我使用 OpenSSL 生成了一个椭圆曲线私钥/公钥对。私钥和公钥是 PEM 编码的。由于这个,我已经想出了如何加载公钥。但是,我不知道如何加载私钥,因为上面的消息只是以 InvalidKeySpecException: key spec notknowledge 结束。
然后我找到了this,但它也以“无法识别的编码密钥规范”告终。如何加载我的私钥?
private PrivateKey loadPrivateKey(String location) {
try {
// Strip the guarding strings
byte[] bytes = stripGuardLines(location);
return KeyFactory.getInstance("ECDH").generatePrivate(new PKCS8EncodedKeySpec(bytes));
} catch (FileNotFoundException e) {
LoggerFactory.getLogger("Nectar").error("Failed to find Private KEY: " + location);
System.exit(1);
} catch (IOException e) {
LoggerFactory.getLogger("Nectar").error("IOException while loading Private Key!");
e.printStackTrace();
System.exit(1);
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
e.printStackTrace();
System.exit(1);
}
return null;
}
private byte[] stripGuardLines(String location) throws …我对加密/证书完全陌生,并尝试使用 Bouncy Castle 库生成证书。查看他们的一些示例代码,这就是我目前所拥有的:
package crypto;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509v1CertificateBuilder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Properties;
public class App {
private static final int VALIDITY_PERIOD = 7 * 24 * 60 * 60 * 1000; // one week
public static void main (String[] args) throws Exception {
Security.addProvider(new …在使用符号加密然后解密和验证时,我在验证时不断在流中获取未知对象。消息完整性检查已通过,但是当我尝试在解密后的下一行进行验证时,出现上述错误。
private static void encryptFile(
String outFileName,
OutputStream out,
String fileName,
PGPPublicKey encKey,
String sKeyFileName,
char[] passPhrase,
boolean armor,
boolean withIntegrityCheck)
throws Exception
{
if (armor)
{
out = new ArmoredOutputStream(out);
}
try
{
byte[] bytes = PGPKeyUtil.compressFile(fileName, CompressionAlgorithmTags.ZIP);
PGPEncryptedDataGenerator encGen = new PGPEncryptedDataGenerator(
PGPEncryptedData.CAST5, withIntegrityCheck, new SecureRandom(), "BC");
encGen.addMethod(encKey);
OutputStream cOut = encGen.open(out, bytes.length);
cOut.write(bytes);
cOut.close();
out.close();
cOut.close();
if (armor)
{
out.close();
}
encGen.close();
}
catch (PGPException e)
{
System.err.println(e);
if (e.getUnderlyingException() != null)
{
e.getUnderlyingException().printStackTrace();
}
}
} …对如何将证书包含到 Bouncy Castle TLSSocketConnectionFactory 中有疑问?
例如,我在以前的版本中使用过这段代码,它在 TLS1.0 中运行良好:
SSLContext sslcontext = SSLContext.getInstance("TLS");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
InputStream is = new FileInputStream("c:/cert/test-tls.cer");
InputStream caInput = new BufferedInputStream(is);
Certificate ca;
try {
ca = cf.generateCertificate(caInput);
} finally {
caInput.close();
}
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
keyStore.load(null, null);
keyStore.setCertificateEntry("ca", ca);
// Create a TrustManager that trusts the CAs in our KeyStore
String tmfAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf = TrustManagerFactory.getInstance(tmfAlgorithm);
tmf.init(keyStore);
TrustManager[] tm = tmf.getTrustManagers();
sslcontext.init(kmf.getKeyManagers(), tm, null);
SSLSocketFactory sslSocketFactory = …我从散列数据创建了一个TimeStampRequest并将其发送到 tsa。
TSA 以 Granted 响应作为响应,我得到了带有时间戳的字节数组。
如何获取原始散列数据,以便验证 TSA 发送的时间戳是我声称拥有的时间戳?
提前致谢。
要求
TimeStampRequestGenerator reqGen = new TimeStampRequestGenerator();
SHA1 sha1 = SHA1CryptoServiceProvider.Create();
ValidateInput(data);
reqGen.SetCertReq(true);
Hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(data));
TimeStampRequest request = reqGen.Generate(
TspAlgorithms.Sha1, Hash, BigInteger.ValueOf(100));
byte[] reqData = request.GetEncoded();
record.DtRequest = DateTime.Now;
HttpWebRequest httpReq = (HttpWebRequest)WebRequest.Create(stampURI);
httpReq.Method = "POST";
httpReq.ContentType = "application/timestamp-query";
httpReq.ContentLength = reqData.Length;
// Write the request content
Stream reqStream = httpReq.GetRequestStream();
reqStream.Write(reqData, 0, reqData.Length);
reqStream.Close();
HttpWebResponse httpResp = (HttpWebResponse)httpReq.GetResponse();
// Read the response
Stream respStream = new BufferedStream(httpResp.GetResponseStream()); …Bouncy Castle 的最新(测试版)版本 (bcprov-jdk15on-161b20.jar) 支持 ED25519 和 ED448 EC 加密以进行签名。我设置了这个完整的工作示例,它按预期工作。
我的问题:我是否正确重建了私钥和公钥,因为我没有在 bc-tests 中找到任何示例?我希望我必须使用一些规范功能,如“X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(content)”来重建 RSA 密钥,但我的代码正在运行。
package bc;
// original source: https://github.com/bcgit/bc-java/blob/master/core/src/test/java/org/bouncycastle/crypto/test/Ed25519Test.java
// needs bouncy castle beta: bcprov-jdk15on-161b20.jar (version 1.605)
// tested with Java 8 Build 191 x64
// this is a full working example for generating, signing, verififying with ed25519 keys
// code: https://github.com/java-crypto/Bouncy-Castle
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Arrays;
import java.io.UnsupportedEncodingException;
import javax.xml.bind.DatatypeConverter;
import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.Signer; …一天中的好时光,我需要以某种方式将 bouncycastle 库连接到 android studio。如何才能做到这一点?我以前从未处理过一个。这是我需要这个库的代码:
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
byte[] input = "www.javaCODEgeeks.com".getBytes();
byte[] keyBytes = new byte[]{0x01, 0x23, 0x45, 0x67, (byte) 0x89, (byte) 0xab, (byte) 0xcd,
(byte) 0xef};
byte[] ivBytes = new byte[]{0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00};
SecretKeySpec pKey = new SecretKeySpec(keyBytes, "DES");
IvParameterSpec ivectorSpecv = new IvParameterSpec(ivBytes);
Cipher c = Cipher.getInstance("DES/CBC/PKCS7Padding", "BC");
System.out.println("input : " + new String(input));
// encryption pass
c.init(Cipher.ENCRYPT_MODE, pKey, ivectorSpecv);
byte[] encr = new byte;
int ctLen = c.update(input, 0, input.length, encr, 0); …我需要一些帮助来验证带有 ECDSA 公钥的 jwt 签名。我正在从带有充气城堡的 .pem 文件中读取密钥并使用 jjwt 进行验证。验证签名时出现错误。
Security.addProvider(new BouncyCastleProvider());
String jwt = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJtc2kiOiI5NzE1NTA5ODc2NTUiLCJmZWEiOiJzaWdudXAtZGF0YSIsImlzcyI6IkNEUCIsImV4cCI6MTU1NDU2NjMzNiwiaWF0IjoxNTU0MzkzNTM2LCJzaWQiOiIwNDI0MDMwMDg5NzI4MTg3QG5haS5lcGMubW5jMTMwLm1jYzMxMC4zZ3BwbmV0d29yay5vcmcifQ.RwxoGmFd1_dQPeGN-0gnWIW79xXvGHoyJKBbCKajgO75UooceS6tskxwqViEuP1gZD66UE8Bd2L0FaeI2aS_IA";
PemReader pemReader = new PemReader(new FileReader("/publickey.pem"));
X509EncodedKeySpec spec = new X509EncodedKeySpec(pemReader.readPemObject().getContent());
KeyFactory kf = KeyFactory.getInstance("ECDSA","BC");
PublicKey publicKey = kf.generatePublic(spec);
Jws<Claims> claims = Jwts.parser().setSigningKey(publicKey).parseClaimsJws(jwt);
我收到签名异常:无法使用配置的 ECPublicKey 验证椭圆曲线签名。错误解码签名字节。
我正在尝试将 RsaKeyParameter 公钥保存到 SQL 数据库中。我收到一个错误,提示 Bouncy Castle 无法将 RsaKeyParameters 转换为字节。
使用 BouncyCastle C#。
我生成了一个 RSA 密钥对,将私钥和公钥提取到变量中。然后我需要存储公钥以在应用程序的稍后阶段进行验证。
我找到了一篇关于转换为字节然后字符串的帖子,如下所示;
byte[] serializedPublicBytes =
publicKeyInfo.ToAsn1Object().GetDerEncoded();
string serializedPublic = Convert.ToBase64String(serializedPublicBytes);
但它不喜欢 ToAsn1Object。补充一下这是一个例子,我知道我的变量名是不同的。
RsaKeyPairGenerator rsaKeyPairGen = new RsaKeyPairGenerator();
rsaKeyPairGen.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
AsymmetricCipherKeyPair keyPair = rsaKeyPairGen.GenerateKeyPair();
RsaKeyParameters PrivateKey = (RsaKeyParameters)keyPair.Private;
RsaKeyParameters PublicKey = (RsaKeyParameters)keyPair.Public;
公钥应该是字节,然后是字符串,以保存到数据库中。
我已经尝试了几天,我无可救药地被困住了。为了完全理解 java 密钥库的工作原理,我一直在尝试创建自己的密钥库,在其中放入一些东西,然后从另一个程序中检索它们。
这是我的密钥库生成器:
{
//generate a X509 certificate
Security.addProvider(new BouncyCastleProvider());
CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509", "BC");
X509Certificate certificate = (X509Certificate) certificateFactory.generateCertificate(new FileInputStream("certificate.cer"));
LOGGER.debug("BouncyCastle provider & X509 certificate added.");
//generate a private & a public key
KeyPair keyPair = generateRSAKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
//generate a keystore
KeyStore ks = KeyStore.getInstance("PKCS12");
char[] keyStorePassword = "keystore_password".toCharArray();
ks.load(null, keyStorePassword);
try (FileOutputStream fos = new FileOutputStream("TestKeyStore.jks")) {
ks.store(fos, keyStorePassword);
}
ks.load(new FileInputStream("TestKeyStore.jks"), keyStorePassword);
//Symmetric key
SecretKey secretKey = …bouncycastle ×10
java ×7
c# ×2
cryptography ×2
private-key ×2
android ×1
ecdsa ×1
encryption ×1
jwt ×1
key-pair ×1
keystore ×1
maven ×1
pgp ×1
public-key ×1
rsa ×1
sign ×1
timestamp ×1