我正在尝试使用BouncyCastle类来加密和解密密码。我编写了一个测试程序,并以PEM格式和DER格式生成了测试密钥/证书。我可以将密钥/证书读入我的程序并获取公钥并加密值。当我尝试设置解密该值时,我在创建AsymmetricKeyParameter时收到错误“org.bouncycastle.asn1.DLSequence无法转换为org.bouncycastle.asn1.ASN1Integer”。似乎当我尝试通过执行cert.getEncoded()从cert中提取数据时,它也会引入标头值。我试着只是读取文件并删除BEGIN和END CERTIFCATE行,以及破折号,这给我带来了同样的错误。我尝试过使用java.security.cert.Certificate以及下面的代码使用的X509Certificate。任何帮助将不胜感激。
我可以上传密钥文件对您有帮助,因为它是我在本地计算机上生成的测试密钥,一旦我开始工作就会被丢弃。
package com.cds.test;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
public class RSAEncryptDecrypt {
public X509Certificate cert = null;
//
public void readCertificate() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateFactory factory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider());
InputStream fis = new FileInputStream("/opt/temp/keys/openssl_crt.pem");
X509Certificate x509Cert = (X509Certificate) factory.generateCertificate(fis);
this.cert = x509Cert;
System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
}
//
public String encrypt(String inputData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
System.out.println("public key: " + new String(Base64.encode(cert.getPublicKey().getEncoded())));
AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(cert.getPublicKey().getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(true, publicKey);
//
byte[] messageBytes = inputData.getBytes();
byte[] hexEncodedCipher = cipher.processBlock(messageBytes, 0, messageBytes.length);
//
return new String(Base64.encode(hexEncodedCipher));
}
//
private String decrypt (String encryptedData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
byte[] certData = cert.getEncoded();
//certData = Base64.decode(certData);
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(cert.getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(false, privateKey);
//
byte[] decoded = Base64.decode(encryptedData.getBytes());
byte[] result = cipher.processBlock(decoded, 0, decoded.length);
//
return new String(result);
}
//
public static void main(String[] args) throws Exception {
String inputData = "This is the message I am trying to encrypt.";
String encrypted = null;
String decrypted = null;
//
RSAEncryptDecrypt rsa = new RSAEncryptDecrypt();
//
rsa.readCertificate();
System.out.println(" input: " + inputData);
encrypted = rsa.encrypt(inputData);
System.out.println("encrypted: " + encrypted);
decrypted = rsa.decrypt(encrypted);
System.out.println("decrypted: " + decrypted);
}
}
答案 0 :(得分:3)
证书仅包含公钥,而不包含私钥。当然,公钥有一个与之关联的私钥,但不会保存在证书中。证书是您分发给其他方的证书。
可能是您一直在使用Microsoft代码。我在.NET代码中提到Microsoft,证书类可以在内部包含相关的私钥,这使得API过于简单。
因此,要解密,您必须单独阅读证书的私钥(使用PKCS8EncodedKeySpec和"RSA" KeyFactory)。
另一种选择是将两者放在PKCS#12密钥库中,并使用KeyStore.load将其读入Java。