From 2c4e8bb6d4b8dbc0208997028b578bf729fb5296 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20K=C3=B6rber?= Date: Sun, 31 Jan 2016 14:33:22 +0100 Subject: [PATCH] ECC documentation --- src/site/markdown/usage/certificate.md | 2 +- src/site/markdown/usage/register.md | 32 ++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/src/site/markdown/usage/certificate.md b/src/site/markdown/usage/certificate.md index 99313011..89d8796a 100644 --- a/src/site/markdown/usage/certificate.md +++ b/src/site/markdown/usage/certificate.md @@ -6,7 +6,7 @@ Once you completed all the previous steps, it's time to request the signed certi To do so, prepare a PKCS#10 CSR file. A single domain may be set as _Common Name_. Multiple domains must be provided as _Subject Alternative Name_. Other properties (_Organization_, _Organization Unit_ etc.) depend on the CA. Some may require these properties to be set, while others may ignore them when generating the certificate. -CSR files can be generated with command line tools like `openssl`. Unfortunately the standard Java does not offer classes for that, so you'd have to resort to [Bouncy Castle](http://www.bouncycastle.org/java.html) if you want to create a CSR programmatically. In the `acme4j-utils` module, there is also a [`CSRBuilder`](../apidocs/org/shredzone/acme4j/util/CSRBuilder.html) for your convenience: +CSR files can be generated with command line tools like `openssl`. Unfortunately the standard Java does not offer classes for that, so you'd have to resort to [Bouncy Castle](http://www.bouncycastle.org/java.html) if you want to create a CSR programmatically. In the `acme4j-utils` module, there is also a [`CSRBuilder`](../apidocs/org/shredzone/acme4j/util/CSRBuilder.html) for your convenience. You can also use [`KeyPairUtils`](../apidocs/org/shredzone/acme4j/util/KeyPairUtils.html) for generating the domain key pair. ```java KeyPair domainKeyPair = ... // KeyPair to be used for HTTPS encryption diff --git a/src/site/markdown/usage/register.md b/src/site/markdown/usage/register.md index b7a55422..07056f40 100644 --- a/src/site/markdown/usage/register.md +++ b/src/site/markdown/usage/register.md @@ -60,3 +60,35 @@ client.changeRegistrationKey(reg, newKeyPair); ``` All subsequent calls must now use the new key pair. The old key pair can be disposed. + +## Key Pair Utilities + +The `KeyPairUtils` class in the `acme4j-utils` module provides a few methods to make key pair handling more convenient. + +This call will generate a RSA key pair with a 2048 bit key: + +```java +KeyPair keyPair = KeyPairUtils.createKeyPair(2048); +``` + +You can also create an elliptic curve key pair: + +```java +KeyPair keyPair = KeyPairUtils.createECKeyPair("secp256r1"); +``` + +To save a `KeyPair` (actually, the private key of the key pair) to a pem file, use this snippet: + +```java +try (FileWriter fw = new FileWriter("keypair.pem")) { + KeyPairUtils.writeKeyPair(keyPair, fw); +} +``` + +The following snippet reads the private key from a pem file, and returns a `KeyPair`. + +```java +try (FileReader fr = New FileReader("keypair.pem")) { + return KeyPairUtils.readKeyPair(fr); +} +```