use*_*903 6 java encryption bouncycastle
我正在尝试使用BouncyCastle类来加密和解密密码.我编写了一个测试程序,并以PEM格式和DER格式生成了测试密钥/证书.我可以将密钥/证书读入我的程序并获取公钥并加密值.当我尝试设置解密该值时,我在创建AsymmetricKeyParameter时收到错误"org.bouncycastle.asn1.DLSequence无法转换为org.bouncycastle.asn1.ASN1Integer".似乎当我尝试通过执行cert.getEncoded()从cert中提取数据时,它也会引入标头值.我试着只是读取文件并删除BEGIN和END CERTIFCATE行,以及破折号,这给我带来了同样的错误.我尝试过使用java.security.cert.Certificate以及下面的代码使用的X509Certificate.任何帮助将不胜感激.
我可以上传密钥文件,这对你有帮助,因为它是我在本地机器上生成的测试密钥,一旦我有这个工作就会丢弃.
package com.cds.test;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
public class RSAEncryptDecrypt {
public X509Certificate cert = null;
//
public void readCertificate() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateFactory factory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider());
InputStream fis = new FileInputStream("/opt/temp/keys/openssl_crt.pem");
X509Certificate x509Cert = (X509Certificate) factory.generateCertificate(fis);
this.cert = x509Cert;
System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
}
//
public String encrypt(String inputData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
System.out.println("public key: " + new String(Base64.encode(cert.getPublicKey().getEncoded())));
AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(cert.getPublicKey().getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(true, publicKey);
//
byte[] messageBytes = inputData.getBytes();
byte[] hexEncodedCipher = cipher.processBlock(messageBytes, 0, messageBytes.length);
//
return new String(Base64.encode(hexEncodedCipher));
}
//
private String decrypt (String encryptedData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
byte[] certData = cert.getEncoded();
//certData = Base64.decode(certData);
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(cert.getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(false, privateKey);
//
byte[] decoded = Base64.decode(encryptedData.getBytes());
byte[] result = cipher.processBlock(decoded, 0, decoded.length);
//
return new String(result);
}
//
public static void main(String[] args) throws Exception {
String inputData = "This is the message I am trying to encrypt.";
String encrypted = null;
String decrypted = null;
//
RSAEncryptDecrypt rsa = new RSAEncryptDecrypt();
//
rsa.readCertificate();
System.out.println(" input: " + inputData);
encrypted = rsa.encrypt(inputData);
System.out.println("encrypted: " + encrypted);
decrypted = rsa.decrypt(encrypted);
System.out.println("decrypted: " + decrypted);
}
}
证书仅包含公钥,不包含私钥。当然,公钥有一个与之关联的私钥,但它并不保存在证书中。该证书是您分发给其他方的证书。
可能是您过多地使用了 Microsoft 代码。我提到的是 Microsoft,因为在 .NET 代码中,证书类可以在内部包含关联的私钥,从而形成相当简单的 API。
因此,要解密,您必须单独读取证书的私钥(使用PKCS8EncodedKeySpec和"RSA" KeyFactory)。
另一种选择是将两者放入 PKCS#12 密钥存储中并使用KeyStore.load.