我正在尝试使用以下代码读取Bouncycastle加密的DSA私钥文件:
Security.addProvider(new BouncyCastleProvider());
...
public PrivateKey loadKey(String fileName, String password) {
try (PEMParser pemParser = new PEMParser(new InputStreamReader(new FileInputStream(fileName), StandardCharsets.UTF_8))) {
PKCS8EncryptedPrivateKeyInfo encryptedKeyInfo = (PKCS8EncryptedPrivateKeyInfo) pemParser.readObject();
InputDecryptorProvider decryptorProvider = new JceOpenSSLPKCS8DecryptorProviderBuilder().build(password.toCharArray());
PrivateKeyInfo keyInfo = encryptedKeyInfo.decryptPrivateKeyInfo(decryptorProvider);
JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
return converter.getPrivateKey(keyInfo);
} catch (Exception e) {
e.printStackTrace();
}
}
但方法encryptedKeyInfo.decryptPrivateKeyInfo失败,出现以下异常:
org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: 1.2.840.113549.1.5.3 not available: requires PBE parameters
at com.psc.bouncycastle@1.57.0//org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo.decryptPrivateKeyInfo(Unknown Source)
at com.my.app.MyClass.loadKey(MyClass.java:96)
... 182 more
Caused by: org.bouncycastle.operator.OperatorCreationException: 1.2.840.113549.1.5.3 not available: requires PBE parameters
at com.psc.bouncycastle@1.57.0//org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder$1.get(Unknown Source)
... 184 more
Caused by: java.security.InvalidKeyException: requires PBE parameters
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:187)
at java.base/javax.crypto.Cipher.implInit(Cipher.java:839)
at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:901)
at java.base/javax.crypto.Cipher.init(Cipher.java:1286)
at java.base/javax.crypto.Cipher.init(Cipher.java:1223)
... 185 more
Caused by: java.security.InvalidAlgorithmParameterException: Parameters missing
at java.base/com.sun.crypto.provider.PBES1Core.init(PBES1Core.java:214)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:221)
at java.base/com.sun.crypto.provider.PBEWithMD5AndDESCipher.engineInit(PBEWithMD5AndDESCipher.java:185)
... 189 more
该代码似乎在Java 8上运行,但在Java 11上失败了。有什么想法吗?
当我使用不正确的Bouncy Castle安全提供程序时,我也遇到了同样的错误:
Security.getProvider("BC"); //or Security.getProvider(BouncyCastleProvider.PROVIDER_NAME);
返回一个Bouncy Castle安全提供程序,该提供程序由JDBC驱动程序(JDBC.internal.org/bouncycastle.jcajcce.Provider(注册,包含2727个参数。
但是,当我删除了现有的、提到的提供程序并注册了一个新的提供程序时,该提供程序由bcprov库(org.bouncycastle.jcajce.Provider(提供。
我得到了一个包含正确2944参数的bouncycastle提供程序,它开始工作,没有出现错误:
import org.bouncycastle.jce.provider.BouncyCastleProvider;
Security.removeProvider("BC");
Security.addProvider(new BouncyCastleProvider());
总结:请比较两个Java版本的Bouncy Castle提供程序,并确保使用的是正确的。
来自我的pom文件的依赖项:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.70</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.70</version>
</dependency>