問題描述

我正在嘗試使用 RSA 私鑰加密某些內(nèi)容.

I'm trying to encrypt some content with an RSA private key.

我正在關(guān)注這個(gè)例子:http://www.junkheap.net/content/public_key_encryption_java

但將其轉(zhuǎn)換為使用私鑰而不是公鑰.按照那個(gè)例子，我認(rèn)為我需要做的是:

I'm following this example: http://www.junkheap.net/content/public_key_encryption_java

but converting it to use private keys rather than public. Following that example, I think what I need to do is:

• 讀取 DER 格式的私鑰
• 生成 PCKS8EncodedKeySpec
• 從 KeyFactory 調(diào)用 generatePrivate() 以獲取私鑰對象
• 使用該私鑰對象和 Cipher 對象進(jìn)行加密

那么，步驟:

密鑰是從 openssl 生成的:

The key was generated from openssl with:

openssl genrsa -aes256 -out private.pem 2048

然后轉(zhuǎn)換為DER格式:

and then was converted to DER format with:

openssl rsa -in private.pem -outform DER -out private.der

我使用以下方法生成 PKCS8EncodedKeySpec:

I generate the PKCS8EncodedKeySpec with:

byte[] encodedKey = new byte[(int)inputKeyFile.length()];

try {
    new FileInputStream(inputKeyFile).read(encodedKey);
} catch (FileNotFoundException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (IOException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedKey);
return privateKeySpec;

然后生成私鑰對象:

PrivateKey pk = null;

try {
    KeyFactory kf = KeyFactory.getInstance(RSA_METHOD);
    pk = kf.generatePrivate(privateKeySpec);
} catch (NoSuchAlgorithmException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (InvalidKeySpecException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}
return pk;

但是，在調(diào)用時(shí):

pk = kf.generatePrivate(privateKeySpec);

我明白了:

java.security.spec.InvalidKeySpecException: Unknown key spec.
at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA12275)
at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA12275)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)

問題:

• 一般方法是否正確?
• PCKS8EncodedKeySpec 是否正確使用?
• 對無效密鑰規(guī)范錯誤有何想法?

推薦答案

首先，我很困惑為什么您打算使用 Cipher 來使用私鑰進(jìn)行加密，而不是簽名帶有簽名.我不確定所有 RSA Cipher 提供程序是否會使用正確的塊類型進(jìn)行設(shè)置，但值得一試.

First of all, I'm confused why you are planning to use a Cipher to encrypt with a private key, rather than signing with a Signature. I'm not sure that all RSA Cipher providers will use the correct block type for setup, but it's worth a try.

盡管如此，我認(rèn)為您正在嘗試加載非標(biāo)準(zhǔn) OpenSSL 格式的密鑰.使用 rsa 將其轉(zhuǎn)換為 DER 本質(zhì)上只是一個(gè) base-64 解碼；密鑰的結(jié)構(gòu)不是 PKCS #8.

Setting that aside, though, I think that you are trying to load a non-standard OpenSSL-format key. Converting it to DER with rsa is essentially just a base-64 decode; the structure of the key is not PKCS #8.

改為在 genrsa 之后，使用 openssl pkcs8 命令將生成的密鑰轉(zhuǎn)換為未加密的 PKCS #8，DER 格式:

Instead, after genrsa, use the openssl pkcs8 command to convert the generated key to unencrypted PKCS #8, DER format:

openssl pkcs8 -topk8 -nocrypt -in private.pem -outform der -out private.der

這將生成一個(gè)未加密的私鑰，可以使用 PKCS8EncodedKeySpec 加載.

This will produce an unencrypted private key that can be loaded with a PKCS8EncodedKeySpec.

這篇關(guān)于在 Java 中使用 RSA 私鑰進(jìn)行加密的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網(wǎng)！