我正在尝试使用ECIES进行加密和解密。这就是我所做的:
服务器端,我需要使用此证书来加密数据。所以我从证书中提取了PublicKey(显示BCECPublicKey格式)。
我无法找到将其转换为ECPublicKey格式的方法,因此在升级到bouncycastle 1.55之后,我可以直接使用BCECPublicKey进行加密。
将私钥转换为ECPrivateKey并将其用于解密,但现在它正在投掷BadPaddingException: Invalid MAC during decryption
我是密码学新手,请帮忙解决这个问题。以下是我正在使用的代码:
byte[] localcert = Base64.decode(
"MIID5TCCAc2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwMzELMAkGA1UEBhMCc2cx" +
"CzAJBgNVBAgMAnNnMRcwFQYDVQQKDA5pbnRlcm1lZGlhdGVDQTAeFw0xNjExMjgw" +
"NDAzMjdaFw0xNzEyMDgwNDAzMjdaMDsxCzAJBgNVBAYTAnNnMQswCQYDVQQIEwJz" +
"ZzELMAkGA1UEBxMCc2cxEjAQBgNVBAoTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG" +
"CCqGSM49AwEHA0IABDuhAyMw6OilNmfWo1v6b8XwU8xbQm0Sy/I9qpdC4+qDToSl" +
"EOe+vw7GiVgONTJz2gwMW+VgoGp49aM5GTPo39ujgcUwgcIwCQYDVR0TBAIwADAR" +
"BglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJh" +
"dGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnbUGm/qaO1JbhY+qVlXw" +
"BewUI/swHwYDVR0jBBgwFoAUPSzKlcBTp0pCQ290SlDLmIQS+/0wDgYDVR0PAQH/" +
"BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0B" +
"AQsFAAOCAgEAJj0J2A3AAcrRw02ZzQsEC4nTyd05krF4oRFo0JODlzNiKaOhQt76" +
"Va427cpVUZwmjb/f1We+AjLJgQiEfnuD7JPSvXHLQTbXNDMgpZ9HXHZoXYfH+2h7" +
"MGvw6Qkj4lC10q9UC14rDSD/ZsR1J0mQCQuOIBRFNOkSPiSUu4zouCD3xv5uZVXR" +
"mimhJ1zgqSYF4LHegJAVwrowMsuaeQXybrIQ+/LJ8HXf8McvPZwtQTuoN/q5zHXz" +
"l+7q4nglyVY+TXPAdwyha0Yq2p0z0jdWm5UpEehmIpXtJghNtcCCRfb48flfZ/B7" +
"JW9VrlcjScOtQfSOrElYgwJ8MlUTzz7oWgbbVp9uNQZeAQQPeOQYLAvSNchPnLiP" +
"ftPuICW2siDeFC42lwYsDYR/9sYs7/gzL79i7bHrdMJ07brXw30hb1r6Vu9a+sHF" +
"D087NxHv33u22+W/2PMLDE89MynTC3H3gWvyzGIky0/kYSpZO/xZuFrg0jIJu0lH" +
"9b7jw1hQM1nDkTO5Gn2wJuaHaiZ22tMr47e4Xlkctal4hAA4Ya1uBXuMuwy0BC8q" +
"nLLxCLBcJJPAyIG2LvIT2vdWIP0Gz84mHKDbOPekHmXIF3bHE4pPeyDIJ+w00UoM" +
"xJdedT5BJarqEpiQtrGn4FBh3fsnHFXyNnNMCIylCvbg0Ij/AsQJCpg=");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate= (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(localcert));
PublicKey publicKey=x509Certificate.getPublicKey();
byte[] pkey=Base64.decode("MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49" +
"AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/" +
"DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==");
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("prime256v1");
KeyFactory kf = KeyFactory.getInstance("ECDSA", new BouncyCastleProvider());
ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(new BigInteger(1, pkey), spec);
ECPrivateKey privkey= (ECPrivateKey) kf.generatePrivate(ecPrivateKeySpec);
String name = "prime256v1";
// generate derivation and encoding vectors
byte[] d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
byte[] e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
IESParameterSpec param = new IESParameterSpec(d, e, 256);
Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
//Encrypt
iesCipher.init(Cipher.ENCRYPT_MODE, publicKey, param);
byte[] enc= iesCipher.doFinal("TestECIES".getBytes());
System.out.println(new String(enc));
//Decrypt
iesCipher.init(Cipher.DECRYPT_MODE, privkey, param);
byte[] decry=iesCipher.doFinal(enc);
System.out.println(new String(decry));
答案 0 :(得分:0)
所以我终于解决了它。由openssl创建的ECC PrivateKey采用以下格式:
-----BEGIN EC PARAMETERS-----
BggqhkjOPQMBBw==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49
AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/
DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==
-----END EC PRIVATE KEY-----
所以我使用命令将其转换为PKCS8格式:
openssl pkcs8 -topk8 -nocrypt -in localhost.pem -out localhostpkcs8.pem
并使用以下代码在Java中加载:
Security.addProvider(new BouncyCastleProvider());
KeyFactory kf = KeyFactory.getInstance("EC","BC");
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(Base64.decode(localhostpkcs8.getBytes()));
PrivateKey privateKey=kf.generatePrivate(privateKeySpec);
一切都很完美。