我编写了一个小型Java程序,它使用BouncyCastle创建公共和私有RSA密钥,然后用它来加密/解密文件。我能够使用Java程序加密和解密文件。我还能够使用OpenSSL使用程序生成的密钥解密加密文件。
问题是OpenSSL无法加载由我的Java程序生成的公钥来加密数据。
我将分享我创建的公钥和私钥作为测试。我完全清楚,发布密钥会使它们无法用于加密目的,这些特定的密钥仅用于测试!!!
Java代码:
package test;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.RandomAccessFile;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Scanner;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemWriter;
public class PublicKeyTest {
public static final int KEY_SIZE = 1024;
public static void main(String[] args) {
System.out.println("0. PK Encrypt File");
System.out.println("1. PK Decrypt File");
System.out.println("2. PK Generate Keys");;
Scanner scan = new Scanner(System.in);
String choicetext = scan.nextLine();
int choice = Integer.parseInt(choicetext);
if (choice == 0) {
System.out.print("Infile: ");
String inpath = scan.nextLine();
System.out.print("Outfile: ");
String outpath = scan.nextLine();
byte[] bytes = FiletoBytes(inpath);
PublicKey publicKey = readPublicKeyNative("./public.pem");
byte[] encryptedBytes = encrypt(bytes, publicKey);
BytestoFile(encryptedBytes, outpath);
} else if (choice == 1) {
System.out.print("Infile: ");
String inpath = scan.nextLine();
System.out.print("Outfile: ");
String outpath = scan.nextLine();
byte[] bytes = FiletoBytes(inpath);
PrivateKey privateKey = readPrivateKeyNative("./private.pem");
byte[] decryptedBytes = decrypt(bytes, privateKey);
BytestoFile(decryptedBytes, outpath);
} else if (choice == 2) {
System.out.print("Public: ");
String publicPath = scan.nextLine();
System.out.print("Private: ");
String privatePath = scan.nextLine();
writeKeys(publicPath, privatePath);
}
scan.close();
}
public static byte[] FiletoBytes(String path) {
byte[] bytes = null;
RandomAccessFile raf;
try {
raf = new RandomAccessFile(path, "rw");
int fileLength = (int) raf.length();
bytes = new byte[fileLength];
raf.read(bytes);
raf.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return bytes;
}
public static void BytestoFile(byte[] bytes, String path) {
RandomAccessFile raf;
try {
raf = new RandomAccessFile(path, "rw");
raf.write(bytes);
raf.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
public static PublicKey readPublicKeyNative(String publicKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PublicKey key = null;
byte[] publicKeyFileBytes = null;
try {
publicKeyFileBytes = Files.readAllBytes(Paths.get(publicKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(publicKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
// PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static PrivateKey readPrivateKeyNative(String privateKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PrivateKey key = null;
byte[] privateKeyFileBytes = null;
try {
privateKeyFileBytes = Files.readAllBytes(Paths.get(privateKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(privateKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
// X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static byte[] encrypt(byte[] bytes, PublicKey key) {
byte[] cipherText = null;
try {
// get an RSA cipher object and print the provider
final Cipher cipher = Cipher.getInstance("RSA");
// encrypt the plain text using the public key
cipher.init(Cipher.ENCRYPT_MODE, key);
cipherText = cipher.doFinal(bytes);
} catch (Exception e) {
e.printStackTrace();
}
return cipherText;
}
public static byte[] decrypt(byte[] text, PrivateKey key) {
byte[] decryptedText = null;
try {
// get an RSA cipher object and print the provider
final Cipher cipher = Cipher.getInstance("RSA");
// decrypt the text using the private key
cipher.init(Cipher.DECRYPT_MODE, key);
decryptedText = cipher.doFinal(text);
} catch (Exception ex) {
ex.printStackTrace();
}
return decryptedText;
}
public static void writeKeys(String publicPath,String privatePath){
Security.addProvider(new BouncyCastleProvider());
KeyPair keyPair = generateRSAKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
writePemFile(priv, "RSA PRIVATE KEY", privatePath);
writePemFile(pub, "RSA PUBLIC KEY", publicPath);
}
private static KeyPair generateRSAKeyPair(){
KeyPairGenerator generator=null;
try {
generator = KeyPairGenerator.getInstance("RSA", "BC");
} catch (NoSuchAlgorithmException | NoSuchProviderException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
SecureRandom random = new SecureRandom();
generator.initialize(KEY_SIZE, random);
KeyPair keyPair = generator.generateKeyPair();
return keyPair;
}
public static void writePemFile(Key key, String description,String filename) {
PemObject pemObject = new PemObject(description, key.getEncoded());
PemWriter pemWriter=null;
try {
pemWriter = new PemWriter(new OutputStreamWriter(
new FileOutputStream(filename)));
} catch (FileNotFoundException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
try {
pemWriter.writeObject(pemObject);
pemWriter.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}
问题的演示:
制作密钥
[tester@testdb keytest]$ java -jar pktest.jar
0. PK Encrypt File
1. PK Decrypt File
2. PK Generate Keys
2
Public: public.pem
Private: private.pem
[tester@testdb keytest]$ cat public.pem
-----BEGIN RSA PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBZTAOigNUeTHzEAUGh+c1XNpH
5u2ARbNYIftd4dAXL2W6iUDYk9cFCfGX4p8kBH/itgbbw6IHLiyK2f4nEdupT8p/
7vMvEqN/+fCaU05mixgEhfYzlZO9GRzK3GVZrqtzrYiF0Bkifgf/xmqHDFwtLA9y
nRNAbUjq5pAz8KyKUQIDAQAB
-----END RSA PUBLIC KEY-----
[tester@testdb keytest]$ cat private.pem
-----BEGIN RSA PRIVATE KEY-----
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAIFlMA6KA1R5MfMQ
BQaH5zVc2kfm7YBFs1gh+13h0BcvZbqJQNiT1wUJ8ZfinyQEf+K2BtvDogcuLIrZ
/icR26lPyn/u8y8So3/58JpTTmaLGASF9jOVk70ZHMrcZVmuq3OtiIXQGSJ+B//G
aocMXC0sD3KdE0BtSOrmkDPwrIpRAgMBAAECgYAFV7o+P3CXwlFPqe+rL11alLTm
lyBjVX1sPCr222YOLwTSSOyGhMQyDxEMpmzPvefR4pYx6Mf95+gq64lU76XULrj5
+wxlQVj6imMJUSWo5j85TBvcCinzMMylFIiwoZkpjPtmEFznmUcUP3BBCdn6qxIq
3STQGnevExbzKaDpiQJBAMvHJZqSO6Q276Lg6G5jw+k4Ynjk5Z2AWVBBsBEkTcn7
9XBRrQW42gPmN5M7kPI2IQSb4Kjb+rq4kmV2e85vPh8CQQCijip1E4kevrDxr2pb
FHI0Ht86jrx3CTvKYpb+LE/7OI+h+RDRqeOcgP/HSWfOjtH3sRG8PZZeYsolVOr5
7kmPAkA578gAN31fhgMB8yICaLkFsPNGXgXujtRV3ic56HF5cPpqUb54twK9QxIf
+TqPstYWYl8wg0K5Hcr5sAMpQTWPAkAcIn0IvHPcJWccvZ6r2vMVQE6kpPXLqIZ3
te6qWWMSeSyq/R/DGiNyAAXFKVhVMPT4aOZH7WTsOy7/nR36WhrTAkBGP7NfsCGd
wtsfH9n9h1xCBamTguF7XjXELEymfbW+OFbQRYMdu3G2a+yZuswjicoenw5kNLFm
zblu/SZSYUOB
-----END RSA PRIVATE KEY-----
[tester@testdb keytest]$
使用机密信息创建文件
[tester@testdb keytest]$ echo "secret" > testfile.txt
[tester@testdb keytest]$ cat testfile.txt
secret
使用Java程序加密文件
[tester@testdb keytest]$ java -jar pktest.jar
0. PK Encrypt File
1. PK Decrypt File
2. PK Generate Keys
0
Infile: testfile.txt
Outfile: testfile_encrypted.txt
[tester@testdb keytest]$ cat testfile_encrypted.txt
~!▒▒
d]`▒g)▒▒▒▒m▒▒Y2▒ؐ▒▒t▒▒⦱▒n▒▒vi▒i▒▒]▒(ʬ▒S▒▒▒▒II▒▒▒19▒▒[~8▒1▒R▒`▒▒q▒▒0d▒#
▒▒
▒ͬ6j▒SF▒s▒▒▒▒R.m▒u▒Q▒V▒rS▒▒T[tester@testdb keytest]$
使用Java程序解密文件
[tester@testdb keytest]$ java -jar pktest.jar
0. PK Encrypt File
1. PK Decrypt File
2. PK Generate Keys
1
Infile: testfile_encrypted.txt
Outfile: testfile_decrypted.txt
[tester@testdb keytest]$ cat testfile_decrypted.txt
secret
[tester@testdb keytest]$
使用OpenSSL测试解密文件
[tester@testdb keytest]$ cat testfile_encrypted.txt |openssl rsautl -decrypt -inkey private.pem
secret
测试使用OpenSSL加密单独的文件(FAILS)
[tester@testdb keytest]$ cat testfile2.txt
secret2
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public.pem > testfile2_encrypted.txt
unable to load Public Key
尝试添加-inform PEM失败,OpenSSL提供语法帮助页面
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inform PEM -inkey public.pem > testfile2_encrypted.txt
Usage: rsautl [options]
-in file input file
-out file output file
-inkey file input key
-keyform arg private key format - default PEM
-pubin input is an RSA public
-certin input is a certificate carrying an RSA public key
-ssl use SSL v2 padding
-raw use no padding
-pkcs use PKCS#1 v1.5 padding (default)
-oaep use PKCS#1 OAEP
-sign sign with private key
-verify verify with public key
-encrypt encrypt with public key
-decrypt decrypt with private key
-hexdump hex dump output
-engine e use engine e, possibly a hardware device.
-passin arg pass phrase source
更改页眉和页脚似乎无法正常工作
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public.pem > testfile2_encrypted.txt
unable to load Public Key
[tester@testdb keytest]$ cat public2.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBZTAOigNUeTHzEAUGh+c1XNpH
5u2ARbNYIftd4dAXL2W6iUDYk9cFCfGX4p8kBH/itgbbw6IHLiyK2f4nEdupT8p/
7vMvEqN/+fCaU05mixgEhfYzlZO9GRzK3GVZrqtzrYiF0Bkifgf/xmqHDFwtLA9y
nRNAbUjq5pAz8KyKUQIDAQAB
-----END PUBLIC KEY-----
尝试使用-RSAPublicKey_in转换公钥失败
[tester@testdb keytest]$ openssl rsa -inform PEM -outform -PEM -RSAPublicKey_in -in public.pem -out public2.pem
unable to load Public Key
139808815384480:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319:
139808815384480:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:831:
139808815384480:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:751:Field=n, Type=RSA
139808815384480:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:83:
每个jww从页眉和页脚中删除RSA并使用“-keyform PEM”传递密钥
为什么我必须进行这些更改?有没有办法让BouncyCastle输出PEM文件的方式,OpenSSL将采用公钥而不强迫我进行这些更改。
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public^Cem -keyform PEM > testfile2_encrypted.txt
[tester@testdb keytest]$ cat public2.pem
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCBZTAOigNUeTHzEAUGh+c1XNpH
5u2ARbNYIftd4dAXL2W6iUDYk9cFCfGX4p8kBH/itgbbw6IHLiyK2f4nEdupT8p/
7vMvEqN/+fCaU05mixgEhfYzlZO9GRzK3GVZrqtzrYiF0Bkifgf/xmqHDFwtLA9y
nRNAbUjq5pAz8KyKUQIDAQAB
-----END PUBLIC KEY-----
[tester@testdb keytest]$ cat testfile2.txt |openssl rsautl -encrypt -pubin -inkey public2.pem -keyform PEM > testfile2_encrypted.txt
[tester@testdb keytest]$ cat testfile2_encrypted.txt |openssl rsautl -decrypt -inkey private.pem > testfile2_decrypted.txt
为什么我无法加载公钥错误?
答案 0 :(得分:4)
我遇到此问题的原因是由于我通过BouncyCastle API创建公钥和私钥(特别是公钥)的方式。我在 writeKeys
中将 keyPair.getPrivate(); 返回的对象转换为 RSAPrivateKey旧代码:
public static void writeKeys(String publicPath,String privatePath){
Security.addProvider(new BouncyCastleProvider());
KeyPair keyPair = generateRSAKeyPair();
RSAPrivateKey priv = (RSAPrivateKey) keyPair.getPrivate();
RSAPublicKey pub = (RSAPublicKey) keyPair.getPublic();
writePemFile(priv, "RSA PRIVATE KEY", privatePath);
writePemFile(pub, "RSA PUBLIC KEY", publicPath);
}
新代码:
public static void writeKeys(String publicPath, String privatePath) {
Security.addProvider(new BouncyCastleProvider());
KeyPair keyPair = generateRSAKeyPair();
PrivateKey priv = keyPair.getPrivate();
PublicKey pub = keyPair.getPublic();
writePemFile(priv, "PRIVATE KEY", privatePath);
writePemFile(pub, "PUBLIC KEY", publicPath);
}
当然,在更改此方法后,我还必须修改我的两种方法来读取私钥和公钥,以便它删除新的页眉/页脚。
旧代码:
public static PublicKey readPublicKeyNative(String publicKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PublicKey key = null;
byte[] publicKeyFileBytes = null;
try {
publicKeyFileBytes = Files.readAllBytes(Paths.get(publicKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(publicKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
// PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static PrivateKey readPrivateKeyNative(String privateKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PrivateKey key = null;
byte[] privateKeyFileBytes = null;
try {
privateKeyFileBytes = Files.readAllBytes(Paths.get(privateKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(privateKeyFileBytes);
//System.out.println(KeyString);
//System.out.println("FORMATTED:");
KeyString = KeyString.replaceAll("-----BEGIN RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("-----END RSA PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
//System.out.println(KeyString);
byte[] encoded = Base64.getDecoder().decode(KeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
// X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
新代码:
public static PublicKey readPublicKeyNative(String publicKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PublicKey key = null;
byte[] publicKeyFileBytes = null;
try {
publicKeyFileBytes = Files.readAllBytes(Paths.get(publicKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(publicKeyFileBytes);
KeyString = KeyString.replaceAll("-----BEGIN PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("-----END PUBLIC KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
byte[] encoded = Base64.getDecoder().decode(KeyString);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePublic(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
public static PrivateKey readPrivateKeyNative(String privateKeyPath) {
Security.addProvider(new BouncyCastleProvider());
KeyFactory factory = null;
PrivateKey key = null;
byte[] privateKeyFileBytes = null;
try {
privateKeyFileBytes = Files.readAllBytes(Paths.get(privateKeyPath));
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
String KeyString = new String(privateKeyFileBytes);
KeyString = KeyString.replaceAll("-----BEGIN PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("-----END PRIVATE KEY-----", "");
KeyString = KeyString.replaceAll("[\n\r]", "");
KeyString = KeyString.trim();
byte[] encoded = Base64.getDecoder().decode(KeyString);
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
try {
factory = KeyFactory.getInstance("RSA");
key = factory.generatePrivate(keySpec);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (InvalidKeySpecException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return key;
}
感谢大家的帮助!