ECIES加密/解密Java

时间:2016-11-30 05:21:32

标签: java x509certificate bouncycastle ecdsa ecies

我正在尝试使用ECIES进行加密和解密。这就是我所做的:

  1. 生成的ECC密钥对
  2. 生成CSR
  3. 生成的X509证书,由中间CA签名
  4. 服务器端,我需要使用此证书来加密数据。所以我从证书中提取了PublicKey(显示BCECPublicKey格式)。

    我无法找到将其转换为ECPublicKey格式的方法,因此在升级到bouncycastle 1.55之后,我可以直接使用BCECPublicKey进行加密。

  5. 将私钥转换为ECPrivateKey并将其用于解密,但现在它正在投掷BadPaddingException: Invalid MAC during decryption

  6. 我是密码学新手,请帮忙解决这个问题。以下是我正在使用的代码:

    byte[] localcert = Base64.decode(
                "MIID5TCCAc2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwMzELMAkGA1UEBhMCc2cx" +
                        "CzAJBgNVBAgMAnNnMRcwFQYDVQQKDA5pbnRlcm1lZGlhdGVDQTAeFw0xNjExMjgw" +
                        "NDAzMjdaFw0xNzEyMDgwNDAzMjdaMDsxCzAJBgNVBAYTAnNnMQswCQYDVQQIEwJz" +
                        "ZzELMAkGA1UEBxMCc2cxEjAQBgNVBAoTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG" +
                        "CCqGSM49AwEHA0IABDuhAyMw6OilNmfWo1v6b8XwU8xbQm0Sy/I9qpdC4+qDToSl" +
                        "EOe+vw7GiVgONTJz2gwMW+VgoGp49aM5GTPo39ujgcUwgcIwCQYDVR0TBAIwADAR" +
                        "BglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJh" +
                        "dGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnbUGm/qaO1JbhY+qVlXw" +
                        "BewUI/swHwYDVR0jBBgwFoAUPSzKlcBTp0pCQ290SlDLmIQS+/0wDgYDVR0PAQH/" +
                        "BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0B" +
                        "AQsFAAOCAgEAJj0J2A3AAcrRw02ZzQsEC4nTyd05krF4oRFo0JODlzNiKaOhQt76" +
                        "Va427cpVUZwmjb/f1We+AjLJgQiEfnuD7JPSvXHLQTbXNDMgpZ9HXHZoXYfH+2h7" +
                        "MGvw6Qkj4lC10q9UC14rDSD/ZsR1J0mQCQuOIBRFNOkSPiSUu4zouCD3xv5uZVXR" +
                        "mimhJ1zgqSYF4LHegJAVwrowMsuaeQXybrIQ+/LJ8HXf8McvPZwtQTuoN/q5zHXz" +
                        "l+7q4nglyVY+TXPAdwyha0Yq2p0z0jdWm5UpEehmIpXtJghNtcCCRfb48flfZ/B7" +
                        "JW9VrlcjScOtQfSOrElYgwJ8MlUTzz7oWgbbVp9uNQZeAQQPeOQYLAvSNchPnLiP" +
                        "ftPuICW2siDeFC42lwYsDYR/9sYs7/gzL79i7bHrdMJ07brXw30hb1r6Vu9a+sHF" +
                        "D087NxHv33u22+W/2PMLDE89MynTC3H3gWvyzGIky0/kYSpZO/xZuFrg0jIJu0lH" +
                        "9b7jw1hQM1nDkTO5Gn2wJuaHaiZ22tMr47e4Xlkctal4hAA4Ya1uBXuMuwy0BC8q" +
                        "nLLxCLBcJJPAyIG2LvIT2vdWIP0Gz84mHKDbOPekHmXIF3bHE4pPeyDIJ+w00UoM" +
                        "xJdedT5BJarqEpiQtrGn4FBh3fsnHFXyNnNMCIylCvbg0Ij/AsQJCpg=");
    
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate x509Certificate= (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(localcert));
        PublicKey publicKey=x509Certificate.getPublicKey();
    
        byte[] pkey=Base64.decode("MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49" +
                "AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/" +
                "DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==");
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("prime256v1");
        KeyFactory kf = KeyFactory.getInstance("ECDSA", new BouncyCastleProvider());
        ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(new BigInteger(1, pkey), spec);
        ECPrivateKey privkey= (ECPrivateKey) kf.generatePrivate(ecPrivateKeySpec);
    
        String name = "prime256v1";
    
        //  generate derivation and encoding vectors
        byte[]  d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
        byte[]  e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
        IESParameterSpec param = new IESParameterSpec(d, e, 256);
    
        Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
        //Encrypt
        iesCipher.init(Cipher.ENCRYPT_MODE, publicKey, param);
        byte[] enc= iesCipher.doFinal("TestECIES".getBytes());
        System.out.println(new String(enc));
        //Decrypt
        iesCipher.init(Cipher.DECRYPT_MODE, privkey, param);
        byte[] decry=iesCipher.doFinal(enc);
        System.out.println(new String(decry));
    

1 个答案:

答案 0 :(得分:0)

所以我终于解决了它。由openssl创建的ECC PrivateKey采用以下格式:

-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49
AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/
DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==
-----END EC PRIVATE KEY-----

所以我使用命令将其转换为PKCS8格式:

openssl pkcs8 -topk8 -nocrypt -in localhost.pem -out localhostpkcs8.pem

并使用以下代码在Java中加载:

    Security.addProvider(new BouncyCastleProvider());
    KeyFactory kf = KeyFactory.getInstance("EC","BC");
    PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(localhostpkcs8.getBytes()));
    PrivateKey privateKey=kf.generatePrivate(privateKeySpec);

一切都很完美。