[英]InvalidAlgorithmParameterException When Loading Encrypted Private Key With Bouncycastle
我正在尝试使用以下代码使用 Bouncycastle 读取加密的 DSA 私钥文件:
Security.addProvider(new BouncyCastleProvider());
...
public PrivateKey loadKey(String fileName, String password) {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(new FileInputStream(fileName), StandardCharsets.UTF_8))) {
PKCS8EncryptedPrivateKeyInfo encryptedKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();
InputDecryptorProvider decryptorProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
PrivateKeyInfo keyInfo = encryptedKeyInfo.decryptPrivateKeyInfo(decryptorProvider);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
return converter.getPrivateKey(keyInfo);
} catch (Exception e) {
e.printStackTrace();
}
}
但是encryptedKeyInfo.decryptPrivateKeyInfo方法失败,出现以下异常:
org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.3 not available: requires PBE parameters
at com.psc.bouncycastle@1.57.0//org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
at com.my.app.MyClass.loadKey(MyClass.java:96)
... 182 more
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.3 not available: requires PBE parameters
at com.psc.bouncycastle@1.57.0//org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
... 184 more
Caused by: java.security.InvalidKeyException: requires PBE parameters
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:187)
at java.base/javax.crypto.Cipher.implInit(Cipher.java:839)
at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:901)
at java.base/javax.crypto.Cipher.init(Cipher.java:1286)
at java.base/javax.crypto.Cipher.init(Cipher.java:1223)
... 185 more
Caused by: java.security.InvalidAlgorithmParameterException: Parameters missing
at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:214)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:221)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:185)
... 189 more
该代码似乎在 Java 8 上运行,但在 Java 11 上运行失败。有什么想法吗?
我在使用不正确的Bouncy Castle 安全提供程序时遇到了同样的错误:
Security.getProvider("BC"); //or Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
返回由 JDBC 驱动程序 ( jdbc.internal.org.bouncycastle.jcajce.provider ) 注册并包含2727 个参数的 Bouncy Castle 安全提供程序。
但是,当我删除现有的、提到的 Provider 并注册一个由bcprov库 ( org.bouncycastle.jcajce.provider ) 提供的新 Provider 时。
我得到了一个包含正确2944参数的 Bouncy Castle Provider,它开始工作时没有出现错误:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
Security.removeProvider("BC");
Security.addProvider(new BouncyCastleProvider());
总结一下:请比较 Java 两个版本的 Bouncy Castle 供应商,并确保您使用的是正确的供应商。
我的 pom 文件中的依赖项:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.70</version>
</dependency>
使用 bouncycastle/spongycastle 读取加密的私钥
[英]Read an encrypted private key with bouncycastle/spongycastle
Bouncycastle:如何创建RSA私钥的加密PKCS8表示?
[英]Bouncycastle: how to create an encrypted PKCS8 representation of an RSA private key?
通过 bouncycastle 读取 PKCS#8 格式的加密私钥,Java 在 docker 容器中失败
[英]Reading encrypted private key in PKCS#8 format through bouncycastle, Java failing in docker container
如何使用 bouncycastle 读取也在 DER 中编码的 PKCS8 加密私钥?
[英]How read a PKCS8 encrypted Private key which is also encoded in DER with bouncycastle?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.