如何在Java中解码PKCS#5加密的PKCS#8私钥
[英]How can I decode a PKCS#5 encrypted PKCS#8 Private Key in Java
问题描述
I have a PKCS#5 encrypted PKCS#8 RSA private key stored in a disk file (originally generated by SSLPlus, circa 1997), for example: 
我有一个存储在磁盘文件中的PKCS#5加密的PKCS#8 RSA私钥(最初由SSLPlus生成,大约在1997年),例如:
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICmDAaBgkqhkiG9w0BBQMwDQQIybM2XFqx4EwCAQUEggJ4MKg/NE+L6NJgbOf4
...
8QnGu4R7lFlweH/VAK8n0L75h3q2g62MKLJqmKLtAILNve4zymnO+LVZ4Js=
-----END ENCRYPTED PRIVATE KEY-----
For which I need to obtain a Java Key object which I can then add along with the matching cert to a KeyStore. 为此,我需要获取一个Java Key对象,然后可以将其与匹配的证书一起添加到KeyStore中。 The private key is encrypted with a 100 byte binary key. 私钥使用100字节的二进制密钥加密。
The creation of a Certificate object was simple, but I can't seem to figure out how to go from the above Base64 encoded PKCS#5 key to the decrypted PKCS#8 RSA private key. 创建Certificate对象很简单,但是我似乎无法弄清楚如何从上述Base64编码的PKCS#5密钥转到解密的PKCS#8 RSA私钥。 At this point I am stymied because the SecretKeyFactory.generateSecret() call fails with: 这时我受阻,因为SecretKeyFactory.generateSecret()调用失败并显示:
InvalidKeySpecException: Password is not ASCII
Now, it's true the password is not ASCII, in the strictest sense of being 0x00 to 0x7F, but the PBEWithMD5AndDES algorithm should accept character values from 0x00 to 0xFF. 现在,从严格意义上讲,密码不是ASCII,从0x00到0x7F,但是PBEWithMD5AndDES算法应该接受从0x00到0xFF的字符值。
Can anyone show me how to get from the Base64 encoded value to a Key object I can add to a keystore? 谁能告诉我如何从Base64编码值转换为可以添加到密钥库的Key对象?
Conclusion 结论
The PBEKey issued with Java accepts a password with ASCII values in the range 0x20<=char<=0x7E only. 用Java发行的PBEKey仅接受ASCII值在0x20 <= char <= 0x7E范围内的密码。 This problem with my non-ASCII password was resolved by making my own BinaryPBEKey which allowed byte values from 0x00 to 0xFF (see below). 我自己的非ASCII密码问题已通过制作自己的BinaryPBEKey(允许字节值从0x00到0xFF)解决(请参见下文)。
The subsequent problem I had was that my PKCS#8 data was not properly encoded (apparently a common mistake with early implementations of SSL), in that the PKCS#1 data needed to be wrapped in an ASN.1 octet string. 我接下来遇到的问题是我的PKCS#8数据未正确编码(这显然是早期SSL实施中的常见错误),因为PKCS#1数据需要包装在ASN.1八位位组字符串中。 I wrote a simple patching routine that will deal with my keys, which are known to be between 512 and 4096 bits in length (see below). 我写了一个简单的补丁程序来处理我的密钥,密钥的长度在512位和4096位之间(请参阅下文)。
Private Key Decoder 私钥解码器
private PrivateKey readPrivateKey(File inpfil) throws IOException, GeneralSecurityException {
String[] pbeb64s; // PBE ASN.1 data base-64 encoded
byte[] pbedta; // PBE ASN.1 data in bytes
EncryptedPrivateKeyInfo pbeinf; // PBE key info
PBEParameterSpec pbeprm; // PBE parameters
Cipher pbecph; // PBE decryption cipher
byte[] pk8dta; // PKCS#8 ASN.1 data in bytes
KeyFactory pk8fac=KeyFactory.getInstance("RSA"); // PKCS#8 key factory for decoding private key from ASN.1 data.
pbeb64s=readDataBlocks(inpfil,"ENCRYPTED PRIVATE KEY");
if(pbeb64s.length!=1) { throw new GeneralSecurityException("The keystore '"+inpfil+"' contains multiple private keys"); }
pbedta=base64.decode(pbeb64s[0]);
log.diagln(" - Read private key data");
pbeinf=new EncryptedPrivateKeyInfo(pbedta);
pbeprm=(PBEParameterSpec)pbeinf.getAlgParameters().getParameterSpec(PBEParameterSpec.class);
pbecph=Cipher.getInstance(pbeinf.getAlgName());
pbecph.init(Cipher.DECRYPT_MODE,pbeDecryptKey,pbeprm);
pk8dta=pbecph.doFinal(pbeinf.getEncryptedData());
log.diagln(" - Private Key: Algorithm= "+pbeinf.getAlgName()+", Iterations: "+pbeprm.getIterationCount()+", Salt: "+Base16.toString(pbeprm.getSalt()));
pk8dta=patchKeyData(inpfil,pk8dta);
return pk8fac.generatePrivate(new PKCS8EncodedKeySpec(pk8dta));
}
BinaryPBEKey BinaryPBEKey
import java.io.*;
import java.security.*;
import java.security.spec.*;
import java.util.*;
import javax.crypto.*;
import javax.crypto.spec.*;
class BinaryPBEKey
extends Object
implements SecretKey
{
private final byte[] key;
/**
* Creates a PBE key from a given binary key.
*
* @param key The key.
*/
BinaryPBEKey(byte[] key) throws InvalidKeySpecException {
if(key==null) { this.key=new byte[0]; }
else { this.key=(byte[])key.clone(); }
Arrays.fill(key,(byte)0);
}
public byte[] getEncoded() {
return (byte[])key.clone();
}
public String getAlgorithm() {
return "PBEWithMD5AndDES";
}
public String getFormat() {
return "RAW";
}
/**
* Calculates a hash code value for the object.
* Objects that are equal will also have the same hashcode.
*/
public int hashCode() {
int ret=0;
for(int xa=1; xa<this.key.length; xa++) { ret+=(this.key[xa]*xa); }
return (ret^=getAlgorithm().toLowerCase().hashCode());
}
public boolean equals(Object obj) {
if(obj==this ) { return true; }
if(obj.getClass()!=getClass()) { return false; }
BinaryPBEKey oth=(BinaryPBEKey)obj;
if(!(oth.getAlgorithm().equalsIgnoreCase(getAlgorithm()))) {
return false;
}
byte[] othkey=oth.getEncoded();
boolean ret =Arrays.equals(key,othkey);
Arrays.fill(othkey,(byte)0);
return ret;
}
public void destroy() {
Arrays.fill(this.key,(byte)0);
}
/**
* Ensure that the password bytes of this key are zeroed out when there are no more references to it.
*/
protected void finalize() throws Throwable {
try { destroy(); } finally { super.finalize(); }
}
PKCS#8 Patching PKCS#8修补
/**
* Patch the private key ASN.1 data to conform to PKCS#8.
* <p>
* The SSLPlus private key is not properly encoded PKCS#8 - the PKCS#1 RSAPrivateKey should have been wrapped
* inside an OctetString, thus:
* <pre>
* SSLPlus Encoding:
* 0 30 627: SEQUENCE {
* 4 02 1: INTEGER 0
* 7 30 13: SEQUENCE {
* 9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
* 20 05 0: NULL
* : }
* 22 30 605: SEQUENCE {
* 26 02 1: INTEGER 0
* 29 02 129: INTEGER
* : 00 CA 72 B8 D1 B8 8E B9 39 C0 92 C1 4C 53 B4 F4
* ...
*
* PKCS#8 Encoding
* 0 30 631: SEQUENCE {
* 4 02 1: INTEGER 0
* 7 30 13: SEQUENCE {
* 9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
* 20 05 0: NULL
* : }
* ==> 22 04 609: OCTET STRING, encapsulates {
* 26 30 605: SEQUENCE {
* 30 02 1: INTEGER 0
* 33 02 129: INTEGER
* : 00 CA 72 B8 D1 B8 8E B9 39 C0 92 C1 4C 53 B4 F4
* ...
* </pre>
*
* Hex Dumps (1K key, space padded for clarity):
* Before : 30 820271 020100300D06092A864886F70D0101010500 30 82025B ... A228
* After : 30 820275 020100300D06092A864886F70D0101010500 04 82025F 30 82025B ... A228
* ^^^^^^ ^^^^^^
* Add 4 for later 0482xxxx Original total + 4 - 22 (equals the key length of 025B+4)
*/
private byte[] patchKeyData(File inpfil, byte[] asndta) throws IOException, GeneralSecurityException { // except it really doesn't throw an exception
ByteArrayOutputStream patdta=new ByteArrayOutputStream();
int orglen=decodeAsnLength(inpfil,asndta,1);
patdta.write(asndta,0,1); // original leader type
patdta.write(encodeAsnLength(inpfil,(orglen+4))); // new total length
patdta.write(asndta,4,(22-4)); // bit between total length an where octet-string wrapper needs to be inserted
patdta.write(0x04); // octet-string type
patdta.write(encodeAsnLength(inpfil,(orglen+4-22))); // octet-string length (key data type+key data length+key data)
patdta.write(asndta,22,asndta.length-22); // private key data
return patdta.toByteArray();
}
private int decodeAsnLength(File inpfil, byte[] asndta, int ofs) throws GeneralSecurityException {
if((asndta[ofs]&0xFF)==0x82) { return (((asndta[ofs+1]&0x000000FF)<< 8)|((asndta[ofs+2]&0x000000FF))); }
else { throw new GeneralSecurityException("The private key in file '"+inpfil+"' is not supported (ID="+Base16.toString(asndta,0,4)+")"); }
}
private byte[] encodeAsnLength(File inpfil, int len) throws GeneralSecurityException {
if(len>=0x0100 && len<=0xFFFF) { return new byte[]{ (byte)0x82,(byte)((len>>>8)&0x000000FF),(byte)len }; }
else { throw new GeneralSecurityException("The new length of "+len+" for patching the private key in file '"+inpfil+"' is out of range"); }
}
2 个解决方案
解决方案1
1 已采纳 2009-05-01 06:41:03
I just dumped your decrypted data into an ASN.1 parser, and it looks like perfectly fine ASN.1 to me: 我只是将解密后的数据转储到ASN.1解析器中,对我来说看起来就象是完美的ASN.1:
0 30 627: SEQUENCE {
4 02 1: INTEGER 0
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
20 05 0: NULL
: }
22 30 605: SEQUENCE {
26 02 1: INTEGER 0
29 02 129: INTEGER
: 00 CA 72 B8 D1 B8 8E B9 39 C0 92 C1 4C 53 B4 F4
: 38 48 3F C3 1C DC 6B BC BE 26 A3 B2 F7 7C 60 A8
: 2C 0D 86 ED FC 2D D2 5C 99 B6 B6 71 A8 6D 2F 51
: 25 FA 9C 42 FE 10 C1 2F 39 EA E8 FF 1A 78 BA 6B
: 64 B8 39 34 3B F4 1C 45 06 C3 B9 98 DC 01 FF 41
: 56 36 4F DD 35 69 A4 27 BB 5F FD DD 5C 73 BA 9A
: 94 5A 4F 37 A9 48 3D 5B 89 EA EE BA 8D 02 6E D7
: 6E D4 6F BC 7D 7A A4 41 4C 4D CA 08 05 20 66 A3
: [ Another 1 bytes skipped ]
161 02 3: INTEGER 65537
166 02 128: INTEGER
: 21 6A E2 7B 2B DD D3 51 67 2A 52 62 09 07 3B B0
: F6 AC 1F C6 E9 D3 96 EA 44 72 8D 1E 31 17 BB 6A
: DA 28 C5 AB F4 DC 5E 90 B9 0A 50 A4 9E B1 4A D1
: DC 16 63 30 91 0F 72 7E 3A FA 8E F1 8D B0 27 FD
: C2 BA B5 F8 FC 7C 46 C0 FD AD A7 39 7C 36 71 7A
: 33 8B AD 0D 0C DA 50 B7 0E BF D8 64 7D 44 BD 64
: 6F E2 51 B7 5E 2D 7B BA 02 DB A6 2F 20 88 66 98
: 85 34 2E EF D4 29 61 23 79 87 27 27 55 15 8D 21
297 02 65: INTEGER
: 00 F9 62 BD 22 4A C8 56 7A C3 17 EB CE CC 5F 42
: E1 40 F5 A5 66 60 32 54 86 67 26 AD 7C 34 C2 FE
: FE 8A F7 7F BE 79 53 5F C9 73 D9 47 8B 0F 89 A1
: 09 F1 27 16 FC F1 4B C3 A9 27 59 29 0D DA 9C AE
: 53
364 02 65: INTEGER
: 00 CF D1 4A 31 50 9A B4 BA 90 42 25 49 54 7C 20
: 54 2E CF E8 F1 35 DA 92 C2 A3 94 9D B7 B1 85 3F
: 13 D0 CA BC 77 D9 8A F3 32 83 59 93 E1 F0 11 1B
: 4C E5 A2 30 50 FE 1F B6 8D A5 B1 44 DA 4D 4B 11
: 09
431 02 64: INTEGER
: 46 53 3A C4 9D D4 0A D7 09 87 08 5F 43 B0 A5 5A
: 82 08 03 81 70 25 21 42 D9 79 C5 B8 5D E4 93 25
: D2 A8 62 A4 A2 F0 08 F5 F5 2E 53 87 7A 75 34 2D
: 6A 8C BC 65 CD E1 B0 A6 55 CB 45 D1 7B 51 6D B3
497 02 65: INTEGER
: 00 81 CC 61 7F 9D AD 92 F5 F7 86 28 CD BD 43 ED
: D9 46 87 BB 21 75 16 78 95 B3 1F EE C6 3D CD 50
: 91 6A D6 45 92 C1 C0 24 97 C7 2C 5A CE 42 68 1C
: DA 11 8F 14 88 71 C0 92 FF B3 9E 9D B7 8F 91 34
: 29
564 02 65: INTEGER
: 00 88 7A 99 AC AA A9 D5 2B 6E E1 87 0A E8 D2 4C
: 04 8E A2 EA 00 3F 8D AF 9F 76 61 86 B0 1D 18 69
: C8 64 22 D4 6B A3 A4 BB 52 B1 AC 38 DB 6B 5C 28
: F0 78 73 3E 37 FD C8 54 72 C7 FD A9 EB C9 F2 45
: 96
: }
: }
Unfortunately it is not a correctly encoded PKCS#8 PrivateKeyInfo. 不幸的是,它不是正确编码的PKCS#8 PrivateKeyInfo。 The Sequence starting at index 22 is a PKCS#1 PKCS1RSAPrivateKey, which should have been wrapped inside an OctetString in order for the structure to be correctly encoded. 从索引22开始的序列是PKCS#1 PKCS1RSAPrivateKey,应该将它包装在OctetString中,以便对结构进行正确编码。
Try this instead: 尝试以下方法:
Parsed: 解析:
0 30 631: SEQUENCE {
4 02 1: INTEGER 0
7 30 13: SEQUENCE {
9 06 9: OBJECT IDENTIFIER rsaEncryption (1 2 840 113549 1 1 1)
20 05 0: NULL
: }
22 04 609: OCTET STRING, encapsulates {
26 30 605: SEQUENCE {
30 02 1: INTEGER 0
33 02 129: INTEGER
: 00 CA 72 B8 D1 B8 8E B9 39 C0 92 C1 4C 53 B4 F4
: 38 48 3F C3 1C DC 6B BC BE 26 A3 B2 F7 7C 60 A8
: 2C 0D 86 ED FC 2D D2 5C 99 B6 B6 71 A8 6D 2F 51
: 25 FA 9C 42 FE 10 C1 2F 39 EA E8 FF 1A 78 BA 6B
: 64 B8 39 34 3B F4 1C 45 06 C3 B9 98 DC 01 FF 41
: 56 36 4F DD 35 69 A4 27 BB 5F FD DD 5C 73 BA 9A
: 94 5A 4F 37 A9 48 3D 5B 89 EA EE BA 8D 02 6E D7
: 6E D4 6F BC 7D 7A A4 41 4C 4D CA 08 05 20 66 A3
: [ Another 1 bytes skipped ]
165 02 3: INTEGER 65537
170 02 128: INTEGER
: 21 6A E2 7B 2B DD D3 51 67 2A 52 62 09 07 3B B0
: F6 AC 1F C6 E9 D3 96 EA 44 72 8D 1E 31 17 BB 6A
: DA 28 C5 AB F4 DC 5E 90 B9 0A 50 A4 9E B1 4A D1
: DC 16 63 30 91 0F 72 7E 3A FA 8E F1 8D B0 27 FD
: C2 BA B5 F8 FC 7C 46 C0 FD AD A7 39 7C 36 71 7A
: 33 8B AD 0D 0C DA 50 B7 0E BF D8 64 7D 44 BD 64
: 6F E2 51 B7 5E 2D 7B BA 02 DB A6 2F 20 88 66 98
: 85 34 2E EF D4 29 61 23 79 87 27 27 55 15 8D 21
301 02 65: INTEGER
: 00 F9 62 BD 22 4A C8 56 7A C3 17 EB CE CC 5F 42
: E1 40 F5 A5 66 60 32 54 86 67 26 AD 7C 34 C2 FE
: FE 8A F7 7F BE 79 53 5F C9 73 D9 47 8B 0F 89 A1
: 09 F1 27 16 FC F1 4B C3 A9 27 59 29 0D DA 9C AE
: 53
368 02 65: INTEGER
: 00 CF D1 4A 31 50 9A B4 BA 90 42 25 49 54 7C 20
: 54 2E CF E8 F1 35 DA 92 C2 A3 94 9D B7 B1 85 3F
: 13 D0 CA BC 77 D9 8A F3 32 83 59 93 E1 F0 11 1B
: 4C E5 A2 30 50 FE 1F B6 8D A5 B1 44 DA 4D 4B 11
: 09
435 02 64: INTEGER
: 46 53 3A C4 9D D4 0A D7 09 87 08 5F 43 B0 A5 5A
: 82 08 03 81 70 25 21 42 D9 79 C5 B8 5D E4 93 25
: D2 A8 62 A4 A2 F0 08 F5 F5 2E 53 87 7A 75 34 2D
: 6A 8C BC 65 CD E1 B0 A6 55 CB 45 D1 7B 51 6D B3
501 02 65: INTEGER
: 00 81 CC 61 7F 9D AD 92 F5 F7 86 28 CD BD 43 ED
: D9 46 87 BB 21 75 16 78 95 B3 1F EE C6 3D CD 50
: 91 6A D6 45 92 C1 C0 24 97 C7 2C 5A CE 42 68 1C
: DA 11 8F 14 88 71 C0 92 FF B3 9E 9D B7 8F 91 34
: 29
568 02 65: INTEGER
: 00 88 7A 99 AC AA A9 D5 2B 6E E1 87 0A E8 D2 4C
: 04 8E A2 EA 00 3F 8D AF 9F 76 61 86 B0 1D 18 69
: C8 64 22 D4 6B A3 A4 BB 52 B1 AC 38 DB 6B 5C 28
: F0 78 73 3E 37 FD C8 54 72 C7 FD A9 EB C9 F2 45
: 96
: }
: }
: }
To fix your files, you can either use an ASN.1-library (but I am not aware of a good one for Java), or do the following: 要修复文件,可以使用ASN.1-library(但我不知道Java很好),或者执行以下操作:
Check that your data starts with 30(*1)020100300D06092A864886F70D010101050030(*2) (*1) and (*2) will be length-encodings in one of the following forms 检查您的数据是否以30(*1)020100300D06092A864886F70D010101050030(*2) (*1)和(*2)将采用以下格式之一进行长度编码
- length<=0x7F:
XX, where XX is the lengthlength <= 0x7F: XX,其中XX是长度 - 0x80<=length<=0xFF:
81XX, where XX is the length0x80 <=长度<= 0xFF: 81XX,其中XX是长度 - 0x0100<=length<=0xFFFF:
82XXXX, where XXXX is the length0x0100 <=长度<= 0xFFFF: 82XXXX,其中XXXX是长度 - 0x010000<=length<=0xFFFFFF:
83XXXXXX, where XXXXXX is the length etc.0x010000 <=长度<= 0xFFFFFF: 83XXXXXX,其中XXXXXX是长度等。
If your keys are all of the same length, you can probably assume that the length-encodings always will be on the form 82XXXX , but the actual lengths will probably vary. 如果密钥的长度都相同,则可以假设长度编码始终采用格式82XXXX ,但实际长度可能会有所不同。
Read the length in (*2) , add the length in bytes of 30(*2) to the number (this is probably 4) and encode the length as above (will most probably be the form 82XXXX ). 读取(*2)的长度,将30(*2)字节的长度添加到数字中(这可能是4),并按上述方式对长度进行编码(最有可能是82XXXX的形式)。 Let us call this length-encoding (*3) . 让我们将此称为长度编码(*3) 。 Insert 04(*3) right before 30(*2) . 在30(*2)之前插入04(*3) 30(*2) 。 Now add the length of 04(*3) (probably also 4) to (*1) and reencode this (can probably still fit in 82XXXX ) and replace (*1) with this. 现在将长度04(*3) (可能也为4)添加到(*1)并重新编码(可能仍然适合82XXXX ),并用(*1)替换。
I hope that was understandable, otherwise I recommend reading A Layman's Guide to a Subset of ASN.1, BER, and DER . 我希望这是可以理解的,否则我建议阅读A Layman的ASN.1,BER和DER子集指南 。
解决方案2
0 2009-05-07 17:33:48
Have you tried opening the key with some of the Bouncy Castle internal classes? 您是否尝试过通过一些Bouncy Castle内部课程来打开钥匙? Maybe by using them directly instead of just defining BC as a crypto provider you can parse that file... 也许直接使用它们,而不只是将BC定义为加密提供程序,您就可以解析该文件...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.