java - Android 上 PEMKeyPair 与 BouncyCasSTLe 的 key 对

Question

将 PEMKeyPair 转换为 KeyPair 时在 Android 上出现异常:

 org.bouncycastle.openssl.PEMException: unable to convert key pair: The BC provider no longer provides an implementation for KeyFactory.RSA.  Please see https://android-developers.googleblog.com/2018/03/cryptography-changes-in-android-p.html for more details.

此代码在我的台式电脑上的普通 Java 上运行良好，但在 Android 上失败:

PrivateKey pk=null;

JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");

        if (object instanceof PEMKeyPair)
        {
            PEMKeyPair k = (PEMKeyPair) object;
            KeyPair key = converter.getKeyPair(k);
            pk = key.getPrivate();
        }else
...

如何解决这个问题？

Answer 1

您将在 page 中找到答案记录在异常消息中:

Starting in Android P, we plan to deprecate some functionality from the BC provider that's duplicated by the AndroidOpenSSL (also known as Conscrypt) provider. This will only affect applications that specify the BC provider explicitly when calling getInstance() methods. To be clear, we aren't doing this because we are concerned about the security of the implementations from the BC provider, rather because having duplicated functionality imposes additional costs and risks while not providing much benefit.

If you specify the provider by name or by instance—for example, Cipher.getInstance("AES/CBC/PKCS7PADDING", "BC") or Cipher.getInstance("AES/CBC/PKCS7PADDING", Security.getProvider("BC")) —the behavior you get in Android P will depend on what API level your application targets. For apps targeting an API level before P, the call will return the BC implementation and log a warning in the application log. For apps targeting Android P or later, the call will throw NoSuchAlgorithmException.

因此要解决此错误:

To resolve this, you should stop specifying a provider and use the default implementation.

因此，在您的情况下，请摆脱提供者规范:

JcaPEMKeyConverter converter = new JcaPEMKeyConverter();