使用pkcs11 usb令牌解密pdf时出现Itextpdf错误

时间:2017-04-19 12:28:57

标签: java security encryption certificate itext

我正在使用iTextpdf来解密用证书加密的PDF。

解密时发生以下异常。

com.itextpdf.text.exceptions.InvalidPdfException: exception unwrapping key: key invalid: unknown key type passed to RSA

以下是我的代码段

    public void decryptPdf(String src, String dest)
        throws IOException, DocumentException, GeneralSecurityException,CMSException {
        try{
//        decrypt(getPrivateKey(), DESTINATION_FILE, DECRYPTED_FILE);
        PdfReader reader = new PdfReader(src,
            getPublicCertificate("C:\\Users\\USER\\Documents\\NetBeansProjects\\test\\src\\lk_encb64.cer"), getPrivateKey(), "BC");
        PdfStamper stamper = new PdfStamper(reader, new FileOutputStream(dest));
        stamper.close();
        reader.close();
        }catch(Exception ex){
            System.out.println(ex);
        }
    }

方法getPrivateKey()从PKCS11-eTocken返回我的私钥

public PrivateKey getPrivateKey() throws GeneralSecurityException, IOException {

        LoggerFactory.getInstance().setLogger(new SysoLogger());

    Properties properties = new Properties();
    properties.load(new FileInputStream("D:/key.properties"));
        char[] pass = properties.getProperty("PASSWORD").toCharArray();

    String config = "name=eToken\n" +
                "library=" + DLL + "\n";
    ByteArrayInputStream bais = new ByteArrayInputStream(config.getBytes());
    Provider providerPKCS11 = new SunPKCS11(bais);
        Security.addProvider(providerPKCS11);
        System.out.println(providerPKCS11.getName());

    BouncyCastleProvider providerBC = new BouncyCastleProvider();
    Security.addProvider(providerBC);

        KeyStore ks = KeyStore.getInstance("PKCS11");
        ks.load(null, pass);
        String alias = (String)ks.aliases().nextElement();

        java.util.Enumeration<String> aliases = ks.aliases();


        alias = aliases.nextElement();

        System.out.println("testing key....");
        System.out.println(alias);
        PrivateKey pk = (PrivateKey)ks.getKey(alias, pass);
        System.out.println(pk);
        return pk;
    }

方法getPublicCertificate()如下

public Certificate getPublicCertificate(String path)
        throws IOException, CertificateException {
        System.out.println(path);
        FileInputStream is = new FileInputStream("C:\\Users\\USER\\Documents\\NetBeansProjects\\test\\src\\lk_encb64.cer");
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
        return cert;
    }

我使用了以下jar版本

itext 5.5.10

bcprov jdk15 on 1.49

bcpkix jdk15 on 1.49

1 个答案:

答案 0 :(得分:0)

我按照@mkl

的建议,用提供商名称“SunPKCS11-eToken”而不是“BC”更改了代码 
PdfReader reader = new PdfReader(src, getPublicCertificate("C:\\Users\\USER\\Documents\\NetBeansPr‌​ojects\\test\\src\\l‌​k_encb64.cer"), getPrivateKey(), "SunPKCS11-eToken");

并使用了itext 5.2.1和bc 1.46版本(decryption/encryption using BC 1.46 an iText 5.2.1 is working fine)罐子,现在解密工作正常。

相关问题
最新问题