这个问题很难,但我可以寻求任何帮助。
我在我这边使用 System.Security.Cryptography.Xml 来加密 XML SAML blob。
加密工作正常,但是当它到达另一边的 java 库时,他们会收到错误:
java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
at javax.crypto.Cipher.unwrap(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown Source)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:680)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:611)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:761)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:512)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:439)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:400)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
如何继续使用我的加密方法:
public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
{
//cert = new X509Certificate2(@"C:\temp\SEI.cer");
XmlElement returnElement;
EncryptedData message = new EncryptedData();
message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
//message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
EncryptedKey key = new EncryptedKey();
key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
key.KeyInfo.AddClause(new KeyInfoX509Data(cert));
var rKey = new RijndaelManaged();
rKey.BlockSize = 128;
rKey.KeySize = 128;
rKey.Padding = PaddingMode.PKCS7;
rKey.Mode = CipherMode.CBC;
key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
message.KeyInfo.AddClause(keyInfo);
message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
returnElement = message.GetXml();
Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));
GetBytesKeyAndData(rKey, assertion.InnerText);
return returnElement;
}
同时绕过这个错误? EncryptedKey 上是否有参数来设置填充大小?还是我必须使用 Bouncy CaSTLe 来指定加密数据的大小?
最佳答案
我更改了 RSA key 的 AES 加密的 keywrapurl 的大小。
仍然不真正理解 opensaml java 库的加密是如何工作的,在打开它之后我很惊讶在 java 中设置一个简单的测试环境需要多长时间。
故事的寓意:不要对大量数据使用非对称加密。
public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
{
//cert = new X509Certificate2(@"C:\temp\SEI.cer");
XmlElement returnElement;
EncryptedData message = new EncryptedData();
message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256KeyWrapUrl);
//message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
EncryptedKey key = new EncryptedKey();
key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
key.KeyInfo.AddClause(new KeyInfoX509Data(cert));
var rKey = new RijndaelManaged();
rKey.BlockSize = 128;
rKey.KeySize = 128;
rKey.Padding = PaddingMode.PKCS7;
rKey.Mode = CipherMode.CBC;
key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
message.KeyInfo.AddClause(keyInfo);
message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
returnElement = message.GetXml();
Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));
GetBytesKeyAndData(rKey, assertion.InnerText);
return returnElement;
}
关于java - .NET 系统加密到 Bouncy CaSTLe Java 解密抛出错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/41982477/