我正在尝试解密使用AES-128对称加密加密的邮件,然后对生成的对称密钥进行RSA-1024非对称加密。我收到加密的AES密钥和加密的消息,从pfx文件中提取私钥,然后继续解密对称密钥。之后,我尝试使用解密的AES密钥解密加密的消息。
以下是我的代码:
// Get the private key
PrivateKey privateKey = (PrivateKey) keyStore.getKey(selectedAlias, "password".toCharArray());
System.out.println("Key information " + privateKey.getAlgorithm() + " " + privateKey.getFormat());
// Load aesSessionKey and encryptedMessage
byte[] aesSessionKey = ...
byte[] encryptedMessage = ...
// RSA Decryption of Encrypted Symmetric AES key - 128 bits
Cipher rsaCipher = Cipher.getInstance("RSA", "BC");
rsaCipher.init(Cipher.UNWRAP_MODE, privateKey);
Key decryptedKey = rsaCipher.unwrap(aesSessionKey, "AES", Cipher.SECRET_KEY);
System.out.println("Decrypted Key Length: " + decryptedKey.getEncoded().length);
SecretKeySpec decrypskeySpec = new SecretKeySpec(decryptedKey.getEncoded(), "AES");
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING", "BC");
cipher.init(Cipher.DECRYPT_MODE, decryptedKey, new IvParameterSpec(new byte[16]));
byte[] message = cipher.doFinal(encryptedMessage);
System.out.println(new String(message, "UTF-8"));
问题是解密的AES密钥的大小是128字节,而不是我期望的16字节。我得到以下异常:
Key information RSA PKCS#8
Decrypted Key Length: 128
java.security.InvalidKeyException: Key length not 128/192/256 bits.
at org.bouncycastle.jce.provider.JCEBlockCipher.engineInit(Unknown Source)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.simarks.services.PKCS12.run(PKCS12.java:74)
at com.simarks.services.PKCS12.main(PKCS12.java:34)
我是Java Cryptography的新手。我已经检查了许多其他问题并尝试了几种不同的方法(比如使用DECRYPT_MODE而不是UNWRAP_MODE),但我得到了同样的错误。任何帮助将不胜感激。
修改 加密消息的客户端代码如下:
PBYTE pInputData = NULL;
DWORD dwInputSize = 0;
PBYTE pCertData = NULL;
DWORD dwCertSize = 0;
PCCERT_CONTEXT pCertContext = NULL;
HCRYPTPROV hCryptProv = NULL;
HCRYPTKEY hPublicKey = NULL;
HCRYPTKEY hSessionKey = NULL;
BYTE InitializationVector[ 32 ] = { 0 };
DWORD PKCS5Padding = PKCS5_PADDING;
DWORD CBCMode = CRYPT_MODE_CBC;
PSIMPLEBLOB pKeyBlob = NULL;
DWORD dwBlobSize = 0;
DWORD dwKeySize = 0;
PBYTE pEncryptedData = NULL;
DWORD dwEncryptedDataSize = 0;
HRESULT hr = S_FALSE;
if( FAILED( hr = ReadBinaryFile( InputFile, &pInputData, &dwInputSize ) ) ) goto EncryptExit;
if( FAILED( hr = ReadBinaryFile( CertFile, &pCertData, &dwCertSize ) ) ) goto EncryptExit;
if( ( pCertContext = CertCreateCertificateContext( PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, pCertData, dwCertSize ) ) == NULL ) goto EncryptExit;
if( !CryptAcquireContext( &hCryptProv, NULL, GetMsAesProviderName(), PROV_RSA_AES, 0 ) ) goto EncryptExit;
if( !CryptImportPublicKeyInfo( hCryptProv, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, &pCertContext->pCertInfo->SubjectPublicKeyInfo, &hPublicKey ) ) goto EncryptExit;
if( !CryptGenKey( hCryptProv, AlgId, CRYPT_EXPORTABLE, &hSessionKey ) ) goto EncryptExit;
if( !CryptSetKeyParam( hSessionKey, KP_IV, InitializationVector, 0 ) ) goto EncryptExit;
if( !CryptSetKeyParam( hSessionKey, KP_PADDING, (PBYTE)&PKCS5Padding, 0 ) ) goto EncryptExit;
if( !CryptSetKeyParam( hSessionKey, KP_MODE, (PBYTE)&CBCMode, 0 ) ) goto EncryptExit;
if( !CryptExportKey( hSessionKey, hPublicKey, SIMPLEBLOB, 0, NULL, &dwBlobSize ) ) goto EncryptExit;
if( ( pKeyBlob = (PSIMPLEBLOB)malloc( dwBlobSize ) ) == NULL ) { hr = E_OUTOFMEMORY; goto EncryptExit; }
if( !CryptExportKey( hSessionKey, hPublicKey, SIMPLEBLOB, 0, (PBYTE)pKeyBlob, &dwBlobSize ) ) goto EncryptExit;
dwKeySize = dwBlobSize - sizeof( BLOBHEADER ) - sizeof( ALG_ID );
dwEncryptedDataSize = dwInputSize;
if( !CryptEncrypt( hSessionKey, NULL, TRUE, 0, NULL, &dwEncryptedDataSize, 0 ) ) goto EncryptExit;
if( ( pEncryptedData = (PBYTE)malloc( dwEncryptedDataSize ) ) == NULL ) { hr = E_OUTOFMEMORY; goto EncryptExit; }
CopyMemory( pEncryptedData, pInputData, dwInputSize );
if( !CryptEncrypt( hSessionKey, NULL, TRUE, 0, pEncryptedData, &dwInputSize, dwEncryptedDataSize ) ) goto EncryptExit;
if( FAILED( hr = WriteBinaryFile( OutputFile, pEncryptedData, dwInputSize ) ) ) goto EncryptExit;
hr = WriteBinaryFile( KeyFile, pKeyBlob->Key, dwKeySize );
EncryptExit:
答案 0 :(得分:1)
AES采用128- 位密钥,长度为16 字节,因为一个字节适合8位。
1024位RSA加密1024 位(或128 字节)数据。您应该始终使用带有RSA的填充,因为这可以提高安全性并允许您加密任意数量的数据。
另请注意,1024位RSA对暴力攻击相当弱。 2048位被认为是最小值。
此外,使用静态IV的CBC模式只是在寻找麻烦。
答案 1 :(得分:1)
与许多其他提供程序不同,BouncyCastle提供程序在您指定"RSA"算法时默认不使用填充。 According to the FAQ,BC提供商会将"RSA"映射到"RSA/NONE/NoPadding"。
因此,您的解密数据仍然附加了填充,因此长度为128个字节。您需要确定在加密密钥时使用了哪个填充,并确保在创建Cipher实例时明确指定此填充。例如:
Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC")
作为owlstead mentioned in the comments,如果您愿意,您还可以考虑使用标准的Oracle提供程序 - 看起来BouncyCastle似乎不是必需的。
答案 2 :(得分:0)
经过一番研究后,我通过反转aesSessionKey:
org.apache.commons.lang.ArrayUtils.reverse(encryptedSessionKey);
显然,CryptoAPI结构通常以little-endian顺序表示数据,但Java(和.NET)使用big-endian。以下是我找到解决方案的一些链接: