那些遇到过的问题

.NET系统加密到Bouncy Castle Java Decryption引发错误

Ada*_*man 5 c# java asp.net encryption bouncycastle

艰难的问题,但我可以使用任何帮助.

我在我的端使用System.Security.Cryptography.Xml来加密XML SAML blob.

加密工作正常,但是当它到达另一侧的java库时,它们会收到错误:

java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
        at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
        at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
        at javax.crypto.Cipher.unwrap(Unknown Source)
        at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown Source)
        at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:680)
        at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:611)
        at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:761)
        at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:512)
        at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:439)
        at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:400)
        at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
        at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
Run Code Online (Sandbox Code Playgroud)

如何继续使用加密方法:

        public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
    {
        //cert = new X509Certificate2(@"C:\temp\SEI.cer");
        XmlElement returnElement;
        EncryptedData message = new EncryptedData();
        message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
        message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        //message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        EncryptedKey key = new EncryptedKey();
        key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
        key.KeyInfo.AddClause(new KeyInfoX509Data(cert));

        var rKey = new RijndaelManaged();
        rKey.BlockSize = 128;
        rKey.KeySize = 128;
        rKey.Padding = PaddingMode.PKCS7;
        rKey.Mode = CipherMode.CBC;

        key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
        KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
        message.KeyInfo.AddClause(keyInfo);

        message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
        returnElement = message.GetXml();

        Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));

        GetBytesKeyAndData(rKey, assertion.InnerText);


        return returnElement;
    }
Run Code Online (Sandbox Code Playgroud)

在绕过这个错误的同时?EncryptedKey上是否有参数来设置填充大小?或者我是否必须使用Bouncy Castle来指定加密数据的大小?

Ada*_*man 0

我更改了 RSA 密钥的 AES 加密的 keywrapurl 的大小。

仍然不太明白 opensaml java 库的加密是如何工作的,在破解它之后,我惊讶地发现在 java 中设置一个简单的测试环境需要多长时间。

这个故事的寓意是:不要对大量数据使用非对称加密。

public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
    {
        //cert = new X509Certificate2(@"C:\temp\SEI.cer");
        XmlElement returnElement;
        EncryptedData message = new EncryptedData();
        message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
        message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256KeyWrapUrl);
        //message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        EncryptedKey key = new EncryptedKey();
        key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
        key.KeyInfo.AddClause(new KeyInfoX509Data(cert));

        var rKey = new RijndaelManaged();
        rKey.BlockSize = 128;
        rKey.KeySize = 128;
        rKey.Padding = PaddingMode.PKCS7;
        rKey.Mode = CipherMode.CBC;

        key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
        KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
        message.KeyInfo.AddClause(keyInfo);

        message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
        returnElement = message.GetXml();

        Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));

        GetBytesKeyAndData(rKey, assertion.InnerText);


        return returnElement;
    }
Run Code Online (Sandbox Code Playgroud)

归档时间:

查看次数:

425 次

最近记录:

8 年,9 月 前
RSA块的数据太多失败.什么是PKCS#7? 11
ArrayIndexOutOfBoundsException:RSA块的数据太多 6
java.lang.ArrayIndexOutOfBoundsException:RSA块的数据太多 1
更多相关链接
相关归档
用Java排序数组 167
NHibernate.MappingException:没有持久性:XYZ 129
WPF UserControl如何继承WPF UserControl? 87
.NET短唯一标识符 75
NoInitialContextException错误 61
使用GSON反序列化通用类型 46
"对象已断开连接或在服务器上不存在"异常 42
'Newtonsoft.Json ...'存在于'Blend\Newtonsoft.Json.dll'和'Solution\packages\... \中 42
ASP.NET MVC如何连接到ASP.NET? 10
在EOF抛出异常之前停止解密:填充无效且无法删除 9
难疑归档
如何使用JavaScript复制到剪贴板? 3131
从Git存储库中删除文件而不从本地文件系统中删除它 2892
如何测试空的JavaScript对象? 2730
如何更改一个特定提交的提交作者? 1949
如何使用逗号作为千位分隔符在JavaScript中打印数字 1589
int32的最大值是多少? 1383
如何检查iOS或macOS上的活动Internet连接? 1309
获取数据库中所有表的大小 1180
在HTML中嵌入PDF的推荐方法? 1128
自定义HTTP标头:命名约定 1051