我正在尝试解密一个文件" test.txt.p7b",它使用JKS中的证书加密。
调试代码时收到此错误。感谢有人可以解释为什么这个错误。是我的密钥有问题还是我的代码出了问题(大多数情况下,我相信)。非常感谢
错误信息如下,
Exception in thread "main" org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: Decryption error
at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(Unknown Source)
at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at TestingB.decryptData(TestingB.java:299)
at TestingB.main(TestingB.java:161)
Caused by: org.bouncycastle.operator.OperatorException: bad padding: Decryption error
at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(Unknown Source)
... 7 more
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389)
at javax.crypto.Cipher.doFinal(Cipher.java:2121)
... 8 more
这是我的解密代码。
FileInputStream fIn = new FileInputStream(_keyStorePath);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(fIn, _password);
PrivateKey key = (PrivateKey) keystore.getKey("def","123456".toCharArray());
fIn.close();
File file = new File("C:\\1_Eclipse\\1_CS\\Encrypted\\test.txt.p7b");
FileInputStream fileInputStream = new FileInputStream(file);
byte[] encryptedAndSignedByte = new byte[(int)file.length()];
fileInputStream.read(encryptedAndSignedByte);
fileInputStream.close();
X509Certificate cert9 = (X509Certificate) keystore.getCertificate("abc");
KeyTransRecipientId recId = new JceKeyTransRecipientId(cert9.getIssuerX500Principal(), cert9.getSerialNumber());
CMSEnvelopedData enveloped = new CMSEnvelopedData(encryptedAndSignedByte);
RecipientInformationStore recipients = enveloped.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient(key);
ter.setContentProvider(BouncyCastleProvider.PROVIDER_NAME);
System.out.println("content : " + recipient.getContent(ter));
答案 0 :(得分:0)
从这里我看不出有什么问题,但是在RSA私钥解密对称密钥时会发生错误。
CMS是一种容器格式。它包含处理或包含数据的方法。如果您有一个包络容器,那么其中的数据不会使用RSA公钥直接加密。相反,它使用随机对称密钥(通常称为数据密钥或甚至会话密钥)进行加密。然后使用公钥加密该对称密钥。
RSA加密首先填充数据,然后使用公共指数执行模幂运算。解密包括使用私有指数和unpadding的模幂运算。现在无论数据或指数的值如何,模幂运算总是会成功。因此,如果数据或密钥无效,那么填充异常是唯一的指示。
由于容器中的数据可能有效 - 如果不是,则会出现解码错误 - 私钥更可能与公钥不匹配。它并没有排除CMS库的实现错误,但我认为如果CMS库已经过良好测试,则相对不太可能。
所以我怀疑你的键值而不是你的代码 - 当然也可能在代码中读取或写入你的密钥时出错。
所有人都说,我肯定会先修复代码中的流处理。只创建一个encryptedAndSignedByte缓冲区并调用一次read非常天真。如果这样可以解决此错误,请告诉我们。
答案 1 :(得分:0)
我修改了代码,但同样的问题发生了。我相信加密部分不应该是任何问题。
解密代码:
public static void decrypt(final InputStream is, OutputStream os, Key key, String providerName) throws Exception {
final InputStream bis = new BufferedInputStream(is, bufferSize);
final OutputStream bos = new BufferedOutputStream(os, bufferSize);
final Iterator it = new CMSEnvelopedDataParser(bis).getRecipientInfos().getRecipients().iterator();
if (it.hasNext()) {
final RecipientInformation recipient = (RecipientInformation)it.next();
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient((PrivateKey) key);
final CMSTypedStream recData = recipient.getContentStream(ter);
final InputStream ris = recData.getContentStream();
fromInToOut(ris, bos);
}
os.close();
}
在主课程中
new File("C:\\1_Eclipse\\1_CS\\Encrypted\\test_result.txt");
FileOutputStream E_fileOuputStream = new FileOutputStream("C:\\1_Eclipse\\1_CS\\Encrypted\\test_result.txt");
FileInputStream E_fileInputStream = new FileInputStream("C:\\1_Eclipse\\1_CS\\Encrypted\\test.txt.p7b");
decrypt(E_fileInputStream,E_fileOuputStream,key,"BC");
我认为错误是由我解密的这部分引起的。
final RecipientInformation recipient = (RecipientInformation)it.next();
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient((PrivateKey) key);
final CMSTypedStream recData = recipient.getContentStream(ter);