从HSM检索私钥时解密数据时收到错误。
我在java.security中添加了sunpkcs11提供程序。 因此,不要通过代码添加提供程序。 文本已成功加密。 但是,在解密加密文本时,我在下面的行中遇到错误:
cipher.init(Cipher.DECRYPT_MODE, privateKey);
我在这里失踪的是什么?
错误:
Caused by: java.security.InvalidKeyException: Private key must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding
at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:101) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11KeyFactory.engineTranslateKey(P11KeyFactory.java:132) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11KeyFactory.convertKey(P11KeyFactory.java:65) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11RSACipher.implInit(P11RSACipher.java:199) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11RSACipher.engineInit(P11RSACipher.java:168) [sunpkcs11.jar:1.7.0_85]
at javax.crypto.Cipher.init(Cipher.java:1068) [jce.jar:1.7.0_85]
at javax.crypto.Cipher.init(Cipher.java:1012) [jce.jar:1.7.0_85]enter code here
以下是代码:
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import javax.xml.bind.DatatypeConverter;
import sun.security.pkcs11.SunPKCS11;
public class App {
public static void main(String[] args) throws Exception {
try {
String passphrase = "mysecretkey";
SunPKCS11 provider = new SunPKCS11("/home/user/pkcs11.cfg");
KeyStore keystore = KeyStore.getInstance("PKCS11", provider);
keystore.load(null, passphrase.toCharArray());
String textToEncrypt = "this is my text";
Certificate cert = keystore.getCertificate("my-SHA1WITHRSA-2048-bits-key");
PublicKey publicKey = cert.getPublicKey();
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
String encryptedData = DatatypeConverter.printBase64Binary(cipher.doFinal(textToEncrypt.getBytes()));
PrivateKey privateKey = (PrivateKey) keystore.getKey("my-SHA1WITHRSA-2048-bits-key",
passphrase.toCharArray());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decodedEncryptedData = DatatypeConverter.parseBase64Binary(encryptedData);
ByteArrayOutputStream stream = new ByteArrayOutputStream();
int blocks = decodedEncryptedData.length / 256;
int offset = 0;
for (int blockIndex = 0; blockIndex < blocks; blockIndex++) {
byte[] nextBlock = getNextBlock(decodedEncryptedData, offset);
stream.write(cipher.doFinal(nextBlock));
offset += 256;
}
} catch (Exception e) {
e.printStackTrace();
}
}
private static byte[] getNextBlock(byte[] cipherText, int offset) {
byte[] block = new byte[256];
System.arraycopy(cipherText, offset, block, 0, 256);
return block;
}
}
答案 0 :(得分:5)
我是如何解决的:
此问题的根本原因是sunpkcs11提供程序已静态和动态加载。
即。 在java.security中,已经添加了提供者条目以及cfg路径。
此外,在代码中,使用cfg文件再次初始化提供程序。
这导致了这个问题。
更改后:
SunPKCS11 provider = new SunPKCS11("/home/user/pkcs11.cfg");
TO:
SunPKCS11 sunPKCS11Provider = (SunPKCS11) Security.getProvider("SunPKCS11");
问题得到了解决。
答案 1 :(得分:1)
我使用了以下代码,问题已解决
SunPKCS11 provider = new SunPKCS11("/home/user/pkcs11.cfg");
Security.addProvider(provider);
KeyStore keystore = KeyStore.getInstance("PKCS11");
keystore.load(null, passphrase.toCharArray());