我正在研究一个项目(Java),并且要求说我们必须从第三方解密CMS信封。与此公钥相对应的私钥存储在HSM中,并且不可导出。因此,我需要做的就是从CMS Envelope提取加密的会话密钥并对其解密,然后使用解密的会话密钥解密内容。
计划听起来很容易,唯一的问题是我无法弄清楚如何提取加密的会话密钥,并且如果在弹性城堡中有办法提供解密的会话密钥,它将像使用软键一样对内容本身进行解密。
最佳答案
谢谢James,为我指出了测试用例,我在pkix包中找不到任何东西,但是在核心包中,它们是对我很有帮助的测试用例。我能够使用那些库提取会话密钥和加密数据。
ContentInfo info = ContentInfo.getInstance(ASN1Primitive.fromByteArray(encryptedData));
EnvelopedData envData = EnvelopedData.getInstance(info.getContent());
ASN1Set s = envData.getRecipientInfos();
RecipientInfo recipientInfo = RecipientInfo.getInstance(s.getObjectAt(0));
byte[] encryptedKey;
if (recipientInfo.getInfo() instanceof KeyTransRecipientInfo) {
KeyTransRecipientInfo keyTransRecipientInfo = KeyTransRecipientInfo.getInstance(recipientInfo.getInfo());
encryptedKey = keyTransRecipientInfo.getEncryptedKey().getOctets();
AlgorithmIdentifier keyEncryptionAlgorithm = keyTransRecipientInfo.getKeyEncryptionAlgorithm();
logger.info("Assymetric Encryption Algorithm : {}", keyEncryptionAlgorithm.getAlgorithm().getId());
logger.info("Octet encrypted Key : {}", Hex.toHexString(encryptedKey));
} else {
throw new IllegalStateException("expected KeyTransRecipientInfo");
}
AlgorithmIdentifier contentEncryptionAlgorithm = envData.getEncryptedContentInfo().getContentEncryptionAlgorithm();
logger.info("Symmetric Encryption Algorithm : " + contentEncryptionAlgorithm.getAlgorithm().getId());
logger.info("Octect Encrypted data : " + Hex.toHexString(envData.getEncryptedContentInfo().getEncryptedContent().getOctets()));
关于java - 使用bouncycaSTLe从CMS信封数据中提取加密的 session key ,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/58587906/