我用它来创建私钥并加密:
var forge = require('node-forge');
var fs = require('fs');
var bytes = forge.random.getBytesSync(16);
console.log("random plaintext", forge.util.bytesToHex(bytes));
var keypair = forge.pki.rsa.generateKeyPair({bits: 2048, e: 17});
var encrypted = keypair.publicKey.encrypt(bytes, 'RSA-OAEP', {
md: forge.md.sha256.create(),
mgf1: {
md: forge.md.sha1.create()
}
});
console.log("ciphertext", forge.util.bytesToHex(encrypted));
fs.writeFileSync('ciphertext', encrypted);
var pem = forge.pki.privateKeyToPem(keypair.privateKey);
fs.writeFileSync('prikey.pem', pem);
console.log("private key", forge.util.bytesToHex(pem));
然后我尝试使用以下任一方式解密:
public class CryptoTest {
public static void main(String[] args) throws Exception {
PEMParser parser = new PEMParser(new FileReader("/tmp/prikey.pem"));
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
KeyPair kp = converter.getKeyPair((PEMKeyPair) parser.readObject());
RSAPublicKey pubkey = (RSAPublicKey) kp.getPublic();
RSAPrivateKey privkey = (RSAPrivateKey) kp.getPrivate();
byte[] ct = Files.readAllBytes(Paths.get("/tmp/ciphertext"));
Cipher oaepFromInit = Cipher.getInstance("RSA/ECB/OAEPPadding");
OAEPParameterSpec oaepParams = new OAEPParameterSpec("SHA-256", "MGF1", new MGF1ParameterSpec("SHA-1"), PSpecified.DEFAULT);
oaepFromInit.init(Cipher.DECRYPT_MODE, privkey, oaepParams);
byte[] pt = oaepFromInit.doFinal(ct);
}
}
或
openssl rsautl -decrypt -inkey prikey.pem -oaep -in ciphertext -out plaintext
Java代码抛出错误:
Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
at org.bouncycastle.jcajce.provider.asymmetric.rsa.CipherSpi.engineDoFinal(Unknown Source)
at javax.crypto.Cipher.doFinal(Cipher.java:1966)
at cryptotest.CryptoTest.main(CryptoTest.java:47)
和OpenSSL说:
RSA operation error
140258189264528:error:0406506C:rsa routines:RSA_EAY_PRIVATE_DECRYPT:data greater than mod len:rsa_eay.c:518:
可能是什么问题?
答案 0 :(得分:1)
必须将编码消息保留为二进制编码:
fs.writeFileSync('ciphertext', encrypted, {encoding: 'binary'});