个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
26
4
重建时JarSigner为了与 PQC 签名方案配合使用,例如 XMSS由JCA/JCE Provider提供BouncyCastle我遇到了一个问题:XMSS PrivateKeys 在从磁盘存储和检索后似乎无法再用于签名。但是 XMSSMT 和 SPHICS PrivateKeys 可以。为什么?
底部有源代码供您自行测试。您将需要 2 个外部库才能正常工作:
注意:源代码是关于在 KeyStore 中保存和检索 key 的。 。但我也尝试过saving it simply to a file这也不起作用。
我得到的错误:
java.security.SignatureException: java.lang.NullPointerException
at org.bouncycastle.pqc.jcajce.provider.xmss.XMSSSignatureSpi.engineSign(Unknown Source)
at java.base/java.security.Signature.sign(Signature.java:598)
at Main.sign(Main.java:91)
at Main.run(Main.java:71)
at Main.main(Main.java:22)
[主要]
public class Main {
public static String keyStorePath = "myKeyStore.keystore";
public static void main(String[] args) throws InterruptedException {
String[] algs = {"XMSS", "XMSS", "XMSSMT", "XMSSMT", "SPHINCS256"},
digests = {"SHA256", "SHA512", "SHA256", "SHA512", "SHA512"};
for (int i = 0; i < algs.length; i++){
try {
run(algs[i], digests[i]);
}catch (Exception ignore){
ignore.printStackTrace();
Thread.sleep(60); // Wait for print
}
}
}
public static void run(String alg, String digest) throws Exception{
String sigAlg = digest + "with" + alg,
provider = "BCPQC",
keyStoreProvider = "BC",
keyStoreAlias = sigAlg, // for readability
keyStorePassword = "password";
System.out.println("Running " + sigAlg + ".");
// Add providers
addProvider(new String[] {provider, keyStoreProvider});
// Generate KeyPairs
KeyPairGenerator kpg = KeyPairGenerator.getInstance(alg, provider);
initialize(kpg, alg, digest);
KeyPair myKp = kpg.generateKeyPair();
// Sign
sign(myKp.getPrivate(), sigAlg, provider, "Hello World!");
// Generate a self-signed certificate
X509Certificate cert = BCCertGen.generate(myKp.getPrivate(), myKp.getPublic(), 365, sigAlg, true);
// Load a KeyStore
KeyStore keyStore = KeyStore.getInstance("PKCS12", keyStoreProvider);
try {
keyStore.load(new FileInputStream(keyStorePath), keyStorePassword.toCharArray());
}catch (Exception ingore){
// If there is no KeyStore at @keyStorePath
// create an empty one
keyStore.load(null, keyStorePassword.toCharArray());
}
// Store the generated KeyPair with the Certificate in the KeyStore
keyStore.setKeyEntry(keyStoreAlias, myKp.getPrivate(), keyStorePassword.toCharArray(), new X509Certificate[] {cert});
keyStore.store(new FileOutputStream(keyStorePath), keyStorePassword.toCharArray());
// Load the stored PrivateKey from the KeyStore
keyStore.load(new FileInputStream(keyStorePath), keyStorePassword.toCharArray());
PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyStoreAlias, keyStorePassword.toCharArray());
// Sign again
sign(privateKey, sigAlg, provider, "Hello World!");
}
public static void addProvider(String[] providers){
for (String provider : providers) {
switch (provider) {
case "BCPQC":
Security.addProvider(new BouncyCastlePQCProvider());
break;
case "BC":
Security.addProvider(new BouncyCastleProvider());
break;
}
}
}
public static void sign(PrivateKey pk, String sigAlg, String provider , String payload) throws Exception{
Signature signer = Signature.getInstance(sigAlg, provider);
signer.initSign(pk);
signer.update(payload.getBytes());
signer.sign();
System.out.println("Successfully signed");
}
public static void initialize(KeyPairGenerator kpg, String alg, String digest) throws Exception {
switch (alg) {
case "XMSS":
kpg.initialize(new XMSSParameterSpec(4, digest));
break;
case "XMSSMT":
kpg.initialize(new XMSSMTParameterSpec(4, 2, digest));
break;
case "SPHINCS256":
kpg.initialize(new SPHINCS256KeyGenParameterSpec());
break;
case "RSA":
kpg.initialize(new RSAKeyGenParameterSpec(2048, new BigInteger("5")));
break;
}
}
}
[BCCertGen]
public class BCCertGen {
public static String _country = "Westeros",
_organisation = "Targaryen",
_location = "Valyria",
_state = "Essos",
_issuer = "Some Trusted CA";
public BCCertGen(String country, String organisation, String location, String state, String issuer){
_country = country;
_organisation = organisation;
_location = location;
_state = state;
_issuer = issuer;
}
public static X509Certificate generate(PrivateKey privKey, PublicKey pubKey, int duration, String signAlg, boolean isSelfSigned) throws Exception{
Provider BC = new BouncyCastleProvider();
// distinguished name table.
X500NameBuilder builder = createStdBuilder();
// create the certificate
ContentSigner sigGen = new JcaContentSignerBuilder(signAlg).build(privKey);
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
new X500Name("cn="+_issuer), //Issuer
BigInteger.valueOf(1), //Serial
new Date(System.currentTimeMillis() - 50000), //Valid from
new Date((long)(System.currentTimeMillis() + duration*8.65*Math.pow(10,7))), //Valid to
builder.build(), //Subject
pubKey //Publickey to be associated with the certificate
);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
cert.checkValidity(new Date());
if (isSelfSigned) {
// check verifies in general
cert.verify(pubKey);
// check verifies with contained key
cert.verify(cert.getPublicKey());
}
ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
return (X509Certificate) fact.generateCertificate(bIn);
}
private static X500NameBuilder createStdBuilder() {
X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
builder.addRDN(RFC4519Style.c, _country);
builder.addRDN(RFC4519Style.o, _organisation);
builder.addRDN(RFC4519Style.l, _location);
builder.addRDN(RFC4519Style.st, _state);
return builder;
}
}
最佳答案
这是一个已知问题:https://github.com/bcgit/bc-java/issues/380只需按照建议使用高于 161b01 的测试版本即可。
关于java - 充气城堡 PQC XMSS 签名 : NullPointerException after retrieving SecretKey from KeyStore,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53706991/
26
4
0
我正在使用 MySQL 和 Memcached,但我打算开始使用 PostgreSQL 而不是 MySQL。 我知道 Memcached 可以与 PostgreSQL 一起使用,但我在网上找到了这个:
重建时JarSigner为了与 PQC 签名方案配合使用,例如 XMSS由JCA/JCE Provider提供BouncyCastle我遇到了一个问题:XMSS PrivateKeys 在从磁盘存储和
我是一名优秀的程序员,十分优秀!