java - org.bouncycaSTLe.asn1.DLSequence 无法转换为 org.bouncycaSTLe.asn1.ASN1Integer

Question

我正在尝试使用 BouncyCaSTLe 类来加密和解密密码。我已经编写了一个测试程序并生成了 PEM 格式和 DER 格式的测试 key /证书。我可以将 key /证书读入我的程序并获取公钥并加密一个值。当我尝试设置解密值时，在创建 AsymmetricKeyParameter 时出现错误“org.bouncycaSTLe.asn1.DLSequence cannot be cast to org.bouncycaSTLe.asn1.ASN1Integer”。似乎当我试图通过执行 cert.getEncoded() 从证书中提取数据时，它也会提取 header 值。我尝试只读取文件并删除 BEGIN 和 END CERTIFCATE 行以及破折号，这让我遇到了同样的错误。我已经尝试使用 java.security.cert.Certificate 以及下面的代码正在使用的 X509Certificate。任何帮助将不胜感激。

我可以上传 key 文件，这会对您有所帮助，因为它是我在本地计算机上生成的测试 key ，一旦我开始工作就会被丢弃。

package com.cds.test;

import java.io.FileInputStream;
import java.io.InputStream;
import java.security.Security;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;

import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;

public class RSAEncryptDecrypt {
    public X509Certificate cert = null;
    //
    public void readCertificate() throws Exception {
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        CertificateFactory factory = CertificateFactory.getInstance("X.509", new BouncyCastleProvider());
        InputStream fis = new FileInputStream("/opt/temp/keys/openssl_crt.pem");
        X509Certificate x509Cert = (X509Certificate) factory.generateCertificate(fis);
        this.cert = x509Cert;
        System.out.println("issuer: " + x509Cert.getIssuerX500Principal());
    }
    //
    public String encrypt(String inputData) throws Exception {
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        //
        System.out.println("public key: " + new String(Base64.encode(cert.getPublicKey().getEncoded())));
        AsymmetricKeyParameter publicKey = PublicKeyFactory.createKey(cert.getPublicKey().getEncoded());
        AsymmetricBlockCipher cipher = new RSAEngine();
        cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
        cipher.init(true, publicKey);
        //
        byte[] messageBytes = inputData.getBytes();
        byte[] hexEncodedCipher = cipher.processBlock(messageBytes, 0, messageBytes.length);
        //
        return new String(Base64.encode(hexEncodedCipher));
    }
    //
    private String decrypt (String encryptedData) throws Exception {
        Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
        //
        byte[] certData = cert.getEncoded();
        //certData = Base64.decode(certData);
        AsymmetricKeyParameter privateKey = PrivateKeyFactory.createKey(cert.getEncoded());
        AsymmetricBlockCipher cipher = new RSAEngine();
        cipher = new org.bouncycastle.crypto.encodings.PKCS1Encoding(cipher);
        cipher.init(false, privateKey);
        //
        byte[] decoded = Base64.decode(encryptedData.getBytes());
        byte[] result = cipher.processBlock(decoded, 0, decoded.length);
        //
        return new String(result);
    }   
    //
    public static void main(String[] args) throws Exception {
        String inputData = "This is the message I am trying to encrypt.";
        String encrypted = null;
        String decrypted = null;
        //
        RSAEncryptDecrypt rsa = new RSAEncryptDecrypt();
        //
        rsa.readCertificate();
        System.out.println("    input: " + inputData);
        encrypted = rsa.encrypt(inputData);
        System.out.println("encrypted: " + encrypted);
        decrypted = rsa.decrypt(encrypted);
        System.out.println("decrypted: " + decrypted);
    }
}

Answer 1

证书只包含公钥，不包含私钥。当然，公钥有一个与之关联的私钥，但它不保存在证书中。证书是您分发给其他方的。

可能是您使用 Microsoft 代码的次数过多。我提到 Microsoft，因为在 .NET 代码中，证书类可以在内部包含关联的私钥，从而形成一个相当简单的 API。

因此，要解密，您必须单独读取证书的私钥(使用 PKCS8EncodedKeySpec 和 “RSA” KeyFactory)。

另一种选择是将两者都放入 PKCS#12 keystore 中，然后使用 KeyStore.load 将其读入 Java。