我正在研究一个项目(Java),并且要求说我们必须从第三方解密CMS信封。与此公钥相对应的私钥存储在HSM中,并且不可导出。因此,我需要做的就是从CMS Envelope提取加密的会话密钥并对其解密,然后使用解密的会话密钥解密内容。
计划听起来很容易,唯一的问题是我无法弄清楚如何提取加密的会话密钥,并且如果在弹性城堡中有办法提供解密的会话密钥,它将像使用软键一样对内容本身进行解密。

最佳答案

谢谢James,为我指出了测试用例,我在pkix包中找不到任何东西,但是在核心包中,它们是对我很有帮助的测试用例。我能够使用那些库提取会话密钥和加密数据。

        ContentInfo info = ContentInfo.getInstance(ASN1Primitive.fromByteArray(encryptedData));
        EnvelopedData envData = EnvelopedData.getInstance(info.getContent());
        ASN1Set s = envData.getRecipientInfos();
        RecipientInfo recipientInfo = RecipientInfo.getInstance(s.getObjectAt(0));
        byte[] encryptedKey;
        if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
            KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
            encryptedKey = keyTransRecipientInfo.getEncryptedKey().getOctets();
            AlgorithmIdentifier keyEncryptionAlgorithm = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
            logger.info("Assymetric Encryption Algorithm : {}", keyEncryptionAlgorithm.getAlgorithm().getId());
            logger.info("Octet  encrypted Key            : {}", Hex.toHexString(encryptedKey));
        } else {
            throw new IllegalStateException("expected KeyTransRecipientInfo");
        }
        AlgorithmIdentifier contentEncryptionAlgorithm = envData.getEncryptedContentInfo().getContentEncryptionAlgorithm();
        logger.info("Symmetric Encryption Algorithm  : " + contentEncryptionAlgorithm.getAlgorithm().getId());
        logger.info("Octect Encrypted data           : " + Hex.toHexString(envData.getEncryptedContentInfo().getEncryptedContent().getOctets()));

关于java - 使用bouncycaSTLe从CMS信封数据中提取加密的 session key ,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/58587906/

10-10 01:09