将Apple APNs auth密钥加载到Java PrivateKey

Question

问题

我很难将 APN的身份验证密钥加载到 Java 。我的理解是Java可以读取PKCS8编码的私钥，但我得到了一个例外。

例外我使用Bouncy Castle（bcprov-jdk15on-1.55）

org.bouncycastle.jcajce.provider.asymmetric.util.ExtendedInvalidKeySpecException: unable to process key spec: java.io.IOException: algorithm identifier 1.2.840.10045.2.1 in key not recognised
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePrivate(Unknown Source)
    at java.security.KeyFactory.generatePrivate(KeyFactory.java:366)
Caused by: java.io.IOException: algorithm identifier 1.2.840.10045.2.1 in key not recognised
    at org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.generatePrivate(Unknown Source)
    ... 29 more

异常我使用Java（jdk1.8.0_74）

java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: Invalid RSA private key
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)
    at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
Caused by: java.security.InvalidKeyException: Invalid RSA private key
    at sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:206)
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:342)
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
    at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
    ... 28 more
Caused by: java.io.IOException: Version must be 0
    at sun.security.rsa.RSAPrivateCrtKeyImpl.parseKeyBits(RSAPrivateCrtKeyImpl.java:192)
    ... 34 more

实施

我尝试过使用Java和bouncycastle提供程序：

byte[] pkcs8EncodedKey = Base64.getDecoder().decode(APNS_PRIVATE_KEY);
KeyFactory factory = KeyFactory.getInstance("RSA");
PrivateKey privateKey = factory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8EncodedKey));

我创建了一个示例项目：http://tutorialpoint.com

这是测试密钥

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQg9eWdXw19hL94+Jx1xjb79Y3Hr9rAaRYaoe4XSv6BnPigCgYIKoZIzj0DAQehRANCAAR9VOiSABvXFHeq/hCMEx63Vq0mYneI2aqQu5sLu5x8DrzUd82BodKoUG3dMPWY9m86dGYAR9xhVUlBDpap9TfH
-----END PRIVATE KEY-----

Answer 1

解决方案

基本上苹果不使用RSA算法，而是使用ECC（椭圆曲线加密），因此在加载私钥时我必须使用 EC 算法。

http://rahulatjava.blogspot.si/2014/02/elliptical-curve-cryptography-in-java.html

工作版

byte[] pkcs8EncodedKey = Base64.getDecoder().decode(APNS_PRIVATE_KEY);
KeyFactory factory = KeyFactory.getInstance("EC");
PrivateKey privateKey = factory.generatePrivate(new PKCS8EncodedKeySpec(pkcs8EncodedKey));