問(wèn)題描述

我正在嘗試使用 Java 中的 BouncyCastle 使用 ECC 算法加密一些內(nèi)容.但是我收到 BouncyCastle 庫(kù)的異常，說(shuō)不能將 JCEECPublicKey 轉(zhuǎn)換為 IESKey.據(jù)我了解， KeyPairGenerator 生成的公鑰是 JCEECPublicKey ，不能在 java Cipher.init 方法中使用.有人可以告訴我如何將它轉(zhuǎn)換為公鑰或 X509 規(guī)范，以便我可以在加密中使用它.

I am trying to encrypt some content using ECC algorithm using BouncyCastle in java. But I am getting exception of BouncyCastle library saying cannot cast JCEECPublicKey to IESKey. Which I understood that the public key generated by KeyPairGenerator is JCEECPublicKey which cannot be used in java Cipher.init method. Can someone tell me how can convert it in Public key or X509 spec so that I can use it in encryption.

這是我嘗試過(guò)的代碼

// add instance of provider class
Security.addProvider(new BouncyCastleProvider());

// initializing parameter specs secp256r1/prime192v1
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");

// key pair generator to generate public and private key
KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());

// initialize key pair generator
generator.initialize(ecSpec);

// Key pair to store public and private key
KeyPair keyPair = generator.generateKeyPair();

Cipher iesCipher = Cipher.getInstance("ECIES", new BouncyCastleProvider());
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());

我也嘗試將公鑰轉(zhuǎn)換為 X509EncodedSpec 但我得到同樣的異常

Also I tried to convert the public key into X509EncodedSpec but I get same exception

X509EncodedKeySpec spec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
KeyFactory factory = KeyFactory.getInstance("ECDH");

PublicKey publicKey = factory.generatePublic(spec);

我得到的例外是

java.lang.ClassCastException: org.bouncycastle.jce.provider.JCEECPublicKey cannot be cast to org.bouncycastle.jce.interfaces.IESKey
    at org.bouncycastle.jce.provider.JCEIESCipher.engineGetKeySize(JCEIESCipher.java:49)
    at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1057)
    at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1015)
    at javax.crypto.Cipher.init(Cipher.java:1229)
    at javax.crypto.Cipher.init(Cipher.java:1173)
    at com.test.EciesTest.main(EciesTest.java:45)

編輯

根據(jù)評(píng)論，我使用的 JDK 版本是 JDK 7 - Oracle我正在使用的導(dǎo)入語(yǔ)句:

Based on comment the JDK version I am using is JDK 7 - Oracle Import statements I am using:

import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

推薦答案

試試以下:

// add instance of provider class
Security.addProvider(new BouncyCastleProvider());

String name = "secp256r1";

// NOTE just "EC" also seems to work here
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(new ECGenParameterSpec(name));

// Key pair to store public and private key
KeyPair keyPair = kpg.generateKeyPair();

Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());

請(qǐng)注意，在嘗試通過(guò) JCE 使用 Bouncy 時(shí)，通常最好保留 JCE 類(lèi)而不是 Bouncy Castle 類(lèi).在這種情況下，問(wèn)題可能是提供給密鑰生成器的參數(shù).

And note that in general it is best to keep to JCE classes instead of Bouncy Castle classes when trying to use Bouncy through the JCE. In this case the problem was probably the parameters given to the key generator.

在上面的代碼中，我使用了 BouncyCastleProvider.PROVIDER_NAME 但只是 "BC" 當(dāng)然同樣可以正常工作.每次都重新實(shí)例化提供者不是一個(gè)好主意，盡管它不應(yīng)該影響最終結(jié)果.

In above code I used BouncyCastleProvider.PROVIDER_NAME but just "BC" would work equally well of course. Re-instantiating the provider each time is not a good idea, although it should not have influenced the end result.

確保您擁有運(yùn)行此代碼的最新系統(tǒng).此代碼已在以下系統(tǒng)上測(cè)試:

Make sure you've got an up to date system to run this code. This code was tested on the following system:

 --- runtime information --- 
Properties:
    java.vendor                : Oracle Corporation
    java.specification.name    : Java Platform API Specification
    java.specification.version : 1.8
    java.runtime.name          : Java(TM) SE Runtime Environment
    java.runtime.version       : 1.8.0_65-b17
    java.vm.name               : Java HotSpot(TM) 64-Bit Server VM
Unlimited crypto: yes
 --- info for provider Bouncy Castle --- 
Bouncy Castle version: 1.520000
Bouncy Castle provider registered: yes

這篇關(guān)于在 Java 中使用 BouncyCastle 使用 ECIES 進(jìn)行加密的文章就介紹到這了，希望我們推薦的答案對(duì)大家有所幫助，也希望大家多多支持html5模板網(wǎng)！