61f60
有效期自: Tue Aug 29 09:40:37 CST 2017 到: Fri Aug 27 09:40:37 CST 2027
憑證指紋:
MD5: 8D:94:79:EB:E6:81:8C:33:4F:BE:7C:EF:16:D3:23:28
SHA1: 7B:DF:78:14:87:F1:C8:DA:27:91:9B:6C:B7:7C:B6:6C:3F:84:59:13
SHA256: 38:C6:7B:DC:DB:28:EA:CC:6A:A0:38:4B:DF:D2:D6:B2:44:70:CE:B5:86:F0:DE:9B:99:49:3C:75:D6:5C:89:EB
簽章演算法名稱: SHA256withRSA
版本: 3

擴充套件:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F4 6D 3E 3D 93 2A 4A 81 85 62 C3 D7 4B 70 F9 28 .m>=.*J..b..Kp.(
0010: F6 E6 A4 F4 ....
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F4 6D 3E 3D 93 2A 4A 81 85 62 C3 D7 4B 70 F9 28 .m>=.*J..b..Kp.(
0010: F6 E6 A4 F4 ....
]
]

信任這個憑證？ [否]: y
憑證已新增至金鑰儲存庫中
[儲存 android.jks]

D:\SVN_Repository3\pi\Key>
// 安裝證書
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -import -v -alias android -file android.crt -keystore android.jks -storepass store1234 -keypass key1234
憑證回覆已安裝在金鑰儲存庫中
[儲存 android.jks]

D:\SVN_Repository3\pi\Key>
// 產生 BKS 格式的 keystore

D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -importkeystore -srckeystore android.jks -srcstorepass store1234 -destkeystore android.bks -deststoretype BKS -deststorepass store1234 -provider org.bouncycastle.jce.provider.BouncyCastleProvider
已成功匯入別名 ca 的項目。
輸入 <android> 的金鑰密碼
已成功匯入別名 android 的項目。
已完成匯入命令: 成功匯入 2 個項目，0 個項目失敗或已取消

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/09/04 14:39 <DIR> .
2017/09/04 14:39 <DIR> ..
2017/09/04 14:39 4,155 android.bks
2017/09/04 13:51 4,417 android.crt
2017/09/04 13:42 1,086 android.csr
2017/09/04 13:52 4,150 android.jks
2017/08/29 09:40 1,289 ca.crt
5 個檔案 15,097 位元組
2 個目錄 678,150,561,792 位元組可用

D:\SVN_Repository3\pi\Key>

Java keytool and Android

D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -validity 3650 -genkey -v -alias server -keyalg RSA -keystore server.keystore -dname "CN=AndroidServer,OU=R&D,O=SDL,L=Taichung,ST=Taiwan,c=TW" -storepass store1234 -keypass key1234
針對 CN=AndroidServer, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW 產生有效期 3,650 天的 2,048 位元 RSA 金鑰組以及自我簽署憑證 (SHA256withRSA)

[儲存 server.keystore]

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/08/31 13:27 <DIR> .
2017/08/31 13:27 <DIR> ..
2017/08/31 13:27 2,228 server.keystore
1 個檔案 2,228 位元組
2 個目錄 679,286,407,168 位元組可用

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -validity 3650 -genkeypair -v -alias client -keyalg RSA -storetype PKCS12 -keystore client.p12 -dname "CN=AndroidClient,OU=R&D,O=SDL,L=Taichung,ST=Taiwan,c=TW" -storepass client1234
針對 CN=AndroidClient, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW 產生有效期 3,650 天的 2,048 位元 RSA 金鑰組以及自我簽署憑證 (SHA256withRSA)

[儲存 client.p12]

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/08/31 13:32 <DIR> .
2017/08/31 13:32 <DIR> ..
2017/08/31 13:32 2,572 client.p12
2017/08/31 13:27 2,228 server.keystore
2 個檔案 4,800 位元組
2 個目錄 679,286,403,072 位元組可用

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -export -v -alias client -keystore client.p12 -storetype PKCS12 -storepass client1234 -rfc -file client.cer
憑證儲存在檔案 <client.cer>

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/08/31 13:56 <DIR> .
2017/08/31 13:56 <DIR> ..
2017/08/31 13:57 1,260 client.cer
2017/08/31 13:55 2,572 client.p12
2017/08/31 13:54 2,230 server.keystore
3 個檔案 6,062 位元組
2 個目錄 679,286,390,784 位元組可用

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -export -v -alias server -keystore server.keystore -storepass store1234 -rfc -file server.cer
憑證儲存在檔案 <server.cer>

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/08/31 13:58 <DIR> .
2017/08/31 13:58 <DIR> ..
2017/08/31 13:57 1,260 client.cer
2017/08/31 13:55 2,572 client.p12
2017/08/31 13:58 1,260 server.cer
2017/08/31 13:54 2,230 server.keystore
4 個檔案 7,322 位元組
2 個目錄 679,286,386,688 位元組可用

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -import -v -alias server -file server.cer -keystore client.truststore -storepass trust1234
擁有者: CN=AndroidServer, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
發出者: CN=AndroidServer, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
序號: 33fc9a74
有效期自: Thu Aug 31 13:54:47 CST 2017 到: Sun Aug 29 13:54:47 CST 2027
憑證指紋:
MD5: C7:7E:71:51:21:79:BF:BE:D9:42:E5:42:B7:0F:4D:19
SHA1: DD:3E:87:9E:92:67:6D:F4:18:70:E8:23:82:93:A6:A9:9D:0A:7A:F4
SHA256: 05:EE:F8:9F:DB:89:C2:D0:20:40:C5:77:DF:50:2D:3D:06:E4:FC:EE:15:4A:39:14:0E:F2:AF:29:23:65:A6:49
簽章演算法名稱: SHA256withRSA
版本: 3

擴充套件:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CB 69 A6 E6 E4 06 5F 7C EF 14 38 37 88 F8 30 A7 .i...._...87..0.
0010: 1A 7F 7F 3A ...:
]
]

信任這個憑證？ [否]: y
憑證已新增至金鑰儲存庫中
[儲存 client.truststore]

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/08/31 14:02 <DIR> .
2017/08/31 14:02 <DIR> ..
2017/08/31 13:57 1,260 client.cer
2017/08/31 13:55 2,572 client.p12
2017/08/31 14:02 940 client.truststore
2017/08/31 13:58 1,260 server.cer
2017/08/31 13:54 2,230 server.keystore
5 個檔案 8,262 位元組
2 個目錄 679,286,382,592 位元組可用

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -import -v -alias client -file client.cer -keystore server.keystore -storepass store1234
擁有者: CN=AndroidClient, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
發出者: CN=AndroidClient, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
序號: 4a2adb9c
有效期自: Thu Aug 31 13:55:07 CST 2017 到: Sun Aug 29 13:55:07 CST 2027
憑證指紋:
MD5: A6:8C:FA:94:8C:F9:D5:09:54:DD:12:FE:75:51:19:86
SHA1: 10:7D:E3:DC:D8:42:43:FF:46:97:26:A2:8F:AA:B7:90:74:16:8D:24
SHA256: 3B:30:95:09:AE:1A:AC:AC:2D:3C:10:4B:7B:33:4B:E6:5B:51:AC:C7:C8:A0:99:EF:39:0F:64:DE:F5:56:6E:D8
簽章演算法名稱: SHA256withRSA
版本: 3

擴充套件:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 32 BA E6 02 8E A5 3D 02 77 01 21 29 B0 55 21 82 2.....=.w.!).U!.
0010: F6 8B 34 9B ..4.
]
]

信任這個憑證？ [否]: y
憑證已新增至金鑰儲存庫中
[儲存 server.keystore]

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/08/31 14:02 <DIR> .
2017/08/31 14:02 <DIR> ..
2017/08/31 13:57 1,260 client.cer
2017/08/31 13:55 2,572 client.p12
2017/08/31 14:02 940 client.truststore
2017/08/31 13:58 1,260 server.cer
2017/08/31 14:04 3,138 server.keystore
5 個檔案 9,170 位元組
2 個目錄 679,286,382,592 位元組可用

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -list -keystore server.keystore -storepass store1234

金鑰儲存庫類型: JKS
金鑰儲存庫提供者: SUN

您的金鑰儲存庫包含 2 項目

client, 2017/8/31, trustedCertEntry,
憑證指紋 (SHA1): 10:7D:E3:DC:D8:42:43:FF:46:97:26:A2:8F:AA:B7:90:74:16:8D:24
server, 2017/8/31, PrivateKeyEntry,
憑證指紋 (SHA1): DD:3E:87:9E:92:67:6D:F4:18:70:E8:23:82:93:A6:A9:9D:0A:7A:F4

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -list -keystore client.truststore -storepass trust1234

金鑰儲存庫類型: JKS
金鑰儲存庫提供者: SUN

您的金鑰儲存庫包含 1 項目

server, 2017/8/31, trustedCertEntry,
憑證指紋 (SHA1): DD:3E:87:9E:92:67:6D:F4:18:70:E8:23:82:93:A6:A9:9D:0A:7A:F4

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -import -v -alias server -file server.cer -keystore trust.bks -storepass trust1234 -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider
擁有者: CN=AndroidServer, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
發出者: CN=AndroidServer, OU=R&D, O=SDL, L=Taichung, ST=Taiwan, C=TW
序號: 33fc9a74
有效期自: Thu Aug 31 13:54:47 CST 2017 到: Sun Aug 29 13:54:47 CST 2027
憑證指紋:
MD5: C7:7E:71:51:21:79:BF:BE:D9:42:E5:42:B7:0F:4D:19
SHA1: DD:3E:87:9E:92:67:6D:F4:18:70:E8:23:82:93:A6:A9:9D:0A:7A:F4
SHA256: 05:EE:F8:9F:DB:89:C2:D0:20:40:C5:77:DF:50:2D:3D:06:E4:FC:EE:15:4A:39:14:0E:F2:AF:29:23:65:A6:49
簽章演算法名稱: SHA256withRSA
版本: 3

擴充套件:

#1: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CB 69 A6 E6 E4 06 5F 7C EF 14 38 37 88 F8 30 A7 .i...._...87..0.
0010: 1A 7F 7F 3A ...:
]
]

信任這個憑證？ [否]: y
憑證已新增至金鑰儲存庫中
[儲存 trust.bks]

D:\SVN_Repository3\pi\Key>
D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/09/01 09:44 <DIR> .
2017/09/01 09:44 <DIR> ..
2017/08/31 13:57 1,260 client.cer
2017/08/31 13:55 2,572 client.p12
2017/08/31 14:02 940 client.truststore
2017/08/31 13:58 1,260 server.cer
2017/08/31 14:04 3,138 server.keystore
2017/09/01 09:44 962 trust.bks
6 個檔案 10,132 位元組
2 個目錄 679,233,712,128 位元組可用

D:\SVN_Repository3\pi\Key>

//下載 Bouncy Castle
// https://www.bouncycastle.org/latest_releases.html
// 拷貝 bcprov-ext-jdk15on-158.jar 到 C:\Program Files\Java\jdk1.7.0_67\jre\lib\ext
// 拷貝 bcprov-ext-jdk15on-158.jar 到 C:\Program Files\Java\jre7\lib\ext
// 將下一行加入 C:\Program Files\Java\jre7\lib\security\java.security 和 C:\Program Files\Java\jdk1.7.0_67\jre\lib\security\java.security
// security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider
// 新增 CLASSPATH=C:\Program Files\Java\jdk1.7.0_67\jre\lib\ext\bcprov-ext-jdk15on-158.jar
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -srcstorepass client1234 -destkeystore client.bks -deststoretype BKS -deststorepass client1234 -provider org.bouncycastle.jce.provider.BouncyCastleProvider
匯入別名 client 的項目時出現問題: java.security.KeyStoreException: java.io.IOException: Error initialising store of key store: java.security.InvalidKeyException: Illegal key size。
未匯入別名 client 的項目。
Do you want to quit the import process? [no]: y
已完成匯入命令: 成功匯入 0 個項目，1 個項目失敗或已取消

D:\SVN_Repository3\pi\Key>
//下載 Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download
//http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
//解壓縮 UnlimitedJCEPolicyJDK7.zip
//到 C:\Program Files\Java\jdk1.7.0_67\jre\lib\security
//備份舊的 local_policy.jar, US_export_policy.jar
//拷貝新的 local_policy.jar, US_export_policy.jar
D:\SVN_Repository3\pi\Key>"C:\Program Files\Java\jdk1.7.0_67\bin\keytool.exe" -importkeystore -srckeystore client.p12 -srcstoretype PKCS12 -srcstorepass client1234 -destkeystore client.bks -deststoretype BKS -deststorepass client1234 -provider org.bouncycastle.jce.provider.BouncyCastleProvider
已成功匯入別名 client 的項目。
已完成匯入命令: 成功匯入 1 個項目，0 個項目失敗或已取消

D:\SVN_Repository3\pi\Key>dir
磁碟區 D 中的磁碟是新增磁碟區
磁碟區序號: 3AAA-91FF

D:\SVN_Repository3\pi\Key 的目錄

2017/09/01 10:26 <DIR> .
2017/09/01 10:26 <DIR> ..
2017/09/01 10:26 2,234 client.bks
2017/08/31 13:57 1,260 client.cer
2017/08/31 13:55 2,572 client.p12
2017/08/31 14:02 940 client.truststore
2017/08/31 13:58 1,260 server.cer
2017/08/31 14:04 3,138 server.keystore
2017/09/01 09:44 962 trust.bks
7 個檔案 12,366 位元組
2 個目錄 679,233,679,360 位元組可用

D:\SVN_Repository3\pi\Key>

訂閱：文章 (Atom)

網頁

2017年9月15日 星期五