我正在尝试使用ECIES进行加密和解密 . 这就是我所做的:
-
生成ECC密钥对
-
生成CSR
-
生成的X509证书,由中间CA签名
-
服务器端,我需要使用此证书来加密数据 . 所以我从证书中提取了
PublicKey(显示BCECPublicKey格式) .
我找不到将其转换为 ECPublicKey 格式的方法,所以在升级到bouncycastle 1.55之后,我可以直接使用 BCECPublicKey 进行加密 .
- 将私钥转换为
ECPrivateKey并使用它进行解密,但现在它正在抛出BadPaddingException: Invalid MAC during decryption
我是密码学新手,请帮忙解决这个问题 . 以下是我正在使用的代码:
byte[] localcert = Base64.decode(
"MIID5TCCAc2gAwIBAgICEAEwDQYJKoZIhvcNAQELBQAwMzELMAkGA1UEBhMCc2cx" +
"CzAJBgNVBAgMAnNnMRcwFQYDVQQKDA5pbnRlcm1lZGlhdGVDQTAeFw0xNjExMjgw" +
"NDAzMjdaFw0xNzEyMDgwNDAzMjdaMDsxCzAJBgNVBAYTAnNnMQswCQYDVQQIEwJz" +
"ZzELMAkGA1UEBxMCc2cxEjAQBgNVBAoTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG" +
"CCqGSM49AwEHA0IABDuhAyMw6OilNmfWo1v6b8XwU8xbQm0Sy/I9qpdC4+qDToSl" +
"EOe+vw7GiVgONTJz2gwMW+VgoGp49aM5GTPo39ujgcUwgcIwCQYDVR0TBAIwADAR" +
"BglghkgBhvhCAQEEBAMCBaAwMwYJYIZIAYb4QgENBCYWJE9wZW5TU0wgR2VuZXJh" +
"dGVkIENsaWVudCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUnbUGm/qaO1JbhY+qVlXw" +
"BewUI/swHwYDVR0jBBgwFoAUPSzKlcBTp0pCQ290SlDLmIQS+/0wDgYDVR0PAQH/" +
"BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0B" +
"AQsFAAOCAgEAJj0J2A3AAcrRw02ZzQsEC4nTyd05krF4oRFo0JODlzNiKaOhQt76" +
"Va427cpVUZwmjb/f1We+AjLJgQiEfnuD7JPSvXHLQTbXNDMgpZ9HXHZoXYfH+2h7" +
"MGvw6Qkj4lC10q9UC14rDSD/ZsR1J0mQCQuOIBRFNOkSPiSUu4zouCD3xv5uZVXR" +
"mimhJ1zgqSYF4LHegJAVwrowMsuaeQXybrIQ+/LJ8HXf8McvPZwtQTuoN/q5zHXz" +
"l+7q4nglyVY+TXPAdwyha0Yq2p0z0jdWm5UpEehmIpXtJghNtcCCRfb48flfZ/B7" +
"JW9VrlcjScOtQfSOrElYgwJ8MlUTzz7oWgbbVp9uNQZeAQQPeOQYLAvSNchPnLiP" +
"ftPuICW2siDeFC42lwYsDYR/9sYs7/gzL79i7bHrdMJ07brXw30hb1r6Vu9a+sHF" +
"D087NxHv33u22+W/2PMLDE89MynTC3H3gWvyzGIky0/kYSpZO/xZuFrg0jIJu0lH" +
"9b7jw1hQM1nDkTO5Gn2wJuaHaiZ22tMr47e4Xlkctal4hAA4Ya1uBXuMuwy0BC8q" +
"nLLxCLBcJJPAyIG2LvIT2vdWIP0Gz84mHKDbOPekHmXIF3bHE4pPeyDIJ+w00UoM" +
"xJdedT5BJarqEpiQtrGn4FBh3fsnHFXyNnNMCIylCvbg0Ij/AsQJCpg=");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate x509Certificate= (X509Certificate) cf.generateCertificate(new ByteArrayInputStream(localcert));
PublicKey publicKey=x509Certificate.getPublicKey();
byte[] pkey=Base64.decode("MHcCAQEEINmVG7z3YutAqRYZ5iAaJSXcP+GJWjtmSx3ba6RfKkJQoAoGCCqGSM49" +
"AwEHoUQDQgAEO6EDIzDo6KU2Z9ajW/pvxfBTzFtCbRLL8j2ql0Lj6oNOhKUQ576/" +
"DsaJWA41MnPaDAxb5WCganj1ozkZM+jf2w==");
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
ECNamedCurveParameterSpec spec = ECNamedCurveTable.getParameterSpec("prime256v1");
KeyFactory kf = KeyFactory.getInstance("ECDSA", new BouncyCastleProvider());
ECPrivateKeySpec ecPrivateKeySpec = new ECPrivateKeySpec(new BigInteger(1, pkey), spec);
ECPrivateKey privkey= (ECPrivateKey) kf.generatePrivate(ecPrivateKeySpec);
String name = "prime256v1";
// generate derivation and encoding vectors
byte[] d = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
byte[] e = new byte[] { 8, 7, 6, 5, 4, 3, 2, 1 };
IESParameterSpec param = new IESParameterSpec(d, e, 256);
Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
//Encrypt
iesCipher.init(Cipher.ENCRYPT_MODE, publicKey, param);
byte[] enc= iesCipher.doFinal("TestECIES".getBytes());
System.out.println(new String(enc));
//Decrypt
iesCipher.init(Cipher.DECRYPT_MODE, privkey, param);
byte[] decry=iesCipher.doFinal(enc);
System.out.println(new String(decry));
1 回答
所以最后我解决了它 . 由openssl创建的ECC PrivateKey采用以下格式:
所以我使用命令将其转换为PKCS8 formate:
并使用以下代码在Java中加载:
一切都很完美 .