我想用BouncyCaSTLe对pkcs7格式进行加解密。我有一个硬件 token 。当我在硬盘驱动器的 jks 文件中使用 key 对时,它工作正常但是当我在 token 中使用 key 对时 它不起作用。这是我的异常(exception):
Exception in thread "main" org.bouncycastle.cms.CMSException: cannot create cipher: No such algorithm: 2.16.840.1.101.3.4.1.2
at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createCipher(Unknown Source)
at org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1.doInJCE(Unknown Source)
at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.execute(Unknown Source)
at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createContentCipher(Unknown Source)
at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at pktb.PKTB.CmsDecrypt(PKTB.java:288)
at pktb.PKTB.main(PKTB.java:419)
Caused by: java.security.NoSuchAlgorithmException: No such algorithm: 2.16.840.1.101.3.4.1.2
at javax.crypto.Cipher.getInstance(DashoA13*..)
at javax.crypto.Cipher.getInstance(DashoA13*..)
at org.bouncycastle.jcajce.NamedJcaJceHelper.createCipher(Unknown Source)
... 10 more
Java Result: 1
这是我的加密代码:
public byte[] CmsEncrypt(byte[] message, KeyContainer keyContainer) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
{
Security.addProvider(new BouncyCastleProvider());
X509Certificate cert = (X509Certificate) keyContainer.certificate;
CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
gen.addKeyTransRecipient(cert);
CMSProcessable data = new CMSProcessableByteArray(message);
CMSEnvelopedData enveloped = gen.generate(data,
CMSEnvelopedDataGenerator.AES128_CBC, "BC");
return enveloped.getEncoded();
}
这是我的解密代码:
public byte[] CmsDecrypt(byte[] cipher, KeyContainer keyContainer) throws CMSException, IOException, NoSuchProviderException
{
Security.addProvider(new BouncyCastleProvider());
byte[] contents=null;
CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(new ByteArrayInputStream(cipher));
PrivateKey key = keyContainer.privateKey;
X509Certificate cert = keyContainer.certificate;
CMSEnvelopedData enveloped = new CMSEnvelopedData(cipher);
Collection recip = enveloped.getRecipientInfos().getRecipients();
KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation) recip
.iterator().next();
if(keyContainer.provider.equals("Software"))
contents = rinfo.getContent(
new JceKeyTransEnvelopedRecipient(key).setProvider("BC"));
else
contents = rinfo.getContent(
new JceKeyTransEnvelopedRecipient(key).setProvider("SunPKCS11-" + keyContainer.provider));
System.out.println(new String(contents));
return contents;
}
我必须说,我将此 token 提供程序用于 cmsSign 和 cmsVerify,并且工作正常,因此我认为问题不在于提供程序。
最佳答案
您可以使用 PKCS#11 从硬件 token 中提取私钥和公钥,然后使用这些提取的公钥和私钥通过 BouncyCaSTLe PKCS7 加密和解密数据。您使用的是哪个 token ?我也找不到从硬件 token 中提取 key 的代码。通过以下链接中的答案从硬件 token 中提取 key 。点击here
关于java - 使用 BouncyCaSTLe PKCS7 加密和解密 - CMS in java,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/13212186/