我有以下代码来读取PKCS#8格式的私钥
public void encryptHash(String hashToEncrypt, String pathOfKey, String Algorithm) {
FileInputStream fis = null;
byte[] encodedKey = null;
try {
File f = new File(pathOfKey);
encodedKey = new byte[(int)f.length()];
fis = new FileInputStream(f);
fis.read(encodedKey);
fis.close();
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));
Signature rsaSigner = Signature.getInstance("SHA1withRSA");
rsaSigner.initSign(privateKey);
fis = new FileInputStream(hashToEncrypt);
BufferedInputStream bis = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len = 0;
while ((len = bis.read(buffer)) >= 0) {
try {
rsaSigner.update(buffer, 0, len);
} catch (SignatureException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
}
}
bis.close();
byte[] signature = rsaSigner.sign();
System.out.println(new String(signature));
} catch (SignatureException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (InvalidKeyException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (InvalidKeySpecException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (FileNotFoundException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (IOException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} catch (NoSuchAlgorithmException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
} finally {
try {
fis.close();
} catch (IOException ex) {
Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
}
}
}
但我得到以下例外。
dic 09, 2011 1:59:59 PM firmaelectronica.DataEncryptor encryptHash
Grave: null
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
at firmaelectronica.DataEncryptor.encryptHash(DataEncryptor.java:40)
at firmaelectronica.FirmaElectronica.main(FirmaElectronica.java:39)
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:361)
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:367)
at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
... 3 more
任何想法有什么不对?我在OpenSSL openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem上尝试了这个并且它可以工作,但是当我想读取DER格式的密钥时,它只发送该异常。
答案 0 :(得分:5)
最后看看这个帖子Encrypting with RSA private key in Java找到了答案。
首先,我必须取消保护密钥,如下所示
openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -out myPEMPrivate.key
它问了我的密码然后我有了 myPEMPrivate.key 这个文件一旦完成,就继续删除保护密钥的密码,如下所示
openssl pkcs8 -topk8 -nocrypt -in myPEMPrivate.key -outform DER -out myNotAnyMoreProtectedPrivate.key
有了这个,我现在能够使用上面的代码加载密钥。如果我们想在java中使用通过传递保护的密钥,则建议使用密钥库。
P.S。我试图避免使用openssl pkcs8 -topk8 -nocrypt -inform der -in myDERPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key删除保护密钥的密码的两个步骤,但我不知道为什么我有错误错误解密密钥我使用WinOpenSSL可能是&我得到那个错误的原因。
答案 1 :(得分:0)
使用此:
-passin arg
输入文件密码来源。有关arg格式的更多信息,请参阅openssl(1)中的PASS PHRASE ARGUMENTS部分。
命令应如下所示:
openssl pkcs8 -inform DER -in myderPassProtectedPrivate.key -outform PEM -passin pass:12345678a -out myPEMPrivate.key