嘗試從證書中獲取私鑰時出現異常

Question

我在我的應用程序中進行RSA 加密和解密。我在資產文件夾中放置了兩個文件，用於加密的 public_key.cer 和用於解密的 private_key.cer。從我正在執行的文件中獲取公鑰，如下所示。

CertificateFactory certFactory = CertificateFactory.getInstance(X.509, BC);
InputStream is = context.getAssets().open("public_Key.cer");
X509Certificate cert = (X509Certificate) certFactory.generateCertificate(is);
publicKey = cert.getPublicKey();

RSA加密工作正常，而我在嘗試從證書中獲取私鑰時遇到問題。下面是用於獲取私鑰的代碼

InputStream is = context.getAssets().open("private_key.cer");
PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(new BASE64Decoder().decodeBuffer(is));
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
PrivateKey privateKey = keyFactory.generatePrivate(privSpec);

我得到了例外。

    com.android.org.bouncycastle.jcajce.provider.asymmetric.util.ExtendedInvalidKeySpecException: unable to process key spec: java.lang.IllegalArgumentException: unknown object in getInstance: com.android.org.bouncycastle.asn1.DERApplicationSpecific
 at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePrivate(KeyFactorySpi.java:105)
 at java.security.KeyFactory.generatePrivate(KeyFactory.java:186)
 at com.teknospire.ndasenda_agent.utils.Conversion.decryptUsingPrivateKey(Conversion.java:111)
 at com.teknospire.ndasenda_agent.utils.Conversion.getDecryptedSkey(Conversion.java:243)
 at com.teknospire.ndasenda_agent.json.JsonCreationAndExtraction.readLoginParams(JsonCreationAndExtraction.java:40)
 at com.mockUp.ndasenda.LoginActivity$LoginRequest.doInBackground(LoginActivity.java:283)
 at com.mockUp.ndasenda.LoginActivity$LoginRequest.doInBackground(LoginActivity.java:1)
 at android.os.AsyncTask$2.call(AsyncTask.java:288)
 at java.util.concurrent.FutureTask.run(FutureTask.java:237)
 at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
 at java.lang.Thread.run(Thread.java:848)
 Caused by: java.lang.IllegalArgumentException: unknown object in getInstance: com.android.org.bouncycastle.asn1.DERApplicationSpecific
 at com.android.org.bouncycastle.asn1.ASN1Sequence.getInstance(ASN1Sequence.java:50)
 at com.android.org.bouncycastle.asn1.ASN1Sequence.getInstance(ASN1Sequence.java:33)
 at com.android.org.bouncycastle.asn1.pkcs.PrivateKeyInfo.getInstance(PrivateKeyInfo.java:45)
 at com.android.org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyFactorySpi.engineGeneratePrivate(KeyFactorySpi.java:91)
 ... 12 more
 java.lang.NullPointerException
 at org.bouncycastle.crypto.params.KeyParameter.<init>(KeyParameter.java:13)
 at com.teknospire.ndasenda_agent.utils.Conversion.decryptUsingSessionKey(Conversion.java:145)
 at com.teknospire.ndasenda_agent.utils.Conversion.getDecryptionData(Conversion.java:185)
 at com.teknospire.ndasenda_agent.json.JsonCreationAndExtraction.readLoginParams(JsonCreationAndExtraction.java:41)
 at com.mockUp.ndasenda.LoginActivity$LoginRequest.doInBackground(LoginActivity.java:283)
 at com.mockUp.ndasenda.LoginActivity$LoginRequest.doInBackground(LoginActivity.java:1)
 at android.os.AsyncTask$2.call(AsyncTask.java:288)
 at java.util.concurrent.FutureTask.run(FutureTask.java:237)
 at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:231)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
 at java.lang.Thread.run(Thread.java:848)

誰能幫助我，如何從 .cer 文件中讀取私鑰。

提前致謝。

Answer 1

檢查此以了解基本實現

摘自該網站

Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());

    byte[] input = new byte[] { (byte) 0xbe, (byte) 0xef };
    Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC");

    KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
    RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger(
        "12345678", 16), new BigInteger("11", 16));
    RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger(
        "12345678", 16), new BigInteger("12345678",
        16));

    RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec);
    RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec);

    cipher.init(Cipher.ENCRYPT_MODE, pubKey);

    byte[] cipherText = cipher.doFinal(input);
    System.out.println("cipher: " + new String(cipherText));

    cipher.init(Cipher.DECRYPT_MODE, privKey);
    byte[] plainText = cipher.doFinal(cipherText);
    System.out.println("plain : " + new String(plainText));

Answer 2

從文件中獲取私鑰的代碼：

    private KeyStore.PrivateKeyEntry getKeyFromFile(String keyStoreFile,
    String Password, Context cntx) {
    KeyStore.PrivateKeyEntry entry = null;
    try {
        AssetManager am = cntx.getAssets();
        char[] keyStorePassword = Password.toCharArray();
        // Load the KeyStore and get the signing key and certificate.
        KeyStore ks = KeyStore.getInstance("PKCS12");

        ks.load(am.open(keyStoreFile), keyStorePassword);
        String alias = ks.aliases().nextElement();

        Entry entry1 = ks.getEntry(alias, new KeyStore.PasswordProtection(
                keyStorePassword));
        entry = (KeyStore.PrivateKeyEntry) entry1;
    } catch (Exception e) {
        e.printStackTrace();
    }
    return entry;
}

您可以使用以下方法解密您的數據：

  public byte[] decryptUsingPrivateKey(String encryptedData, Context cntx) {

    byte[] utf8 = null;
    try {
        KeyStore.PrivateKeyEntry privateKey = getKeyFromFile(
                "PrivateKeyFile.pfx", "privatekeypassword", cntx);

        Cipher rsa;
        rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        rsa.init(Cipher.DECRYPT_MODE, privateKey.getPrivateKey());
        utf8 = rsa.doFinal(Base64.decode(encryptedData));

    } catch (Exception e) {
        System.out.println(e);
    }

    return utf8;
}

筆記：

1. 要使用它，您必須在應用程序中編譯庫“bcprov-jdk15on-152.jar”
2. 在 android 中使用私鑰文件不是一個好習慣。 希望您在測試服務器中使用它。