我想在 Java 中使用 BouncyCaSTLe
和 PKCS11
库解密一个 CMSEnvelopedData
。
一切顺利,直到我遇到这个问题:
我可以成功检索收件人信息:
CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(signedAndEncryptedMessage); Collection recip = cmsEnvelopedData.getRecipientInfos().getRecipients(); KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation)recip.iterator().next();
现在,当我想使用收件人私钥解密此数据时:
if (rinfo != null) {
LOGGER.debug("Decrypting...");
byte[] receivedData = rinfo.getContent(
new JceKeyTransEnvelopedRecipient(
recipientPrivateKey
// PKCS11
).setProvider(SUN_PKCS11_PROVIDER).setContentProvider(BOUNCY_CASTLE_PROVIDER).setContentProvider(SUN_PKCS11_PROVIDER)
// MSCAPI
// ).setProvider(SUN_MSCAPI_PROVIDER)
);
LOGGER.debug("Done decrypting...");
我有这个异常(exception):
org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: doFinal() failed
at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(Unknown Source)
at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at ir.dpi.pki.namad.cms.Main.decryptAndVerify(Main.java:283)
at ir.dpi.pki.namad.cms.Main.main(Main.java:92)
at ir.dpi.pki.namad.cms.MainTest.mainTest_DecryptAndVerify(MainTest.java:31)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:74)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:211)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:67)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: org.bouncycastle.operator.OperatorException: bad padding: doFinal() failed
at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(Unknown Source)
... 34 more
Caused by: javax.crypto.BadPaddingException: doFinal() failed
at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:362)
at sun.security.pkcs11.P11RSACipher.engineDoFinal(P11RSACipher.java:387)
at javax.crypto.Cipher.doFinal(Cipher.java:2087)
... 35 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_WRAPPED_KEY_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_Decrypt(Native Method)
at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:341)
... 37 more
我想不通这个问题。我正在使用 Nexus 智能卡读卡器(智能 token ),它包含我的私钥和有效证书。
最佳答案
我发现了问题,希望这篇文章能帮助那些可能遇到这种异常的人。
在我的代码中,我使用 RecipientCertificate
加密了消息,这与我在收件人智能 token 中的解密证书不同!我犯了这个错误,我花了整整三天的时间来解决它。总之,BadPaddingException
让我想到了密码模式或填充。
关于java - 太阳.security.pkcs11.wrapper.PKCS11Exception : CKR_WRAPPED_KEY_INVALID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23319887/