org.bouncycastle.asn1.DLSequence 无法转换为 org.bouncycastle.asn1.ASN1Integer
org.bouncycastle.asn1.DLSequence cannot be cast to org.bouncycastle.asn1.ASN1Integer
我正在尝试使用 BouncyCastle 类 来加密和解密密码。我已经编写了一个测试程序并生成了 PEM 格式和 DER 格式的测试 key/cert。我可以将 key/cert 读入我的程序并获取 public 密钥并加密一个值。当我尝试设置解密值时,我在创建 AsymmetricKeyParameter 时收到错误 "org.bouncycastle.asn1.DLSequence cannot be cast to org.bouncycastle.asn1.ASN1Integer"。似乎当我试图通过执行 cert.getEncoded() 从证书中提取数据时,它也会提取 header 值。我尝试只读取文件并删除 BEGIN 和 END CERTIFCATE 行以及破折号,这让我遇到了同样的错误。我已经尝试使用 java.security.cert.Certificate 以及下面的代码正在使用的 X509Certificate。任何帮助将不胜感激。
我可以上传密钥文件,这会对您有所帮助,因为它是我在本地计算机上生成的测试密钥,一旦我开始工作就会被丢弃。
package com.cds.test;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
public class RSAEncryptDecrypt {
public X509Certificate cert = null;
//
public void readCertificate() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateFactory factory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider());
InputStream fis = new FileInputStream("/opt/temp/keys/openssl_crt.pem");
X509Certificate x509Cert = (X509Certificate) factory.generateCertificate(fis);
this.cert = x509Cert;
System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
}
//
public String encrypt(String inputData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
System.out.println("public key: " + new String(Base64.encode(cert.getPublicKey().getEncoded())));
AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(cert.getPublicKey().getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(true, publicKey);
//
byte[] messageBytes = inputData.getBytes();
byte[] hexEncodedCipher = cipher.processBlock(messageBytes, 0, messageBytes.length);
//
return new String(Base64.encode(hexEncodedCipher));
}
//
private String decrypt (String encryptedData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
byte[] certData = cert.getEncoded();
//certData = Base64.decode(certData);
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(cert.getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(false, privateKey);
//
byte[] decoded = Base64.decode(encryptedData.getBytes());
byte[] result = cipher.processBlock(decoded, 0, decoded.length);
//
return new String(result);
}
//
public static void main(String[] args) throws Exception {
String inputData = "This is the message I am trying to encrypt.";
String encrypted = null;
String decrypted = null;
//
RSAEncryptDecrypt rsa = new RSAEncryptDecrypt();
//
rsa.readCertificate();
System.out.println(" input: " + inputData);
encrypted = rsa.encrypt(inputData);
System.out.println("encrypted: " + encrypted);
decrypted = rsa.decrypt(encrypted);
System.out.println("decrypted: " + decrypted);
}
}
证书仅包含 public 密钥,不包含私钥。当然 public 密钥有一个与之关联的私钥,但它没有保存在证书中。证书是您分发给其他方的。
可能是您使用 Microsoft 代码的次数过多。我提到 Microsoft,因为在 .NET 代码中,证书 class 可以在内部包含关联的私钥,从而使 API.
过于简单化
因此,要解密,您必须单独读取证书的私钥(使用 PKCS8EncodedKeySpec 和 "RSA" KeyFactory)。
另一种选择是将两者都放入 PKCS#12 密钥库中,然后使用 KeyStore.load.
将其读入 Java
我正在尝试使用 BouncyCastle 类 来加密和解密密码。我已经编写了一个测试程序并生成了 PEM 格式和 DER 格式的测试 key/cert。我可以将 key/cert 读入我的程序并获取 public 密钥并加密一个值。当我尝试设置解密值时,我在创建 AsymmetricKeyParameter 时收到错误 "org.bouncycastle.asn1.DLSequence cannot be cast to org.bouncycastle.asn1.ASN1Integer"。似乎当我试图通过执行 cert.getEncoded() 从证书中提取数据时,它也会提取 header 值。我尝试只读取文件并删除 BEGIN 和 END CERTIFCATE 行以及破折号,这让我遇到了同样的错误。我已经尝试使用 java.security.cert.Certificate 以及下面的代码正在使用的 X509Certificate。任何帮助将不胜感激。
我可以上传密钥文件,这会对您有所帮助,因为它是我在本地计算机上生成的测试密钥,一旦我开始工作就会被丢弃。
package com.cds.test;
import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
public class RSAEncryptDecrypt {
public X509Certificate cert = null;
//
public void readCertificate() throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateFactory factory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider());
InputStream fis = new FileInputStream("/opt/temp/keys/openssl_crt.pem");
X509Certificate x509Cert = (X509Certificate) factory.generateCertificate(fis);
this.cert = x509Cert;
System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
}
//
public String encrypt(String inputData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
System.out.println("public key: " + new String(Base64.encode(cert.getPublicKey().getEncoded())));
AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(cert.getPublicKey().getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(true, publicKey);
//
byte[] messageBytes = inputData.getBytes();
byte[] hexEncodedCipher = cipher.processBlock(messageBytes, 0, messageBytes.length);
//
return new String(Base64.encode(hexEncodedCipher));
}
//
private String decrypt (String encryptedData) throws Exception {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
//
byte[] certData = cert.getEncoded();
//certData = Base64.decode(certData);
AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(cert.getEncoded());
AsymmetricBlockCipher cipher = new RSAEngine();
cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
cipher.init(false, privateKey);
//
byte[] decoded = Base64.decode(encryptedData.getBytes());
byte[] result = cipher.processBlock(decoded, 0, decoded.length);
//
return new String(result);
}
//
public static void main(String[] args) throws Exception {
String inputData = "This is the message I am trying to encrypt.";
String encrypted = null;
String decrypted = null;
//
RSAEncryptDecrypt rsa = new RSAEncryptDecrypt();
//
rsa.readCertificate();
System.out.println(" input: " + inputData);
encrypted = rsa.encrypt(inputData);
System.out.println("encrypted: " + encrypted);
decrypted = rsa.decrypt(encrypted);
System.out.println("decrypted: " + decrypted);
}
}
证书仅包含 public 密钥,不包含私钥。当然 public 密钥有一个与之关联的私钥,但它没有保存在证书中。证书是您分发给其他方的。
可能是您使用 Microsoft 代码的次数过多。我提到 Microsoft,因为在 .NET 代码中,证书 class 可以在内部包含关联的私钥,从而使 API.
过于简单化因此,要解密,您必须单独读取证书的私钥(使用 PKCS8EncodedKeySpec 和 "RSA" KeyFactory)。
另一种选择是将两者都放入 PKCS#12 密钥库中,然后使用 KeyStore.load.