我一直在尝试理解用于Java的BouncyCastle加密API.不幸的是,我发现Java加密通常被服务提供者接口和术语所掩盖,以至于我无法理解实际做的事情.我已经尝试过反复阅读必要的文档,但它只是难以理解,引入了许多远远超出我认为应该需要的概念.
我真正想要的是一个执行以下操作的类:
public class KeyPair {
public byte[] public;
public byte[] private;
}
public class RSACrypto {
public static KeyPair generateRSAKeyPair() { /*implementation*/}
public static byte[] encrypt(byte[] data, byte[] publicKey) { /*impl*/}
public static byte[] decrypt(byte[] encryptedData, byte[] privateKey) { /*impl*/ }
}
如果这是一个非常复杂的问题,请问"我真正想要的一切".关于在Java加密和BouncyCastle上阅读的地方的任何指示都是非常受欢迎的.任何有关Java加密系统实际布局的概述都非常受欢迎.
我正在使用Bouncy Castle库在C#中生成签名,如下所示:
var privateKeyBase64 = "MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgg8/MbvGGTDMDpfje8lQBZ8st+l3SK7jRl7OWlyUl/VagCgYIKoZIzj0DAQehRANCAARkQIUpkKbxmJJicvG450JH900JjmJOGdlMCZl3BIXvPBBKkaTMsQc6l3O4vJA6Yc23nr3Ox/KwFUl6gdo5iTqV";
var publicKeyBase64 = "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZECFKZCm8ZiSYnLxuOdCR/dNCY5iThnZTAmZdwSF7zwQSpGkzLEHOpdzuLyQOmHNt569zsfysBVJeoHaOYk6lQ==";
var plainText = "aaa";
var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// Sign
var privateKey = PrivateKeyFactory.CreateKey(Convert.FromBase64String(privateKeyBase64));
var signer = SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha512.Id);
signer.Init(true, privateKey);
signer.BlockUpdate(plainTextBytes, 0, plainTextBytes.Length);
var signature = signer.GenerateSignature();
var signatureBase64 = Convert.ToBase64String(signature);
Console.WriteLine("Signature base64: {0}", signatureBase64);
// Verify
Console.WriteLine("-------------------- Verifying signature ");
Console.WriteLine("Public key base64: {0}", publicKeyBase64);
var publicKey = PublicKeyFactory.CreateKey(Convert.FromBase64String(publicKeyBase64));
var verifier = SignerUtilities.GetSigner(X9ObjectIdentifiers.ECDsaWithSha512.Id);
verifier.Init(false, publicKey);
verifier.BlockUpdate(plainTextBytes, 0, plainTextBytes.Length);
Console.WriteLine("Signature valid?: {0}", verifier.VerifySignature(Convert.FromBase64String(signatureBase64)));
// Prints: MEUCIBEcfv2o3UwqwV72CVuYi7HbjcoiuSQOULY5d+DuGt3UAiEAtoNrdNWvjfdz/vR6nPiD+RveKN5znBtYaIrRDp2K7Ks=
在node.js应用程序上,我正在使用jsrsasign验证在相同有效负载上生成的签名,如下所示:
let …通常,当我X509Certificate2从我的密钥库中取出时,我可以调用.PrivateKey以检索证书的私钥AsymmetricAlgorithm.但是我已经决定使用Bouncy Castle并且它的实例X509Certificate只有一个getPublicKey();我看不到从私有密钥中取出证书的方法.有任何想法吗?
我从我的Windows-MY密钥库中获取了X509Certificate2,然后使用:
//mycert is an X509Certificate2 retrieved from Windows-MY Keystore
X509CertificateParser certParser = new X509CertificateParser();
X509Certificate privateCertBouncy = certParser.ReadCertificate(mycert.GetRawCertData());
AsymmetricKeyParameter pubKey = privateCertBouncy.GetPublicKey();
//how do i now get the private key to make a keypair?
无论如何将AsymmetricAlgorithm(C#私钥)转换为AsymmetricKeyParameter(bouncycastle私钥)?
我看过很多关于Blowfish和C#的问题,通常的答案是BouncyCastle.但是,该项目基本上没有文档,我无法找到目录结构,甚至找不到单元测试作为示例.我的意思是,Blowfish被称为Asn1,Bcpg,Crypto(一般来说?),EC,Ocsp,Pkcs还是什么?我缺乏了解源代码中所有缩略词含义的领域知识.
是否有任何有用的文章或博客或成功使用C#BouncyCastle API for Blowfish?我的主要需求是使用Blowfish进行密码散列.
好的,我现在要说我对Java知之甚少.我得到了Bouncy Castle Jar,并告诉我将包含我需要做的任务.Jar文件是bcprov-jdk15on-147.jar.我也是在我学校维护的Unix机器上做这个,所以我不能进去玩所有的Java文件.
当我使用Javac编译我的类(特别是我使用该命令javac -classpath bcprov-jdk15on-147.jar encrypt.java)时,它编译时没有错误,但是当我使用该命令继续运行程序时java encrypt,我收到以下错误消息:
Exception in thread "main" java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider
Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
我的Jar文件位于我的主文件夹中,包含我的所有其他文件,以防万一它必须去特别的地方,这就是我没有做的事情.
当我这样做java -classpath bcprov-jdk15on-147.jar encrypt是我得到的错误:
Exception in thread "main" java.lang.NoClassDefFoundError: encrypt
Caused by: java.lang.ClassNotFoundException: encrypt
at java.net.URLClassLoader$1.run(URLClassLoader.java:200)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:188)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:276)
at java.lang.ClassLoader.loadClass(ClassLoader.java:251)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
为什么我在运行已编译的程序时遇到问题?
我正在寻找一个示例或教程来使用Java中的BC生成X509证书.
很多例子都有/使用弃用的API.我看了BC,但它没有显示哪个类做了什么或没有适当的文档/示例.
如果您对此有任何想法,请指出我可以使用BC生成X509证书的教程.[生成和写入文件的公钥和私钥]
我需要使用私钥导出和导入生成的证书到字节数组和从字节数组导入,除非我使用.NET framework 4.0和4.5,否则我没有任何问题.我正在使用BouncyCastle库生成自签名证书,然后将它们转换为.NET格式(X509Certificate2对象).不幸的是,升级到最新的框架我无法导出私钥.这是代码:
using System;
using System.Diagnostics;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Generators;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Prng;
using Org.BouncyCastle.Math;
using Org.BouncyCastle.Security;
using Org.BouncyCastle.X509;
namespace X509CertificateExport
{
class Program
{
static void Main(string[] args)
{
var certificate = Generate();
var exported = certificate.Export(X509ContentType.Pfx);
var imported = new X509Certificate2(exported, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
Console.WriteLine("Certificate has private key: " + imported.HasPrivateKey);
Console.ReadKey();
}
public static X509Certificate2 Generate()
{
var keyPairGenerator = new RsaKeyPairGenerator();
var secureRandom = new …我正在尝试使用java BouncyCastle库解密和验证PGP消息,但遇到了问题,抱怨PartialInputStream的过早结束.
我知道加密工作正常,因为我可以在命令行上使用gpg解密和验证使用加密函数创建的消息.
这是代码:
public static void signEncryptMessage(InputStream in, OutputStream out, PGPPublicKey publicKey, PGPPrivateKey secretKey, SecureRandom rand) throws Exception {
out = new ArmoredOutputStream(out);
PGPEncryptedDataGenerator encryptedDataGenerator = new PGPEncryptedDataGenerator(new BcPGPDataEncryptorBuilder(PGPEncryptedData.AES_256).setWithIntegrityPacket(true).setSecureRandom(rand));
encryptedDataGenerator.addMethod(new BcPublicKeyKeyEncryptionMethodGenerator(publicKey));
OutputStream compressedOut = new PGPCompressedDataGenerator(PGPCompressedData.ZIP).open(encryptedDataGenerator.open(out, 4096), new byte[4096]);
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(new BcPGPContentSignerBuilder(publicKey.getAlgorithm(), HashAlgorithmTags.SHA512));
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, secretKey);
signatureGenerator.generateOnePassVersion(true).encode(compressedOut);
OutputStream finalOut = new PGPLiteralDataGenerator().open(compressedOut, PGPLiteralData.BINARY, "", new Date(), new byte[4096]);
byte[] buf = new byte[4096];
int len;
while ((len = in.read(buf)) > 0) {
finalOut.write(buf, 0, len);
signatureGenerator.update(buf, 0, …背景
我正在尝试使用充气城堡库在我的战争中解密私钥.现在我在一个独立的应用程序中首先测试了代码,它运行良好.现在,当我在Wildfly8.0中测试它作为webapp时,我正面临着与Bouncy城堡的一些问题.
Wildfly 8.0 am使用安装了充气城堡提供者模块.在v1.46中使用的BC版本.
我开发的代码使用v1.51.我按照这里提到的步骤:
已经尝试过了
问题
我得到的错误是:
unable to read encrypted data: JCE cannot authenticate the provider BC
以及触发上述错误的代码如下:
PKCS8EncryptedPrivateKeyInfo kp = (PKCS8EncryptedPrivateKeyInfo) keyPair;
InputDecryptorProvider pkcs8dec = new JceOpenSSLPKCS8DecryptorProviderBuilder()
.setProvider(new BouncyCastleProvider())
.build("somepass".toCharArray());
PrivateKeyInfo pko = kp.decryptPrivateKeyInfo(pkcs8dec);<-- ##Error here
另外要添加详细信息,在我的pom.xml中我添加了带有编译范围的jar,因此libs被复制到war中并安装在WEB-INF/lib中.
解决上述问题的任何提示?
我生成了RSA密钥,我的后端发送了 3 个参数BASE64(签名算法除外)以供CSR我创建:
"subject" : "MIGfMQswCQYDVQQGEwJJUjEvMC0GA1UEAwwmMTAwMDAwMzg1MDA3NjAxMy3YqNmH2LLYp9ivINi12KfYr9mC24wxGTAXBgNVBAUTEDEwMDAwMDM4NTAwNzYwMTMxEzARBgNVBCoMCtio2YfYstin2K8xEzARBgNVBAQMCti12KfYr9mC24wxGjAYBgkqhkiG9w0BCQEWC2luZm9AdWlkLmly",
"extensions" : "MDMwDgYDVR0PAQH/BAQDAgXgMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMAkGA1UdEQQCMAA="
"signatureAlgorithm" : "SHA256_WITH_RSA"
我在 Android/java 中有用于BouncyCastle执行此操作的示例代码:
byte[] subjectBytes = EncodingUtils.decode(receivedSubject);
byte[] extensionsBytes = EncodingUtils.decode(receivedExtensions);
X500Name subject = X500Name.getInstance(ASN1Primitive.fromByteArray(subjectBytes));
Extensions extensions = Extensions.getInstance(ASN1Primitive.fromByteArray(extensionsBytes));
PKCS10CertificationRequestBuilder p10Builder = new JcaPKCS10CertificationRequestBuilder(subject, publicKey);
if (extensions != null)
p10Builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extensions);
ContentSigner signer = new ContentSigner() {
final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new DefaultSignatureAlgorithmIdentifierFinder()
.find(receivedAlgorithm);
}
@Override
public OutputStream getOutputStream() {
return this.outputStream; …bouncycastle ×10
java ×5
c# ×4
cryptography ×2
asn.1 ×1
blowfish ×1
certificate ×1
csr ×1
encryption ×1
export ×1
hash ×1
jar ×1
javascript ×1
jboss ×1
jce ×1
node.js ×1
pgp ×1
pkcs#10 ×1
private-key ×1
rsa ×1
sign ×1
swift ×1
war ×1
wildfly-8 ×1