堆棧內存溢出
  簡體   English   中英

BouncyCastle沒有找到它提供的算法?

[英]BouncyCastle does not find algorithms that it provides?

 原文  2012-01-08 14:59:46       java/ security/ digital-signature/ bouncycastle

問題描述

我正在玩BouncyCastle 1.46令我驚訝的是,下面片段中的陷阱經常被絆倒。 

Security.addProvider(new BouncyCastleProvider());

final Set<String> found = new HashSet<String>();
final Set<String> missing = new HashSet<String>();

final DefaultSignatureAlgorithmIdentifierFinder finder = new DefaultSignatureAlgorithmIdentifierFinder();
for (Service service : new BouncyCastleProvider().getServices()) {
    if ("Signature".equals(service.getType())) {
        final String algorithm = service.getAlgorithm();
        try {
            finder.find(algorithm);
            found.add(algorithm);
        } catch (IllegalArgumentException ex) {
            missing.add(algorithm);
        }
    }
}

System.out.println("Found: " + found);
System.out.println("Missing: " + missing);

我似乎無法通過Finder使用大多數算法,即使存在提供這些算法的服務。 我究竟做錯了什么?

更新我稍微更改了代碼以更好地說明問題。 可能感興趣的是我使用的是BouncyCastle的JDK1.5版本。 上面的代碼給出了這個輸出:

實測值:[RIPEMD256WithRSAEncryption,MD5WithRSAEncryption,MD2WithRSAEncryption,SHA384WithRSAEncryption,SHA224WITHECDSA,SHA384WITHDSA,SHA256WITHDSA,SHA512WithRSAEncryption,SHA512WITHDSA,RIPEMD160WithRSAEncryption,SHA224WithRSAEncryption,SHA256WITHECDSA,RIPEMD128WithRSAEncryption,SHA384WITHECDSA,SHA256WithRSAEncryption,SHA512WITHECDSA,SHA1WithRSAEncryption,SHA224WITHDSA]

缺失:[SHA1WITHECNR,NONEwithECDSA,ECDSA,SHA512withRSA / PSS,RIPEMD160WITHECDSA,RSA,GOST3410,SHA256WITHECNR,MD5withRSA / ISO9796-2,SHA1WITHCVC-ECDSA,SHA384withRSA / PSS,SHA1withRSA / PSS,MD4WithRSAEncryption,RSASSA-PSS,SHA512WITHECNR,SHA256WITHCVC-ECDSA ,SHA1withRSA / ISO9796-2,SHA224withRSA / PSS,SHA224WITHCVC-ECDSA,RAWRSASSA-PSS,SHA256withRSA / PSS,NONEWITHDSA,SHA384WITHECNR,RIPEMD160withRSA / ISO9796-2,DSA,ECGOST3410,SHA224WITHECNR,1.2.840.113549.1.1.10]

4 個解決方案

解決方案1
 5 已采納  2012-01-08 16:37:14

我認為DefaultSignatureAlgorithmIdentifierFinder是bcmail API的一部分。 它返回此API識別的算法標識符。 (檢查加密消息語法 )另一方面,彈性種姓提供者提供更多算法。 您可以檢查DefaultSignatureAlgorithmIdentifierFinder的源代碼,其中識別的算法是硬編碼的: 

algorithms.put("MD2WITHRSAENCRYPTION", PKCSObjectIdentifiers.md2WithRSAEncryption);
algorithms.put("MD2WITHRSA", PKCSObjectIdentifiers.md2WithRSAEncryption);
algorithms.put("MD5WITHRSAENCRYPTION", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("MD5WITHRSA", PKCSObjectIdentifiers.md5WithRSAEncryption);
algorithms.put("SHA1WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA1WITHRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption);
algorithms.put("SHA224WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha224WithRSAEncryption);
algorithms.put("SHA224WITHRSA", PKCSObjectIdentifiers.sha224WithRSAEncryption);
algorithms.put("SHA256WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA256WITHRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption);
algorithms.put("SHA384WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha384WithRSAEncryption);
algorithms.put("SHA384WITHRSA", PKCSObjectIdentifiers.sha384WithRSAEncryption);
algorithms.put("SHA512WITHRSAENCRYPTION", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA512WITHRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption);
algorithms.put("SHA1WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA224WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA256WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA384WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("SHA512WITHRSAANDMGF1", PKCSObjectIdentifiers.id_RSASSA_PSS);
algorithms.put("RIPEMD160WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
algorithms.put("RIPEMD160WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd160);
algorithms.put("RIPEMD128WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
algorithms.put("RIPEMD128WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd128);
algorithms.put("RIPEMD256WITHRSAENCRYPTION", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
algorithms.put("RIPEMD256WITHRSA", TeleTrusTObjectIdentifiers.rsaSignatureWithripemd256);
algorithms.put("SHA1WITHDSA", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("DSAWITHSHA1", X9ObjectIdentifiers.id_dsa_with_sha1);
algorithms.put("SHA224WITHDSA", NISTObjectIdentifiers.dsa_with_sha224);
algorithms.put("SHA256WITHDSA", NISTObjectIdentifiers.dsa_with_sha256);
algorithms.put("SHA384WITHDSA", NISTObjectIdentifiers.dsa_with_sha384);
algorithms.put("SHA512WITHDSA", NISTObjectIdentifiers.dsa_with_sha512);
algorithms.put("SHA1WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("ECDSAWITHSHA1", X9ObjectIdentifiers.ecdsa_with_SHA1);
algorithms.put("SHA224WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA224);
algorithms.put("SHA256WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256);
algorithms.put("SHA384WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384);
algorithms.put("SHA512WITHECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512);
algorithms.put("GOST3411WITHGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
algorithms.put("GOST3411WITHGOST3410-94", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_94);
algorithms.put("GOST3411WITHECGOST3410", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
algorithms.put("GOST3411WITHECGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);
algorithms.put("GOST3411WITHGOST3410-2001", CryptoProObjectIdentifiers.gostR3411_94_with_gostR3410_2001);

干杯!

解決方案2
 3  2012-01-08 15:07:18

您是否將BouncyCastle添加到安全提供商? 你可以用這一行做到這一點: 

Security.addProvider(new BouncyCastleProvider());

解決方案3
 1  2013-07-01 09:23:50

您可以通過兩個步驟將Bouncy Castle添加到Java平台上的安全提供程序:

1.將BC庫(目前為bcpkix-jdk15on-149.jar,bcprov-jdk15on-149.jar)復制到目錄$ JAVA_HOME / jre / lib / ext /

2.注冊BC提供者:編輯文件$ JAVA_HOME / jre / lib / security / java.security並在線下 

security.provider.1=sun.security.provider.Sun

添加您的BC提供商 

security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider

更改其他提供者的數量。 整個提供商塊應類似於: 

security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=sun.security.ec.SunEC
security.provider.5=com.sun.net.ssl.internal.ssl.Provider
security.provider.6=com.sun.crypto.provider.SunJCE
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC

解決方案4
 1  2015-10-22 12:56:42

這個答案與BouncyCastle沒有直接關系。 但是,我認為這對其他人有用:

就我而言,我使用的是SpongyCastle。 我遇到了類似的問題:org.ehp:無法創建簽名者:Provider SC在org.ehaaa上沒有提供SHA256WITHRSA(SourceFile:101)

事實證明,proguard正在刪除一些必需的類。 在proguard配置文件中添加以下內容后:-keep class org.spongycastle。** {*; }

問題解決了。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 bouncyCastle 是否提供 TLS 功能? BouncyCastle是否有SecureRandom服務? 編譯失敗:bouncycastle 不存在 算法找到公交路線 Corretto 是補充 BouncyCastle 還是取代它? BouncyCastle如何生成ECDH“密鑰”? Spring 3.0是否提供服務定義文件? Kafka connect是否為Cassandra提供Java驅動程序 @Provides的書面順序是否重要? Java是否提供類別名功能?
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM