Generating the CSR using BouncyCastle API
Solution 1
With the recent versions of BouncyCastle it is recommended to create the CSR using the org.bouncycastle.pkcs.PKCS10CertificationRequestBuilder
class.
You can use this code snipppet:
KeyPair pair = generateKeyPair();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal("CN=Requested Test Certificate"), pair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(pair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
Solution 2
It's really simmilar to Jcs's answer, it is just a little bit supplemented.
Dont forget to add:
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
And the csr generate:
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
keyPairGenerator.initialize(4096);
KeyPair keyPair = keyPairGenerator.generateKeyPair();
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(
new X500Principal("OU=Try, C=US## Heading ##"), keyPair.getPublic());
JcaContentSignerBuilder csBuilder = new JcaContentSignerBuilder("SHA256withRSA");
ContentSigner signer = csBuilder.build(keyPair.getPrivate());
PKCS10CertificationRequest csr = p10Builder.build(signer);
JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(new FileWriter("cert/test.csr"));
jcaPEMWriter.writeObject(csr);
jcaPEMWriter.close();
I think a useful link
Related videos on Youtube
Fox
Updated on June 06, 2022Comments
-
Fox almost 2 years
I am new to the security side of Java and stumbled across this library called BouncyCastle. But the examples that they provide and the ones out on the internet ask to use
return new PKCS10CertificationRequest("SHA256withRSA", new X500Principal( "CN=Requested Test Certificate"), pair.getPublic(), null, pair.getPrivate()
But when I use
PKCS10CertificationRequest
, it looks like it is deprecated. So I started looking at another method where I useCertificationRequest
class. But I am really confused, the constructor does not take the same parameters instead it takesCertificationRequestInfo
class which I am not sure how to fill up.CertificationRequest request = new CertificationRequest(...);
It would be awesome if someone could help me figure out how to make a CSR so that I can send it to the server for getting it signed.
-
Fox over 10 yearsThanks .. How do I print the CSR?
-
Fox over 10 yearsI got it .. did it with the help of PEMWriter class .. Thanks for the help.
-
Tim Mattison about 8 yearsFor new code I'd suggest using JcaPEMWriter instead of PEMWriter. Same interface but PEMWriter is now deprecated.
-
codenamezero almost 7 yearsHow can this be done with smartcard? Since the private key is on the card itself?
-
Jcs almost 7 yearsIn that case the signature of the PKCS#10 request is performed by the smartcard.
-
Vikram Singh Shekhawat about 4 years@Jcs how can I pass the other information in csr generation like organisation unit, location, state , country , validity etc. ?
-
Jcs about 4 years@VikramSinghShekhawat you can add these information in the X500Principal. For instance new X500Principal("CN=Requested Test Certificate, O=Test Inc, C=US")
-
user1053510 about 3 yearsFor those looking for a maven/gradle package containing these classes: mvnrepository.com/artifact/org.bouncycastle/bcpkix-jdk15to18