[英]RSA algorithm PKCS #1.5 padding (not OEAP) password encryption with client certificate public key in Java
I am new to RSA algorithm and cryptography in Java. 我是Java的RSA算法和加密技术的新手。 I have a client certificate provided by the 3rd party organization which is in .cer
format. 我有第三方组织提供的.cer
格式的客户证书。 Now I need to encrypt my password with the public portion of the password key certificate, using the RSA algorithm and PKCS #1.5 padding - so not OAEP - in Java. 现在,我需要使用Java中的RSA算法和PKCS#1.5填充(而不是OAEP),使用密码密钥证书的公共部分来加密密码。
Could you check if the following does perform the above? 您能否检查以下各项是否能够执行上述操作?
Security.addProvider(neworg.bouncycastle.jce.provider.BouncyCastleProvider());
byte[] input = "Abc123".getBytes();
Cipher cipher = Cipher.getInstance("RSA/None/PKCS1Padding", "BC");
FileInputStream fin = new FileInputStream(new File("/test.cer"));
CertificateFactory f = CertificateFactory.getInstance("X.509");
X509Certificate certificate = (X509Certificate)f.generateCertificate(fin);
PublicKey pk = certificate.getPublicKey();
cipher.init(Cipher.ENCRYPT_MODE, pk, new SecureRandom());
byte[] cipherText = cipher.doFinal(input);
Yes, the code you provided looks OK. 是的,您提供的代码看起来不错。
Note that if you replace "RSA/None/PKCS1Padding"
with "RSA/ECB/PKCS1Padding"
that you could rely on the default Sun provider instead. 请注意,如果将"RSA/None/PKCS1Padding"
替换为"RSA/ECB/PKCS1Padding"
,则可以依靠默认的Sun提供程序。
It is important to note that your code generates a "plain" signature; 重要的是要注意,您的代码会生成“普通”签名。 it doesn't include your data or certificate. 它不包含您的数据或证书。 Generally it is better to create a CMS Signed Data structure, which can for instance include the "leaf" certificate that you used to create the signature. 通常,最好创建CMS签名数据结构,例如,该结构可以包含用于创建签名的“叶”证书。
CMS is a so called cryptographic container format , which can hold structures such as the data, signature and additional information on the signature algorithm, certificates, signer etc. CMS是一种所谓的密码容器格式 ,可以保存诸如数据,签名以及有关签名算法,证书,签名者等附加信息的结构。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.