[英]Problem with encrypt/decrypting files using aes256gcm algorithm in envelopedCms. What are mine options?
I'm trying to replicate example from Java in c# with partial success我正在尝试在 c# 中从 Java 复制示例并取得部分成功
CMSEnvelopedDataStreamGenerator gen = new CMSEnvelopedDataStreamGenerator();
// NOTE: Uses the RECEIVER's PUBLIC encryption key
gen.addRecipientInfoGenerator(new JceKeyTransRecipientInfoGenerator(remoteEncryptionCert, rsaesOaepIdentifier()));
OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES256_GCM).setProvider(BC).build();
try (FileOutputStream fileStream = new FileOutputStream(OUTPUT_FILE); OutputStream encryptingOutputStream = gen.open(fileStream, encryptor)) {
//
// write file
//
encryptingOutputStream.flush();
}
I've tried so far到目前为止我已经尝试过
Using System.Security.Cryptography.Pkcs使用 System.Security.Cryptography.Pkcs
public byte[] Encrypt(byte[] plainBytes, X509Certificate2 recipientCert)
{
// create ContentInfo
ContentInfo plainContent = new ContentInfo(plainBytes);
// EnvelopedCms represents encrypted data
Oid encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.46"); // AES-256-GCM,
//Oid encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.42"); // AES-256-CBC
EnvelopedCms encryptedData = new EnvelopedCms(plainContent, new AlgorithmIdentifier(encryptAlgoOid));
// add a recipient
CmsRecipient recipient = new CmsRecipient(recipientCert);
// encrypt data with public key of recipient
encryptedData.Encrypt(recipient); //Throws "Unknown cryptographic algorithm."
// create PKCS #7 byte array
byte[] encryptedBytes = encryptedData.Encode();
// return encrypted data
return encryptedBytes;
}
error stack trace错误堆栈跟踪
Unknown cryptographic algorithm.
at Internal.Cryptography.Pal.Windows.PkcsPalWindows.EncodeHelpers.CreateCryptMsgHandleToEncode(CmsRecipientCollection recipients, Oid innerContentType, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
at Internal.Cryptography.Pal.Windows.PkcsPalWindows.Encrypt(CmsRecipientCollection recipients, ContentInfo contentInfo, AlgorithmIdentifier contentEncryptionAlgorithm, X509Certificate2Collection originatorCerts, CryptographicAttributeObjectCollection unprotectedAttributes)
at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipientCollection recipients)
at System.Security.Cryptography.Pkcs.EnvelopedCms.Encrypt(CmsRecipient recipient)
at ConsoleApp1.Program.Encrypt() in Program.cs:line 91
Using Org.BouncyCastle.Cms使用 Org.BouncyCastle.Cms
public byte[] Encrypt(X509Certificate2 recipientCert)
{
// file stream
FileStream fileEncrypted = new FileStream(pathToFile)
CmsEnvelopedDataStreamGenerator gen = new CmsEnvelopedDataStreamGenerator();
gen.AddKeyTransRecipient(recipientCert);
var outEncryptedStream = gen.Open(fileEncrypted, "2.16.840.1.101.3.4.1.46");
// Throws "KeyGenerator 2.16.840.1.101.3.4.1.46 not recognised." CmsEnvelopedDataGenerator doesn't
// have named constant for aes256gcm
return outEncryptedStream
}
error stack trace错误堆栈跟踪
KeyGenerator 2.16.840.1.101.3.4.1.46 not recognised.
at Org.BouncyCastle.Security.GeneratorUtilities.GetKeyGenerator(String algorithm)
at Org.BouncyCastle.Cms.CmsEnvelopedDataStreamGenerator.Open(Stream outStream, String encryptionOid)
at ConsoleApp1.Program.Encrypt() in Program.cs:line 128
I have to make it work in a way so i can encrypt files with c# code and decrypt with java and vice versa.我必须让它以某种方式工作,以便我可以使用 c# 代码加密文件并使用 java 解密,反之亦然。
What i noticed that i if i encrypt file in c# using Aes256CBC i can decrypt it in java, hows that possible?我注意到,如果我使用 Aes256CBC 在 C# 中加密文件,我可以在 Java 中解密它,这怎么可能? Does that mean that i implemented encryption wrong?
这是否意味着我实施了错误的加密?
So what are mine options to make this work?那么我有哪些选择可以使这项工作发挥作用?
I'm sorry, as per https://github.com/bcgit/bc-csharp/blob/5bd4c8c70f80f1e7ead8e3c73459b78eb93d0ef7/crypto/src/security/GeneratorUtilities.cs it seems to be that AES-256-GCM mode is not available even in actual C# Bouncy Castle:对不起,根据https://github.com/bcgit/bc-csharp/blob/5bd4c8c70f80f1e7ead8e3c73459b78eb93d0ef7/crypto/src/security/GeneratorUtilities.cs似乎 AES-256-GCM 模式甚至不可用实际的 C# 充气城堡:
static GeneratorUtilities()
...
AddKgAlgorithm("AES256",
"2.16.840.1.101.3.4.42",
NistObjectIdentifiers.IdAes256Cbc,
NistObjectIdentifiers.IdAes256Cfb,
NistObjectIdentifiers.IdAes256Ecb,
NistObjectIdentifiers.IdAes256Ofb,
NistObjectIdentifiers.IdAes256Wrap);
...
根据Michael Fehr 的评论,AES-256-GCM 模块在 C# Bouncy Castle 中不可用,因此我们制作了 Java Api 并从我们的代码库中调用
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.