我需要通过RSA解密消息,以便通过不安全的通道发送消息,但我害怕Padding Oracle Attack.因此我已经问过以下问题:
像第一个问题中建议的那样,
但是,由于您使用的是高级加密库,因此您不必担心这一点.该图书馆的作者应该照顾它.
我不应该考虑.据我所知,RSA执行的PKCS#1 v1.5是脆弱的Padding Oracale Attack,其中原和不(假设它的正确实施)
因此,我想知道javax.crypt.CipherJava 7 使用哪种填充实现
艰难的问题,但我可以使用任何帮助.
我在我的端使用System.Security.Cryptography.Xml来加密XML SAML blob.
加密工作正常,但是当它到达另一侧的java库时,它们会收到错误:
java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
at javax.crypto.Cipher.unwrap(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown Source)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:680)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:611)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:761)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:512)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:439)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:400)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
如何继续使用加密方法:
public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
{
//cert = new X509Certificate2(@"C:\temp\SEI.cer");
XmlElement returnElement;
EncryptedData message = new EncryptedData();
message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
//message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
EncryptedKey key = new EncryptedKey();
key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
key.KeyInfo.AddClause(new …