问题描述
我尝试使用RSA私钥加密一些内容。
我按照这个例子:
,但将其转换为使用私钥而不是public。在这个例子之后,我想我需要做的是:
- 读取DER格式的私钥
- 生成PCKS8EncodedKeySpec
- 从KeyFactory调用generatePrivate()以获取私钥对象
- 使用该私钥对象与Cipher对象进行加密
所以,步骤如下:
键是从openssl :
c>
c> openssl pkcs8 命令将生成的密钥转换为未加密的PKCS#8,DER格式:
openssl pkcs8 -topk8 -nocrypt -in private.pem -outform der -out private.der
产生可加载 PKCS8EncodedKeySpec 的未加密私钥。
I'm trying to encrypt some content with an RSA private key.
I'm following this example:http://www.junkheap.net/content/public_key_encryption_java
but converting it to use private keys rather than public. Following that example, I think what I need to do is:
- Read in a DER-format private key
- Generate a PCKS8EncodedKeySpec
- call generatePrivate() from KeyFactory to get a private key object
- Use that private key object with the Cipher object to do the encryption
So, the steps:
The key was generated from openssl with:
openssl genrsa -aes256 -out private.pem 2048
and then was converted to DER format with:
openssl rsa -in private.pem -outform DER -out private.der
I generate the PKCS8EncodedKeySpec with:
byte[] encodedKey = new byte[(int)inputKeyFile.length()]; try { new FileInputStream(inputKeyFile).read(encodedKey); } catch (FileNotFoundException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (IOException e) { // TODO Auto-generated catch block e.printStackTrace(); } PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedKey); return privateKeySpec;
And then generate the private key object with:
PrivateKey pk = null; try { KeyFactory kf = KeyFactory.getInstance(RSA_METHOD); pk = kf.generatePrivate(privateKeySpec); } catch (NoSuchAlgorithmException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (InvalidKeySpecException e) { // TODO Auto-generated catch block e.printStackTrace(); } return pk;
However, on the call to:
pk = kf.generatePrivate(privateKeySpec);
I get:
java.security.spec.InvalidKeySpecException: Unknown key spec. at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA12275) at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA12275) at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)
Questions:
- Is the general approach right?
- Is the PCKS8EncodedKeySpec the right keyspec to use?
- Any thoughts on the invalid key spec error?
First of all, I'm confused why you are planning to use a Cipher to encrypt with a private key, rather than signing with a Signature. I'm not sure that all RSA Cipher providers will use the correct block type for setup, but it's worth a try.
Setting that aside, though, I think that you are trying to load a non-standard OpenSSL-format key. Converting it to DER with rsa is essentially just a base-64 decode; the structure of the key is not PKCS #8.
Instead, after genrsa, use the openssl pkcs8 command to convert the generated key to unencrypted PKCS #8, DER format:
openssl pkcs8 -topk8 -nocrypt -in private.pem -outform der -out private.der
This will produce an unencrypted private key that can be loaded with a PKCS8EncodedKeySpec.
这篇关于在Java中使用RSA私钥加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!