[英]InvalidAlgorithmParameterException When Loading Encrypted Private Key With Bouncycastle
I'm trying to read an encrypted DSA private key file with Bouncycastle using this code:我正在尝试使用以下代码使用 Bouncycastle 读取加密的 DSA 私钥文件:
Security.addProvider(new BouncyCastleProvider());
...
public PrivateKey loadKey(String fileName, String password) {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(new FileInputStream(fileName), StandardCharsets.UTF_8))) {
PKCS8EncryptedPrivateKeyInfo encryptedKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();
InputDecryptorProvider decryptorProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
PrivateKeyInfo keyInfo = encryptedKeyInfo.decryptPrivateKeyInfo(decryptorProvider);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
return converter.getPrivateKey(keyInfo);
} catch (Exception e) {
e.printStackTrace();
}
}
But the method encryptedKeyInfo.decryptPrivateKeyInfo
fails with the following exception:但是
encryptedKeyInfo.decryptPrivateKeyInfo
方法失败,出现以下异常:
org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.3 not available: requires PBE parameters
at com.psc.bouncycastle@1.57.0//org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
at com.my.app.MyClass.loadKey(MyClass.java:96)
... 182 more
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.3 not available: requires PBE parameters
at com.psc.bouncycastle@1.57.0//org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
... 184 more
Caused by: java.security.InvalidKeyException: requires PBE parameters
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:187)
at java.base/javax.crypto.Cipher.implInit(Cipher.java:839)
at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:901)
at java.base/javax.crypto.Cipher.init(Cipher.java:1286)
at java.base/javax.crypto.Cipher.init(Cipher.java:1223)
... 185 more
Caused by: java.security.InvalidAlgorithmParameterException: Parameters missing
at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:214)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:221)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:185)
... 189 more
The code seems to work on Java 8, but fails on Java 11. Any ideas?该代码似乎在 Java 8 上运行,但在 Java 11 上运行失败。有什么想法吗?
I had the same error when I was using incorrect Bouncy Castle Security Provider :我在使用不正确的Bouncy Castle 安全提供程序时遇到了同样的错误:
Security.getProvider("BC"); //or Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
Returned a Bouncy Castle Security Provider that was registered by a JDBC driver ( jdbc.internal.org.bouncycastle.jcajce.provider ) and was containing 2727 parameters .返回由 JDBC 驱动程序 ( jdbc.internal.org.bouncycastle.jcajce.provider ) 注册并包含2727 个参数的 Bouncy Castle 安全提供程序。
But when I removed existing, mentioned Provider and registered a new one, provided by bcprov library ( org.bouncycastle.jcajce.provider ).但是,当我删除现有的、提到的 Provider 并注册一个由bcprov库 ( org.bouncycastle.jcajce.provider ) 提供的新 Provider 时。
I got a Bouncy Castle Provider containing proper 2944 parameters and it started working without the error:我得到了一个包含正确2944参数的 Bouncy Castle Provider,它开始工作时没有出现错误:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
Security.removeProvider("BC");
Security.addProvider(new BouncyCastleProvider());
To sum up : Please compare your Bouncy Castle providers for both Java versions and make sure you're using a correct one.总结一下:请比较 Java 两个版本的 Bouncy Castle 供应商,并确保您使用的是正确的供应商。
Dependencies from my pom file:我的 pom 文件中的依赖项:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.70</version>
</dependency>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.