BouncyCastle没有找到它提供的算法?
[英]BouncyCastle does not find algorithms that it provides?
问题描述
I'm playing around with BouncyCastle 1.46 To my surprise, the catch-block in the snippet below is tripped quite often. 
我正在玩BouncyCastle 1.46令我惊讶的是,下面片段中的陷阱经常被绊倒。
Security.addProvider(new BouncyCastleProvider());
final Set<String> found = new HashSet<String>();
final Set<String> missing = new HashSet<String>();
final DefaultSignatureAlgorithmIdentifierFinder finder = new DefaultSignatureAlgorithmIdentifierFinder();
for (Service service : new BouncyCastleProvider().getServices()) {
if ("Signature".equals(service.getType())) {
final String algorithm = service.getAlgorithm();
try {
finder.find(algorithm);
found.add(algorithm);
} catch (IllegalArgumentException ex) {
missing.add(algorithm);
}
}
}
System.out.println("Found: " + found);
System.out.println("Missing: " + missing);
I appear to be unable to use most of the algorithms through the Finder, even though Services exist that provide those algorithms. 我似乎无法通过Finder使用大多数算法,即使存在提供这些算法的服务。 What am I doing wrong? 我究竟做错了什么?
Update I've changed the code a little to illustrate the issue better. 更新我稍微更改了代码以更好地说明问题。 What might be of interest is that I am using the JDK1.5 version of BouncyCastle. 可能感兴趣的是我使用的是BouncyCastle的JDK1.5版本。 The code above gives this output: 上面的代码给出了这个输出:
Found: [RIPEMD256WithRSAEncryption, MD5WithRSAEncryption, MD2WithRSAEncryption, SHA384WithRSAEncryption, SHA224WITHECDSA, SHA384WITHDSA, SHA256WITHDSA, SHA512WithRSAEncryption, SHA512WITHDSA, RIPEMD160WithRSAEncryption, SHA224WithRSAEncryption, SHA256WITHECDSA, RIPEMD128WithRSAEncryption, SHA384WITHECDSA, SHA256WithRSAEncryption, SHA512WITHECDSA, SHA1WithRSAEncryption, SHA224WITHDSA] 实测值:[RIPEMD256WithRSAEncryption,MD5WithRSAEncryption,MD2WithRSAEncryption,SHA384WithRSAEncryption,SHA224WITHECDSA,SHA384WITHDSA,SHA256WITHDSA,SHA512WithRSAEncryption,SHA512WITHDSA,RIPEMD160WithRSAEncryption,SHA224WithRSAEncryption,SHA256WITHECDSA,RIPEMD128WithRSAEncryption,SHA384WITHECDSA,SHA256WithRSAEncryption,SHA512WITHECDSA,SHA1WithRSAEncryption,SHA224WITHDSA]
Missing: [SHA1WITHECNR, NONEwithECDSA, ECDSA, SHA512withRSA/PSS, RIPEMD160WITHECDSA, RSA, GOST3410, SHA256WITHECNR, MD5withRSA/ISO9796-2, SHA1WITHCVC-ECDSA, SHA384withRSA/PSS, SHA1withRSA/PSS, MD4WithRSAEncryption, RSASSA-PSS, SHA512WITHECNR, SHA256WITHCVC-ECDSA, SHA1withRSA/ISO9796-2, SHA224withRSA/PSS, SHA224WITHCVC-ECDSA, RAWRSASSA-PSS, SHA256withRSA/PSS, NONEWITHDSA, SHA384WITHECNR, RIPEMD160withRSA/ISO9796-2, DSA, ECGOST3410, SHA224WITHECNR, 1.2.840.113549.1.1.10] 缺失:[SHA1WITHECNR,NONEwithECDSA,ECDSA,SHA512withRSA / PSS,RIPEMD160WITHECDSA,RSA,GOST3410,SHA256WITHECNR,MD5withRSA / ISO9796-2,SHA1WITHCVC-ECDSA,SHA384withRSA / PSS,SHA1withRSA / PSS,MD4WithRSAEncryption,RSASSA-PSS,SHA512WITHECNR,SHA256WITHCVC-ECDSA ,SHA1withRSA / ISO9796-2,SHA224withRSA / PSS,SHA224WITHCVC-ECDSA,RAWRSASSA-PSS,SHA256withRSA / PSS,NONEWITHDSA,SHA384WITHECNR,RIPEMD160withRSA / ISO9796-2,DSA,ECGOST3410,SHA224WITHECNR,1.2.840.113549.1.1.10]
4 个解决方案
解决方案1
5 已采纳 2012-01-08 16:37:14
I think that DefaultSignatureAlgorithmIdentifierFinder is part of the bcmail API. 我认为DefaultSignatureAlgorithmIdentifierFinder是bcmail API的一部分。 It returns algorithm identifiers recognized by this API. 它返回此API识别的算法标识符。 (Check Cryptographic Message Syntax ) On the other hand the bouncy caste provider provides more algorithms. (检查加密消息语法 )另一方面,弹性种姓提供者提供更多算法。 You may check the source of DefaultSignatureAlgorithmIdentifierFinder where the recognized algorithms are hardcoded: 您可以检查DefaultSignatureAlgorithmIdentifierFinder的源代码,其中识别的算法是硬编码的:
algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
Cheers! 干杯!
解决方案2
3 2012-01-08 15:07:18
Did you add BouncyCastle to the security providers? 您是否将BouncyCastle添加到安全提供商? You can do that with this line: 你可以用这一行做到这一点:
Security.addProvider(new BouncyCastleProvider());
解决方案3
1 2013-07-01 09:23:50
You can add Bouncy Castle to security providers on Your java platform in two steps: 您可以通过两个步骤将Bouncy Castle添加到Java平台上的安全提供程序:
1. Copy BC librarys (currently bcpkix-jdk15on-149.jar, bcprov-jdk15on-149.jar) to directory $JAVA_HOME/jre/lib/ext/ 1.将BC库(目前为bcpkix-jdk15on-149.jar,bcprov-jdk15on-149.jar)复制到目录$ JAVA_HOME / jre / lib / ext /
2. Register BC provider: edit file $JAVA_HOME/jre/lib/security/java.security and under line 2.注册BC提供者:编辑文件$ JAVA_HOME / jre / lib / security / java.security并在线下
security.provider.1=sun.security.provider.Sun
add Your BC provider 添加您的BC提供商
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
Change numbers of rest providers. 更改其他提供者的数量。 The whole block of providers should be similar to: 整个提供商块应类似于:
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
解决方案4
1 2015-10-22 12:56:42
This answer is not directly related to BouncyCastle. 这个答案与BouncyCastle没有直接关系。 But, I thought this would be useful for others: 但是,我认为这对其他人有用:
In my case, I was using SpongyCastle. 就我而言,我使用的是SpongyCastle。 I got a similar problem: org.ehp: cannot create signer: Provider SC does not provide SHA256WITHRSA at org.ehaaa(SourceFile:101) 我遇到了类似的问题:org.ehp:无法创建签名者:Provider SC在org.ehaaa上没有提供SHA256WITHRSA(SourceFile:101)
It turned out that proguard was removing some of the required classes. 事实证明,proguard正在删除一些必需的类。 After adding the following in proguard config file: -keep class org.spongycastle.** { *; 在proguard配置文件中添加以下内容后:-keep class org.spongycastle。** {*; } }
the problem was resolved. 问题解决了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.