use*_*885 3 java rsa bouncycastle pem pkcs#8
我有一个受密码保护,加密的RSA私钥,它是用PyCrypto(2.6.1)创建的,并根据他们的文档有以下格式:PrivateKeyInfo, PKCS#8 (DER SEQUENCE), PEM (RFC1423),见[ https://www.dlitz.net/software/pycrypto/api/ current/Crypto.PublicKey.RSA._RSAobj-class.html #exportKey].
如何使用Bouncycastle/Spongycastle解密此RSA密钥?
我已经搜索了Google很长一段时间,并且只得到了结果,这些结果要么不适用于版本1.50(因为PEMReader已被弃用并被删除),要么是PEMParser的示例似乎无法读取此格式.顺便说一下:我错过了关于Bouncycastle的文件吗?
这是我加密的私钥的标题:
-----BEGIN PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,68949227DD8A502D
xyz...
我真的很感激,如果有人能帮助我的话!
如果你想获得模数,这是最终的代码:
// For JcaPEMKeyConverter().setProvider("BC")
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
// Using bcpkix-jdk14-1.48
PEMParser pemParser = new PEMParser(new FileReader(file));
Object object = pemParser.readObject();
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair)
{
// Encrypted key - we will use provided password
PEMEncryptedKeyPair ckp = (PEMEncryptedKeyPair) object;
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
kp = converter.getKeyPair(ckp.decryptKeyPair(decProv));
}
else
{
// Unencrypted key - no password needed
PEMKeyPair ukp = (PEMKeyPair) object;
kp = converter.getKeyPair(ukp);
}
// RSA
KeyFactory keyFac = KeyFactory.getInstance("RSA");
RSAPrivateCrtKeySpec privateKey = keyFac.getKeySpec(kp.getPrivate(), RSAPrivateCrtKeySpec.class);
return privateKey;
然后你可以打电话给例如:
privateKey.getModulus();
以下静态方法将处理加密私钥的所有以下 PEM 编码样式:
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
-----BEGIN EC PRIVATE KEY-----
首先确保您已将 BC 注册为安全提供商,然后您可以使用此方法:
static public PrivateKey stringToPrivateKey(String s, String password)
throws IOException, PKCSException {
PrivateKeyInfo pki;
try (PEMParser pemParser = new PEMParser(new StringReader(s))) {
Object o = pemParser.readObject();
if (o instanceof PKCS8EncryptedPrivateKeyInfo) {
PKCS8EncryptedPrivateKeyInfo epki = (PKCS8EncryptedPrivateKeyInfo) o;
JcePKCSPBEInputDecryptorProviderBuilder builder =
new JcePKCSPBEInputDecryptorProviderBuilder().setProvider(bc);
InputDecryptorProvider idp = builder.build(password.toCharArray());
pki = epki.decryptPrivateKeyInfo(idp);
} else if (o instanceof PEMEncryptedKeyPair) {
PEMEncryptedKeyPair epki = (PEMEncryptedKeyPair) o;
PEMKeyPair pkp = epki.decryptKeyPair(new BcPEMDecryptorProvider(password.toCharArray()));
pki = pkp.getPrivateKeyInfo();
} else {
throw new PKCSException("Invalid encrypted private key class: " + o.getClass().getName());
}
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider(bc);
return converter.getPrivateKey(pki);
}
}
使用此问题的答案,您应该执行以下操作
File privateKeyFile = new File(privateKeyFileName); // private key file in PEM format
PEMParser pemParser = new PEMParser(new FileReader(privateKeyFile));
Object object = pemParser.readObject();
PEMDecryptorProvider decProv = new JcePEMDecryptorProviderBuilder().build(password.toCharArray());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp;
if (object instanceof PEMEncryptedKeyPair) {
kp = converter.getKeyPair(((PEMEncryptedKeyPair) object).decryptKeyPair(decProv));
}
然后你可以说
PrivateKey key = kp.getPrivateKey();
| 归档时间: |
|
| 查看次数: |
16680 次 |
| 最近记录: |