java - 太阳.security.pkcs11.wrapper.PKCS11Exception : CKR_WRAPPED_KEY_INVALID

标签 java encryption bouncycastle pkcs#11

我想在 Java 中使用 BouncyCaSTLePKCS11 库解密一个 CMSEnvelopedData。 一切顺利,直到我遇到这个问题:

我可以成功检索收件人信息:

CMSEnvelopedData cmsEnvelopedData = new CMSEnvelopedData(signedAndEncryptedMessage);

        Collection recip = cmsEnvelopedData.getRecipientInfos().getRecipients();
        KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation)recip.iterator().next();

现在,当我想使用收件人私钥解密此数据时:

if (rinfo != null) {
            LOGGER.debug("Decrypting...");

            byte[] receivedData = rinfo.getContent(
                    new JceKeyTransEnvelopedRecipient(
                            recipientPrivateKey
                            // PKCS11
                    ).setProvider(SUN_PKCS11_PROVIDER).setContentProvider(BOUNCY_CASTLE_PROVIDER).setContentProvider(SUN_PKCS11_PROVIDER)
                    // MSCAPI
//                   ).setProvider(SUN_MSCAPI_PROVIDER)
            );
            LOGGER.debug("Done decrypting...");

我有这个异常(exception):

org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: doFinal() failed
    at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(Unknown Source)
    at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
    at ir.dpi.pki.namad.cms.Main.decryptAndVerify(Main.java:283)
    at ir.dpi.pki.namad.cms.Main.main(Main.java:92)
    at ir.dpi.pki.namad.cms.MainTest.mainTest_DecryptAndVerify(MainTest.java:31)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
    at org.junit.runner.JUnitCore.run(JUnitCore.java:160)
    at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:74)
    at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:211)
    at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:67)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
Caused by: org.bouncycastle.operator.OperatorException: bad padding: doFinal() failed
    at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(Unknown Source)
    ... 34 more
Caused by: javax.crypto.BadPaddingException: doFinal() failed
    at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:362)
    at sun.security.pkcs11.P11RSACipher.engineDoFinal(P11RSACipher.java:387)
    at javax.crypto.Cipher.doFinal(Cipher.java:2087)
    ... 35 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_WRAPPED_KEY_INVALID
    at sun.security.pkcs11.wrapper.PKCS11.C_Decrypt(Native Method)
    at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:341)
    ... 37 more

我想不通这个问题。我正在使用 Nexus 智能卡读卡器(智能 token ),它包含我的私钥和有效证书。

最佳答案

我发现了问题,希望这篇文章能帮助那些可能遇到这种异常的人。 在我的代码中,我使用 RecipientCertificate 加密了消息,这与我在收件人智能 token 中的解密证书不同!我犯了这个错误,我花了整整三天的时间来解决它。总之,BadPaddingException 让我想到了密码模式或填充。

关于java - 太阳.security.pkcs11.wrapper.PKCS11Exception : CKR_WRAPPED_KEY_INVALID,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23319887/

上一篇:java - 使用java在数据库中保存unicode字符

下一篇:java - Google Guava Eventbus 和 Swing 模态对话框

相关文章:

java - 如何从以毫秒为单位的长度中找到以帧、字节和整数为单位的音符长度

java - 解密时得到 "EVP_DecryptFinal_ex:wrong final block length"

c - 维吉尼亚密码

mysql - 加密 MySQL 中的每个值是否有意义?

java - 有没有办法解决使用 bouncycaSTLe 提供程序后连接重置问题

java - Liquibase,在Oracle中创建外键,前提条件

java - 量子井字棋 AI

java - Spring Retry 不适用于第二级方法

java - 将 org.bouncycaSTLe.jce.PKCS10CertificationRequest 更新为 org.bouncycaSTLe.pkcs.PKCS10CertificationRequest;

android - SpongycaSTLe 在 android 上加载时缺少许多算法

©2024 IT工具网  联系我们