在 Java 中使用 BouncyCastle 通过 ECIES 进行加密
Using BouncyCastle to encrypt with ECIES in Java
我正在尝试使用 java 中使用 BouncyCastle 的 ECC 算法来加密一些内容。但是我得到了 BouncyCastle 库的异常,它说不能将 JCEECPublicKey 转换为 IESKey。据我了解,KeyPairGenerator 生成的 public 密钥是 JCEECPublicKey,不能在 java Cipher.init 方法中使用。有人可以告诉我如何将它转换为 Public 密钥或 X509 规范,以便我可以在加密中使用它。
这是我试过的代码
// add instance of provider class
Security.addProvider(new BouncyCastleProvider());
// initializing parameter specs secp256r1/prime192v1
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");
// key pair generator to generate public and private key
KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());
// initialize key pair generator
generator.initialize(ecSpec);
// Key pair to store public and private key
KeyPair keyPair = generator.generateKeyPair();
Cipher iesCipher = Cipher.getInstance("ECIES", new BouncyCastleProvider());
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
我也尝试将 public 密钥转换为 X509EncodedSpec,但我得到了同样的异常
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
KeyFactory factory = KeyFactory.getInstance("ECDH");
PublicKey publicKey = factory.generatePublic(spec);
我遇到的异常是
java.lang.ClassCastException: org.bouncycastle.jce.provider.JCEECPublicKey cannot be cast to org.bouncycastle.jce.interfaces.IESKey
at org.bouncycastle.jce.provider.JCEIESCipher.engineGetKeySize(JCEIESCipher.java:49)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1057)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1015)
at javax.crypto.Cipher.init(Cipher.java:1229)
at javax.crypto.Cipher.init(Cipher.java:1173)
at com.test.EciesTest.main(EciesTest.java:45)
编辑
根据评论,我使用的 JDK 版本是 JDK 7 - Oracle
我正在使用的导入语句:
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
尝试以下操作:
// add instance of provider class
Security.addProvider(new BouncyCastleProvider());
String name = "secp256r1";
// NOTE just "EC" also seems to work here
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(new ECGenParameterSpec(name));
// Key pair to store public and private key
KeyPair keyPair = kpg.generateKeyPair();
Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
请注意,在尝试通过 JCE 使用 Bouncy 时,通常最好使用 JCE 类 而不是 Bouncy Castle 类。在这种情况下,问题可能出在给密钥生成器的参数上。
在上面的代码中,我使用了 BouncyCastleProvider.PROVIDER_NAME,但是 "BC" 当然也同样有效。每次都重新实例化提供者不是一个好主意,尽管它不应该影响最终结果。
确保您的系统是最新的 运行 此代码。此代码已在以下系统上测试:
--- runtime information ---
Properties:
java.vendor : Oracle Corporation
java.specification.name : Java Platform API Specification
java.specification.version : 1.8
java.runtime.name : Java(TM) SE Runtime Environment
java.runtime.version : 1.8.0_65-b17
java.vm.name : Java HotSpot(TM) 64-Bit Server VM
Unlimited crypto: yes
--- info for provider Bouncy Castle ---
Bouncy Castle version: 1.520000
Bouncy Castle provider registered: yes
我正在尝试使用 java 中使用 BouncyCastle 的 ECC 算法来加密一些内容。但是我得到了 BouncyCastle 库的异常,它说不能将 JCEECPublicKey 转换为 IESKey。据我了解,KeyPairGenerator 生成的 public 密钥是 JCEECPublicKey,不能在 java Cipher.init 方法中使用。有人可以告诉我如何将它转换为 Public 密钥或 X509 规范,以便我可以在加密中使用它。
这是我试过的代码
// add instance of provider class
Security.addProvider(new BouncyCastleProvider());
// initializing parameter specs secp256r1/prime192v1
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");
// key pair generator to generate public and private key
KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());
// initialize key pair generator
generator.initialize(ecSpec);
// Key pair to store public and private key
KeyPair keyPair = generator.generateKeyPair();
Cipher iesCipher = Cipher.getInstance("ECIES", new BouncyCastleProvider());
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
我也尝试将 public 密钥转换为 X509EncodedSpec,但我得到了同样的异常
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
KeyFactory factory = KeyFactory.getInstance("ECDH");
PublicKey publicKey = factory.generatePublic(spec);
我遇到的异常是
java.lang.ClassCastException: org.bouncycastle.jce.provider.JCEECPublicKey cannot be cast to org.bouncycastle.jce.interfaces.IESKey
at org.bouncycastle.jce.provider.JCEIESCipher.engineGetKeySize(JCEIESCipher.java:49)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1057)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1015)
at javax.crypto.Cipher.init(Cipher.java:1229)
at javax.crypto.Cipher.init(Cipher.java:1173)
at com.test.EciesTest.main(EciesTest.java:45)
编辑
根据评论,我使用的 JDK 版本是 JDK 7 - Oracle 我正在使用的导入语句:
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
尝试以下操作:
// add instance of provider class
Security.addProvider(new BouncyCastleProvider());
String name = "secp256r1";
// NOTE just "EC" also seems to work here
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(new ECGenParameterSpec(name));
// Key pair to store public and private key
KeyPair keyPair = kpg.generateKeyPair();
Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
请注意,在尝试通过 JCE 使用 Bouncy 时,通常最好使用 JCE 类 而不是 Bouncy Castle 类。在这种情况下,问题可能出在给密钥生成器的参数上。
在上面的代码中,我使用了 BouncyCastleProvider.PROVIDER_NAME,但是 "BC" 当然也同样有效。每次都重新实例化提供者不是一个好主意,尽管它不应该影响最终结果。
确保您的系统是最新的 运行 此代码。此代码已在以下系统上测试:
--- runtime information ---
Properties:
java.vendor : Oracle Corporation
java.specification.name : Java Platform API Specification
java.specification.version : 1.8
java.runtime.name : Java(TM) SE Runtime Environment
java.runtime.version : 1.8.0_65-b17
java.vm.name : Java HotSpot(TM) 64-Bit Server VM
Unlimited crypto: yes
--- info for provider Bouncy Castle ---
Bouncy Castle version: 1.520000
Bouncy Castle provider registered: yes