在Java中使用RSA私钥加密 | PCKS8EncodedKeySpec

本文介绍了在Java中使用RSA私钥加密的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我尝试使用RSA私钥加密一些内容。

我按照这个例子：

，但将其转换为使用私钥而不是public。在这个例子之后，我想我需要做的是：

读取DER格式的私钥

生成PCKS8EncodedKeySpec

从KeyFactory调用generatePrivate（）以获取私钥对象

使用该私钥对象与Cipher对象进行加密

所以，步骤如下：

键是从openssl ：

c> openssl pkcs8 命令将生成的密钥转换为未加密的PKCS＃8，DER格式：

  openssl pkcs8 -topk8 -nocrypt -in private.pem -outform der -out private.der

产生可加载 PKCS8EncodedKeySpec 的未加密私钥。

I'm trying to encrypt some content with an RSA private key.

I'm following this example:http://www.junkheap.net/content/public_key_encryption_java

but converting it to use private keys rather than public. Following that example, I think what I need to do is:

Read in a DER-format private key
Generate a PCKS8EncodedKeySpec
call generatePrivate() from KeyFactory to get a private key object
Use that private key object with the Cipher object to do the encryption

So, the steps:

The key was generated from openssl with:

openssl genrsa -aes256 -out private.pem 2048

and then was converted to DER format with:

openssl rsa -in private.pem -outform DER -out private.der

I generate the PKCS8EncodedKeySpec with:

byte[] encodedKey = new byte[(int)inputKeyFile.length()];

try {
    new FileInputStream(inputKeyFile).read(encodedKey);
} catch (FileNotFoundException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (IOException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}

PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(encodedKey);
return privateKeySpec;

And then generate the private key object with:

PrivateKey pk = null;

try {
    KeyFactory kf = KeyFactory.getInstance(RSA_METHOD);
    pk = kf.generatePrivate(privateKeySpec);
} catch (NoSuchAlgorithmException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
} catch (InvalidKeySpecException e) {
    // TODO Auto-generated catch block
    e.printStackTrace();
}
return pk;

However, on the call to:

pk = kf.generatePrivate(privateKeySpec);

I get:

java.security.spec.InvalidKeySpecException: Unknown key spec.
at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA12275)
at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA12275)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)

Questions:

Is the general approach right?
Is the PCKS8EncodedKeySpec the right keyspec to use?
Any thoughts on the invalid key spec error?

解决方案

First of all, I'm confused why you are planning to use a Cipher to encrypt with a private key, rather than signing with a Signature. I'm not sure that all RSA Cipher providers will use the correct block type for setup, but it's worth a try.

Setting that aside, though, I think that you are trying to load a non-standard OpenSSL-format key. Converting it to DER with rsa is essentially just a base-64 decode; the structure of the key is not PKCS #8.

Instead, after genrsa, use the openssl pkcs8 command to convert the generated key to unencrypted PKCS #8, DER format:

openssl pkcs8 -topk8 -nocrypt -in private.pem -outform der -out private.der

This will produce an unencrypted private key that can be loaded with a PKCS8EncodedKeySpec.

这篇关于在Java中使用RSA私钥加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！