标签: bouncycastle

我正在使用RSACryptoServiceProvider我生成了公钥和私钥.它生成的密钥采用以下格式:

公钥:

<RSAKeyValue>
    <Modulus>m9bAoh2...eGNKYs=</Modulus>
    <Exponent>AQAB</Exponent>
</RSAKeyValue> 

私钥:

<RSAKeyValue>
    <Modulus>m9bAo...ZAIeGNKYs=</Modulus>
    <Exponent>AQAB</Exponent>
    <P>xGj/UcXs...R1lmeVQ==</P>
    <Q>yx6e18aP...GXzXIXw==</Q>
    <DP>NyxvnJ...1xAsEyQ==</DP>
    <DQ>La17Jycd...FhApEqwznQ==</DQ>
    <InverseQ>JrG7WCT...Hp3OWA==</InverseQ>
    <D>RdWsOFn....KL699Vh6HK0=</D>
</RSAKeyValue>

但是使用PGP桌面我生成了这样的键 -

公钥:

mQCNBEoOlp8BBACi/3EvBZ83ZduvG6YHu5F0P7Z3xOnpIsaPvTk0q+dnjwDUa5sU 
lEFbUZgDXSz7ZRhyiNqUOy+IG3ghPxpiKGBtldVpi33qaFCCEBiqsxRRpVCLgTUK 
HP2kH5ysrlFWkxTo 
=a4t9 

私钥:

lQHgBEoOlp8BBACi/3EvBZ83ZduvG6YHu5F0P7Z3xOnpIsaPvTk0q+dnjwDUa5sU 
lEFbUZgDXSz7ZRhyiNqUOy+IG3ghPxpiKGBtldVpi33qaFCCEBiqsxRRpVCLgTUK 
waBnEitQti3XgUUEZnz/rnXcQVM0QFBe6H5x8fMDUw== 
=CVPD 

因此,当我传递PGP Desktop生成的密钥时,它能够完美地进行加密和解密,但是当我传递RSACryptoServiceProvider生成的密钥时,我无法加密和解密？

谁能告诉我如何在PGP生成的模式中生成密钥？

我正在尝试生成加密密钥:

public static final String ENCYT_ALGORITHM = "AES/ECB/PKCS7Padding";
public static final String KEY_ALGORITHM = "PBEWITHSHA256AND256BITAES-CBC-BC" ;
//BENCYT_ALGORITHMSE64Encoder encod = new BENCYT_ALGORITHMSE64Encoder();
//BENCYT_ALGORITHMSE64Decoder decod = new BENCYT_ALGORITHMSE64Decoder();

public Encryption(String preMaster,String text,int x){      
    this.preMaster=preMaster;       
    this.text=text.getBytes();
}
public void keyGenerator(){
    KeyGenerator kg = null;
    try {
        kg = KeyGenerator.getInstance("AES");
        secret = kg.generateKey();
    } catch (Exception e) {
        // TODO ENCYT_ALGORITHMuto-generated catch block
        e.printStackTrace();
    }

}

public String preMaster() {

    byte[] keys = null;
    keys = preMaster.getBytes();
    int x = -1;
    int process = …

我在Android中使用BouncyCastle Library进行OpenSSL加密.我的图书馆版本是1.45.

我想知道在库中使用OpenSSL版本.任何人都可以帮我,我怎么能找到它？

我正在使用充气城堡1.48来验证OCSP的证书验证.它运作良好.但我使用Ocsp Url作为静态变量,我想从证书中读取它.Url以证书形式写成Authority Info Access

[1]Authority Info Access
 Access Method=On-line Certificate Status Protocol (1.3.6.1.5.5.7.48.1)
 Alternative Name:
      URL=http://ocsp.mydomain

我org.bouncycastle.asn1.x509.AuthorityInformationAccess从证书中得到了对象

byte[] octetBytes = certificate.getExtensionValue(X509Extension.authorityInfoAccess.getId());
ASN1InputStream octetStream = new ASN1InputStream(octetBytes);
byte[] encoded = X509ExtensionUtil.fromExtensionValue(octetBytes).getEncoded();
ASN1Sequence seq = ASN1Sequence.getInstance(ASN1Primitive.fromByteArray(encoded));
AuthorityInformationAccess access = AuthorityInformationAccess.getInstance(seq);

写道,AuthorityInformationAccess: Oid(1.3.6.1.5.5.7.48.1)但不能从那里得到Url

我正在尝试在C#中生成一个身份验证标记,我已经在Ruby中生成了(用于测试目的).然而结果是不同的,但据我所知,输入是相同的.

在Ruby 2.0中使用OpenSSL 1.0.1c(Ubuntu 13.04):

require 'openssl'
require 'base64'
iv = Base64.decode64('kEWio77T7qWdytrIbUmRxA==')
key = Base64.decode64('FnUoIZvBUzC1Q/rn5WMi7Q==')
aad = Base64.decode64('/tTP07sPkoX8gah60eH89w==')
cipher = OpenSSL::Cipher.new('aes-128-gcm').encrypt
cipher.iv = iv
cipher.key = key
cipher.auth_data = aad
cipher.final
tag = Base64.strict_encode64(cipher.auth_tag)

生成的(编码的)标签是 ie74XTWtSLNad0BKdrhvmQ==

在C#中使用BouncyCastle(片段):

var iv = Convert.FromBase64String("kEWio77T7qWdytrIbUmRxA==");
var key = Convert.FromBase64String("FnUoIZvBUzC1Q/rn5WMi7Q==");
var aad = Convert.FromBase64String("/tTP07sPkoX8gah60eH89w==");
var cipher = new GcmBlockCipher(new AesFastEngine());
var parameters = new AeadParameters(new KeyParameter(passkey), 128, iv, aad);
cipher.Init(true, parameters);
var cipherText = new byte[cipher.GetOutputSize(0)];
cipher.DoFinal(cipherText, 0);
var tag = Convert.ToBase64String(cipher.GetMac());

C#中生成的标签是 sawCcwM1T8sGl5y6VT0CHA==

我在这做错了什么？在此先感谢您的回复!

我目前正在尝试使用Java安全API和BouncyCastle生成主题哈希。

使用Openssl库时，这是我的工作：

openssl x509 -in  /Users/Sn0wfreezeDev/Downloads/Test.pem -hash

这会生成一个短的8位数字哈希1817886a

这是我的Java代码

X509Certificate cert = CertManager.getCertificate(number, c);  
MessageDigest sha1 = MessageDigest.getInstance("SHA1");
System.out.println("  Subject " + cert.getSubjectDN());
System.out.println("   Issuer  " + cert.getIssuerDN());
sha1.update(cert.getSubjectDN().getName().getBytes());
String hexString =  bytesToHex(sha1.digest());
System.out.println("   sha1    " + hexString);
System.out.println();

我正在创建一个使用bouncycastle的java独立应用程序.一切都在日蚀中起作用.我正在创建一个像这样依赖的jar.

当我使用"java -jar myapp-0.0.1-SNAPSHOT-jar-with-dependencies.jar"运行应用程序时.

我收到以下错误:

java.io.IOException: exception encrypting data - java.lang.SecurityException: JCE cannot authenticate the provider BC

我的代码:

    Security.addProvider(new BouncyCastleProvider());        
    String keystoreDirectory = "C:/myapp/security";
    File file = new File(keystoreDirectory + "/" + PRIVATE_KEY_FILE);

    if (!file.isFile()) {
        try {

            Configuration idOrganization = configurationBoundary.find(Configuration.ID_ORGANIZATION);

            KeyStore store = KeyStore.getInstance("PKCS12", SECURITY_PROVIDER);
            char[] password = KEY.toCharArray();

            store.load(null, password);

            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", SECURITY_PROVIDER);
            keyPairGenerator.initialize(2048);
            KeyPair pair = keyPairGenerator.generateKeyPair();

            X500Name issuer = new X500Name("CN=" …

我正在尝试使用Android中的SpongyCastle生成ECDSA密钥对。这是代码：

static {
    Security.insertProviderAt(new org.spongycastle.jce.provider.BouncyCastleProvider(), 1);
}

public static KeyPair generate() {
        ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime256v1");
        KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDSA", "SC");
        generator.initialize(ecSpec, new SecureRandom());
        KeyPair keyPair = g.generateKeyPair();
        Log.i(TAG, "EC Pub Key generated: " + utils.bytesToHex(keyPair.getPublic().getEncoded()));
        Log.i(TAG, "EC Private Key generated: " + utils.bytesToHex(keyPair.getPrivate().getEncoded()));            
       return generator.generateKeyPair();
}

出现错误是因为我总是得到类似公钥的示例：

3059301306072A8648CE3D020106082A8648CE3D03010703420004483ABA9F322240010ECF00E818C041A60FE71A2BD64C64CD5A60519985F110AEDE6308027D2730303F5E2478F083C7F5BB683DCAC22BFEB62F3A48BD01009F40

和私钥：

308193020100301306072A8648CE3D020106082A8648CE3D030107047930770201010420219AB4B3701630973A4B2917D53F69A4BE6DAD61F48016BFEF147B2999575CB2A00A06082A8648CE3D030107A14403420004483ABA9F322240010ECF00E818C041A60FE71A2BD64C64CD5A60519985F110AEDE6308027D2730303F5E2478F083C7F5BB683DCAC22BFEB62F3A48BD01009F40

站点ECDSA样本给了我“无效的ECDSA签名消息”，它们似乎与那个较小的私有密钥有很大不同，并且总是以在同一站点中生成的“ 04”公共密钥开头。

另外，我的后端验证给我错误“无效点编码0x30”

后端Java方法检查为：

public ECPublicKey getPublicKeyFromHex(String publicKeyHex)
        throws NoSuchAlgorithmException, DecoderException, ApplicationGenericException {
    byte[] rawPublicKey = Hex.decodeHex(publicKeyHex.toCharArray());
    ECPublicKey ecPublicKey = null;
    KeyFactory kf = null;

    ECNamedCurveParameterSpec ecNamedCurveParameterSpec …

我正在尝试使用私钥和已知曲线生成公钥.以下是我的代码:

// Generate Keys
ECGenParameterSpec ecGenSpec = new ECGenParameterSpec("secp256r1");
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("ECDSA", "BC");
keyPairGenerator.initialize(ecGenSpec, new SecureRandom());
java.security.KeyPair pair = keyPairGenerator.generateKeyPair();
ECPrivateKey privateKey = (ECPrivateKey) pair.getPrivate();
ECPublicKey publicKeyExpected = (ECPublicKey) pair.getPublic();

// Expected public key
System.out.print("Expected Public Key: " +
        BaseEncoding.base64Url().encode(publicKeyExpected.getEncoded()));

// Generate public key from private key
X9ECParameters ecp = SECNamedCurves.getByName("secp256r1");
ECDomainParameters domainParams = new ECDomainParameters(ecp.getCurve(),
        ecp.getG(), ecp.getN(), ecp.getH(),
        ecp.getSeed());
ECPoint Q = domainParams.getG().multiply(privateKey.getS()); // is this correct?
KeyFactory kf = KeyFactory.getInstance("ECDSA", "BC");
ECPublicKey publicKeyGenerated =
        (ECPublicKey) kf.generatePublic(new X509EncodedKeySpec(Q.getEncoded(false))); …

当数据格式正确时，为什么会引发bouncycastle异常。

@SuppressWarnings({ "rawtypes", "deprecation"}) 
     public static boolean verifySign(String base64Data, String base64SignedData)
                 throws Exception {
         /* to add BouncyCastleProvider */
           Security.addProvider(new BouncyCastleProvider());
           /* to add BouncyCastleProvider end */
           boolean verifiedStatus = false; 
           CMSSignedData cmsSignedData = null;
           X509Certificate cert = null;
        //   LOGGER.info("Entering verifySign at {}", System.currentTimeMillis());
           System.out.println("Entering verifySign at {}"+System.currentTimeMillis());  
           try { 
                // LOGGER.debug("base64Data and base64SignedData {} ", base64Data,    base64SignedData);
                 System.out.println("base64Data {}="+base64Data);
                 System.out.println(" base64SignedData{}="+ base64SignedData);   
                 byte[] signedBytes = Base64.decodeBase64(base64SignedData);
     cmsSignedData = new CMSSignedData(  new CMSProcessableByteArray(base64Data.getBytes()),signedBytes);

                 CertStore certStore = cmsSignedData.getCertificatesAndCRLs("Collection", "BC");
                 Collection …