在Java Security中使用openssh公钥（ecdsa-sha2-nistp256）

在Java Security中使用openssh公钥（ecdsa-sha2-nistp256）

为了完整起见，这是我使用的代码。它是几乎纯的JCE，在帮助器方法中散布了Bouncycastle（这会更新Java安全中的“使用authorized_keys中的公共密钥”中的示例代码）：

...        } else if (type.startsWith("ecdsa-sha2-") &&     (type.endsWith("nistp256") || type.endsWith("nistp384") || type.endsWith("nistp521"))) { // based on RFC 5656, section 3.1 (https://tools.ietf.org/html/rfc5656#section-3.1) String identifier = depreType(); BigInteger q = depreBigInt(); ECPoint ecPoint = getECPoint(q, identifier); ECParameterSpec ecParameterSpec = getECParameterSpec(identifier); ECPublicKeySpec spec = new ECPublicKeySpec(ecPoint, ecParameterSpec); return KeyFactory.getInstance("EC").generatePublic(spec);        } ...ECPoint getECPoint(BigInteger q, String identifier) {    String name = identifier.replace("nist", "sec") + "r1";    ECNamedCurveParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec(name);    org.bouncycastle.math.ec.ECPoint point = ecSpec.getCurve().deprePoint(q.toByteArray());    BigInteger x = point.getAffineXCoord().toBigInteger();    BigInteger y = point.getAffineYCoord().toBigInteger();    System.out.println("BC x = " + x);    System.out.println("BC y = " + y);    return new ECPoint(x, y);}ECParameterSpec getECParameterSpec(String identifier) {    try {        // http://www.bouncycastle.org/wiki/pages/viewpage.action?pageId=362269#SupportedCurves(ECDSAandECGOST)-NIST(aliasesforSECcurves)        String name = identifier.replace("nist", "sec") + "r1";        AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC");        parameters.init(new ECGenParameterSpec(name));        return parameters.getParameterSpec(ECParameterSpec.class);    } catch (InvalidParameterSpecException | NoSuchAlgorithmException e) {        throw new IllegalArgumentException("Unable to get parameter spec for identifier " + identifier, e);    }}