java 加密 SHA512withRSA 不工作 genkeypair
java crypto SHA512withRSA not working genkeypair
- java 版本 - Java 8
- HSM - nCipher
有效方法 - SHA1withRSA
java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -genkeypair -validity 365 -alias aci3 -keyalg RSA -sigalg SHA1withRSA -keystore /ipsbo/keystore/ipskeystore -storetype nCipher.sworld -providerClass com.ncipher.provider.km.nCipherKM -providerName nCipherKM -storepass password -keypass password -dname "CN=aci3,OU=ips,O=vocalink,L=rickmansworth,ST=Unknown,C=uk"
不起作用 - SHA512withRSA
java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -genkeypair -validity 365 -alias aci4 -keyalg RSA -sigalg SHA512withRSA -keystore /ipsbo/keystore/ipskeystore -storetype nCipher.sworld -providerClass com.ncipher.provider.km.nCipherKM -providerName nCipherKM -storepass password -keypass password -dname "CN=aci4,OU=ips,O=vocalink,L=rickmansworth,ST=Unknown,C=uk" -v
keytool error: java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier SHA512withRSA
java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier SHA512withRSA
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:402)
at sun.security.tools.keytool.CertAndKeyGen.getSelfCertificate(CertAndKeyGen.java:258)
at sun.security.tools.keytool.Main.doGenKeyPair(Main.java:1626)
at sun.security.tools.keytool.Main.doCommands(Main.java:966)
at sun.security.tools.keytool.Main.run(Main.java:343)
at sun.security.tools.keytool.Main.main(Main.java:336)
静态方法algOID
不包含SHA512withRSA
,这是为什么?
好像有SHA1withRSA
.
更多详情
Nicpher详情有SHA512withRSA
-bash$ java -cp "java/classes/*" com.ncipher.provider.InstallationTest
Installed providers:
1: SunJCE
2: nCipherKM
3: SUN
4: SunRsaSign
5: SunEC
6: SunJSSE
7: SunJGSS
8: SunSASL
9: XMLDSig
10: SunPCSC
Unlimited strength jurisdiction files are installed.
The nCipher provider is installed, but is not registered at
the top of the providers list in the java.security file. See
the user guide for more information about the recommended
system configuration.
nCipher JCE services:
Alg.Alias.AlgorithmParameters.DESede
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.3.7
Alg.Alias.Cipher.1.2.840.113549.1.1.1
Alg.Alias.Cipher.1.2.840.113549.3.4
Alg.Alias.Cipher.1.2.840.113549.3.7
Alg.Alias.Cipher.AES
Alg.Alias.Cipher.CAST6
Alg.Alias.Cipher.DES3
Alg.Alias.Cipher.OID.1.2.840.113549.1.1.1
Alg.Alias.Cipher.OID.1.2.840.113549.3.4
Alg.Alias.Cipher.OID.1.2.840.113549.3.7
Alg.Alias.Cipher.RC4
Alg.Alias.Cipher.Triple-DES
Alg.Alias.Cipher.TripleDES
Alg.Alias.KeyAgreement.Diffie-Hellman
Alg.Alias.KeyAgreement.DiffieHellman
Alg.Alias.KeyFactory.1.2.840.10040.4.1
Alg.Alias.KeyFactory.1.2.840.113549.1.1.1
Alg.Alias.KeyFactory.1.3.14.3.2.12
Alg.Alias.KeyFactory.Diffie-Hellman
Alg.Alias.KeyFactory.DiffieHellman
Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.1
Alg.Alias.KeyFactory.OID.1.3.14.3.2.12
Alg.Alias.KeyGenerator.1.2.840.113549.3.4
Alg.Alias.KeyGenerator.1.2.840.113549.3.7
Alg.Alias.KeyGenerator.1.3.14.3.2.7
Alg.Alias.KeyGenerator.AES
Alg.Alias.KeyGenerator.CAST6
Alg.Alias.KeyGenerator.DES3
Alg.Alias.KeyGenerator.OID.1.2.840.113549.3.4
Alg.Alias.KeyGenerator.OID.1.2.840.113549.3.7
Alg.Alias.KeyGenerator.OID.1.3.14.3.2.7
Alg.Alias.KeyGenerator.RC4
Alg.Alias.KeyGenerator.Triple-DES
Alg.Alias.KeyGenerator.TripleDES
Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1
Alg.Alias.KeyPairGenerator.1.3.14.3.2.12
Alg.Alias.KeyPairGenerator.DiffieHellman
Alg.Alias.KeyPairGenerator.ECDHDiffie-Hellman
Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.1
Alg.Alias.KeyPairGenerator.OID.1.3.14.3.2.12
Alg.Alias.MessageDigest.SHA-224
Alg.Alias.MessageDigest.SHA-256
Alg.Alias.MessageDigest.SHA-384
Alg.Alias.MessageDigest.SHA-512
Alg.Alias.SecureRandom.SHA1PRNG
Alg.Alias.Signature.1.2.840.10040.4.3
Alg.Alias.Signature.1.2.840.113549.1.1.5
Alg.Alias.Signature.1.3.14.3.2.13
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5
Alg.Alias.Signature.1.3.14.3.2.27
Alg.Alias.Signature.DSA
Alg.Alias.Signature.DSAWithSHA1
Alg.Alias.Signature.DSS
Alg.Alias.Signature.OID.1.2.840.10040.4.3
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.3.14.3.2.13
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.10040.4.1
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.10040.4.3
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.113549.1.1.1
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.3.14.3.2.27
Alg.Alias.Signature.RSAforSSL
Alg.Alias.Signature.RawRSA
Alg.Alias.Signature.SHA-1/DSA
Alg.Alias.Signature.SHA/DSA
Alg.Alias.Signature.SHA1/DSA
Alg.Alias.Signature.SHAwithDSA
AlgorithmParameters.GCMParameters
AlgorithmParameters.IVParameters
Cipher.AESWrap
Cipher.ArcFour
Cipher.CAST256
Cipher.DES
Cipher.DES2
Cipher.DESede
Cipher.DESedeCBC
Cipher.DESedeWrap
Cipher.RSA
Cipher.Rijndael
KeyAgreement.DH
KeyFactory.DH
KeyFactory.DSA
KeyFactory.RSA
KeyGenerator.ArcFour
KeyGenerator.CAST256
KeyGenerator.DES
KeyGenerator.DES2
KeyGenerator.DESede
KeyGenerator.HmacMD5
KeyGenerator.HmacRIPEMD160
KeyGenerator.HmacSHA1
KeyGenerator.HmacSHA224
KeyGenerator.HmacSHA256
KeyGenerator.HmacSHA384
KeyGenerator.HmacSHA512
KeyGenerator.HmacTiger
KeyGenerator.Rijndael
KeyPairGenerator.DH
KeyPairGenerator.DSA
KeyPairGenerator.ECDH
KeyPairGenerator.RSA
KeyStore.JKS
KeyStore.nCipher.sworld
Mac.HmacMD5
Mac.HmacRIPEMD160
Mac.HmacSHA1
Mac.HmacSHA224
Mac.HmacSHA256
Mac.HmacSHA384
Mac.HmacSHA512
Mac.HmacTiger
MessageDigest.RIPEMD160
MessageDigest.SHA224
MessageDigest.SHA256
MessageDigest.SHA384
MessageDigest.SHA512
MessageDigest.Tiger
SecretKeyFactory.DES
SecretKeyFactory.DES2
SecretKeyFactory.DESede
SecureRandom.RNG
Signature.MD5andSHA1withRSA
Signature.NONEwithRSA
Signature.RIPEMD160withRSA
Signature.RIPEMD160withRSAandMGF1
Signature.SHA1withDSA
Signature.SHA1withRSA
Signature.SHA1withRSAandMGF1
Signature.SHA224withDSA
Signature.SHA224withRSA
Signature.SHA224withRSAandMGF1
Signature.SHA256withDSA
Signature.SHA256withRSA
Signature.SHA256withRSAandMGF1
Signature.SHA384withDSA
Signature.SHA384withRSA
Signature.SHA384withRSAandMGF1
Signature.SHA512withDSA
Signature.SHA512withRSA
Signature.SHA512withRSAandMGF1
Java 安全设置
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=com.ncipher.provider.km.nCipherKM
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
请注意,同一命令适用于 IBM JDK keytool。
提前致谢。
我们对其进行了更改,在顶部添加了 sun.security.rsa.SunRsaSign
,在底部添加了 com.ncipher.provider.km.nCipherKM
,在 nCipherKM
之前添加了 sun.security.provider.Sun
,它起作用了。
这是 ncipher 安装测试的输出
Installed providers:
1: SunRsaSign
2: SunJSSE
3: SunEC
4: SunJCE
5: SUN
6: nCipherKM
然而,正如我所说,我们在使用 IBM JDK keytool 之前的设置和相同命令中没有遇到问题。所以我想,也许这是 http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/security/x509/AlgorithmId.java
中的错误
不过,我们确实通过重新配置提供程序进行了修复。
您在第一位遇到了这个错误:
无限强度管辖文件已安装。
nCipher 提供程序已安装,但未在以下位置注册
java.security 文件中提供商列表的顶部。看
有关推荐的更多信息的用户指南
系统配置。
更改您的配置:
security.provider.1=com.ncipher.provider.km.nCipherKM
security.provider.2=com.sun.crypto.provider.SunJCE
你需要看到这条消息
Installed providers:
1: nCipherKM
2: SunJCE
3: SUN
4: SunRsaSign
5: SunEC
6: SunJSSE
7: SunJGSS
8: SunSASL
9: XMLDSig
10: SunPCSC
11: SunMSCAPI
Unlimited strength jurisdiction files are installed.
The nCipher provider is correctly installed.
- java 版本 - Java 8
- HSM - nCipher
有效方法 - SHA1withRSA
java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -genkeypair -validity 365 -alias aci3 -keyalg RSA -sigalg SHA1withRSA -keystore /ipsbo/keystore/ipskeystore -storetype nCipher.sworld -providerClass com.ncipher.provider.km.nCipherKM -providerName nCipherKM -storepass password -keypass password -dname "CN=aci3,OU=ips,O=vocalink,L=rickmansworth,ST=Unknown,C=uk"
不起作用 - SHA512withRSA
java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -genkeypair -validity 365 -alias aci4 -keyalg RSA -sigalg SHA512withRSA -keystore /ipsbo/keystore/ipskeystore -storetype nCipher.sworld -providerClass com.ncipher.provider.km.nCipherKM -providerName nCipherKM -storepass password -keypass password -dname "CN=aci4,OU=ips,O=vocalink,L=rickmansworth,ST=Unknown,C=uk" -v
keytool error: java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier SHA512withRSA
java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier SHA512withRSA
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:402)
at sun.security.tools.keytool.CertAndKeyGen.getSelfCertificate(CertAndKeyGen.java:258)
at sun.security.tools.keytool.Main.doGenKeyPair(Main.java:1626)
at sun.security.tools.keytool.Main.doCommands(Main.java:966)
at sun.security.tools.keytool.Main.run(Main.java:343)
at sun.security.tools.keytool.Main.main(Main.java:336)
静态方法algOID
不包含SHA512withRSA
,这是为什么?
好像有SHA1withRSA
.
更多详情
Nicpher详情有SHA512withRSA
-bash$ java -cp "java/classes/*" com.ncipher.provider.InstallationTest
Installed providers:
1: SunJCE
2: nCipherKM
3: SUN
4: SunRsaSign
5: SunEC
6: SunJSSE
7: SunJGSS
8: SunSASL
9: XMLDSig
10: SunPCSC
Unlimited strength jurisdiction files are installed.
The nCipher provider is installed, but is not registered at
the top of the providers list in the java.security file. See
the user guide for more information about the recommended
system configuration.
nCipher JCE services:
Alg.Alias.AlgorithmParameters.DESede
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.3.7
Alg.Alias.Cipher.1.2.840.113549.1.1.1
Alg.Alias.Cipher.1.2.840.113549.3.4
Alg.Alias.Cipher.1.2.840.113549.3.7
Alg.Alias.Cipher.AES
Alg.Alias.Cipher.CAST6
Alg.Alias.Cipher.DES3
Alg.Alias.Cipher.OID.1.2.840.113549.1.1.1
Alg.Alias.Cipher.OID.1.2.840.113549.3.4
Alg.Alias.Cipher.OID.1.2.840.113549.3.7
Alg.Alias.Cipher.RC4
Alg.Alias.Cipher.Triple-DES
Alg.Alias.Cipher.TripleDES
Alg.Alias.KeyAgreement.Diffie-Hellman
Alg.Alias.KeyAgreement.DiffieHellman
Alg.Alias.KeyFactory.1.2.840.10040.4.1
Alg.Alias.KeyFactory.1.2.840.113549.1.1.1
Alg.Alias.KeyFactory.1.3.14.3.2.12
Alg.Alias.KeyFactory.Diffie-Hellman
Alg.Alias.KeyFactory.DiffieHellman
Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.1
Alg.Alias.KeyFactory.OID.1.3.14.3.2.12
Alg.Alias.KeyGenerator.1.2.840.113549.3.4
Alg.Alias.KeyGenerator.1.2.840.113549.3.7
Alg.Alias.KeyGenerator.1.3.14.3.2.7
Alg.Alias.KeyGenerator.AES
Alg.Alias.KeyGenerator.CAST6
Alg.Alias.KeyGenerator.DES3
Alg.Alias.KeyGenerator.OID.1.2.840.113549.3.4
Alg.Alias.KeyGenerator.OID.1.2.840.113549.3.7
Alg.Alias.KeyGenerator.OID.1.3.14.3.2.7
Alg.Alias.KeyGenerator.RC4
Alg.Alias.KeyGenerator.Triple-DES
Alg.Alias.KeyGenerator.TripleDES
Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1
Alg.Alias.KeyPairGenerator.1.3.14.3.2.12
Alg.Alias.KeyPairGenerator.DiffieHellman
Alg.Alias.KeyPairGenerator.ECDHDiffie-Hellman
Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.1
Alg.Alias.KeyPairGenerator.OID.1.3.14.3.2.12
Alg.Alias.MessageDigest.SHA-224
Alg.Alias.MessageDigest.SHA-256
Alg.Alias.MessageDigest.SHA-384
Alg.Alias.MessageDigest.SHA-512
Alg.Alias.SecureRandom.SHA1PRNG
Alg.Alias.Signature.1.2.840.10040.4.3
Alg.Alias.Signature.1.2.840.113549.1.1.5
Alg.Alias.Signature.1.3.14.3.2.13
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5
Alg.Alias.Signature.1.3.14.3.2.27
Alg.Alias.Signature.DSA
Alg.Alias.Signature.DSAWithSHA1
Alg.Alias.Signature.DSS
Alg.Alias.Signature.OID.1.2.840.10040.4.3
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.3.14.3.2.13
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.10040.4.1
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.10040.4.3
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.113549.1.1.1
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.3.14.3.2.27
Alg.Alias.Signature.RSAforSSL
Alg.Alias.Signature.RawRSA
Alg.Alias.Signature.SHA-1/DSA
Alg.Alias.Signature.SHA/DSA
Alg.Alias.Signature.SHA1/DSA
Alg.Alias.Signature.SHAwithDSA
AlgorithmParameters.GCMParameters
AlgorithmParameters.IVParameters
Cipher.AESWrap
Cipher.ArcFour
Cipher.CAST256
Cipher.DES
Cipher.DES2
Cipher.DESede
Cipher.DESedeCBC
Cipher.DESedeWrap
Cipher.RSA
Cipher.Rijndael
KeyAgreement.DH
KeyFactory.DH
KeyFactory.DSA
KeyFactory.RSA
KeyGenerator.ArcFour
KeyGenerator.CAST256
KeyGenerator.DES
KeyGenerator.DES2
KeyGenerator.DESede
KeyGenerator.HmacMD5
KeyGenerator.HmacRIPEMD160
KeyGenerator.HmacSHA1
KeyGenerator.HmacSHA224
KeyGenerator.HmacSHA256
KeyGenerator.HmacSHA384
KeyGenerator.HmacSHA512
KeyGenerator.HmacTiger
KeyGenerator.Rijndael
KeyPairGenerator.DH
KeyPairGenerator.DSA
KeyPairGenerator.ECDH
KeyPairGenerator.RSA
KeyStore.JKS
KeyStore.nCipher.sworld
Mac.HmacMD5
Mac.HmacRIPEMD160
Mac.HmacSHA1
Mac.HmacSHA224
Mac.HmacSHA256
Mac.HmacSHA384
Mac.HmacSHA512
Mac.HmacTiger
MessageDigest.RIPEMD160
MessageDigest.SHA224
MessageDigest.SHA256
MessageDigest.SHA384
MessageDigest.SHA512
MessageDigest.Tiger
SecretKeyFactory.DES
SecretKeyFactory.DES2
SecretKeyFactory.DESede
SecureRandom.RNG
Signature.MD5andSHA1withRSA
Signature.NONEwithRSA
Signature.RIPEMD160withRSA
Signature.RIPEMD160withRSAandMGF1
Signature.SHA1withDSA
Signature.SHA1withRSA
Signature.SHA1withRSAandMGF1
Signature.SHA224withDSA
Signature.SHA224withRSA
Signature.SHA224withRSAandMGF1
Signature.SHA256withDSA
Signature.SHA256withRSA
Signature.SHA256withRSAandMGF1
Signature.SHA384withDSA
Signature.SHA384withRSA
Signature.SHA384withRSAandMGF1
Signature.SHA512withDSA
Signature.SHA512withRSA
Signature.SHA512withRSAandMGF1
Java 安全设置
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=com.ncipher.provider.km.nCipherKM
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
请注意,同一命令适用于 IBM JDK keytool。
提前致谢。
我们对其进行了更改,在顶部添加了 sun.security.rsa.SunRsaSign
,在底部添加了 com.ncipher.provider.km.nCipherKM
,在 nCipherKM
之前添加了 sun.security.provider.Sun
,它起作用了。
这是 ncipher 安装测试的输出
Installed providers:
1: SunRsaSign
2: SunJSSE
3: SunEC
4: SunJCE
5: SUN
6: nCipherKM
然而,正如我所说,我们在使用 IBM JDK keytool 之前的设置和相同命令中没有遇到问题。所以我想,也许这是 http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/security/x509/AlgorithmId.java
中的错误不过,我们确实通过重新配置提供程序进行了修复。
您在第一位遇到了这个错误:
无限强度管辖文件已安装。 nCipher 提供程序已安装,但未在以下位置注册 java.security 文件中提供商列表的顶部。看 有关推荐的更多信息的用户指南 系统配置。
更改您的配置:
security.provider.1=com.ncipher.provider.km.nCipherKM
security.provider.2=com.sun.crypto.provider.SunJCE
你需要看到这条消息
Installed providers:
1: nCipherKM
2: SunJCE
3: SUN
4: SunRsaSign
5: SunEC
6: SunJSSE
7: SunJGSS
8: SunSASL
9: XMLDSig
10: SunPCSC
11: SunMSCAPI
Unlimited strength jurisdiction files are installed.
The nCipher provider is correctly installed.