使用“RSA / ECB / PKCS7Padding”与弹性城堡 [英] Using "RSA/ECB/PKCS7Padding" with Bouncy Castle

问题描述

我尝试使用RSA / ECB / PKCS7Padding进行加密。它在JCE中不受支持。所以我下载了Bouncy城​​堡，但似乎Bouncy城​​堡也不支持这种转变。以下代码：

  Security.insertProviderAt（new BouncyCastleProvider（），1）; 
 Cipher cipher = Cipher.getInstance（RSA / ECB / PKCS7Padding）; 
  

throws

  Caused by：java.security.NoSuchAlgorithmException：在javax.crypto.Cipher.getInstance（Cipher.java:524）中找不到任何支持RSA / ECB / PKCS7Padding的提供者
 
 .... 
 Caused by：javax.crypto.NoSuchPaddingException：不支持的填充PKCS7Padding 
 at sun.security.pkcs11.P11RSACipher.engineSetPadding（P11RSACipher.java:129）
在javax.crypto.Cipher $ Transform。 setModePadding（Cipher.java:360）
 at javax.crypto.Cipher.getInstance（Cipher.java:517）
 ... 4 more 
   
 
 
 TIA。
解决方案
即使这样的事情存在，使用RSA与PKCS＃7填充或从PKCS＃7填充直接派生的方案将是不安全的（或更准确地说，不会是CPA安全的）。
 
 
 
无限多的可能是客户端不需要PKCS＃7 填充，但加密数据应包含在  CMS邮件格式 中。 PKCS＃7是此格式的前身，PKCS＃7填充只是此规范的一小部分。
 
 
 
 Bouncy Castle包含此格式的实现： p> 
 
 
 
 
 S / MIME和CMS（PKCS7 / RFC 3852）的生成器/处理器。
 
 
目前包含在 bcpkix *  JAR文件中。
 
I tried to use "RSA/ECB/PKCS7Padding" for encryption. It is not supported in JCE. So I downloaded Bouncy Castle but it seems that Bouncy Castle also does not support this transformation. The following codes:
Security.insertProviderAt(new BouncyCastleProvider(), 1);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS7Padding");
throws
Caused by: java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS7Padding
    at javax.crypto.Cipher.getInstance(Cipher.java:524)
    ....
Caused by: javax.crypto.NoSuchPaddingException: Unsupported padding PKCS7Padding
    at sun.security.pkcs11.P11RSACipher.engineSetPadding(P11RSACipher.java:129)
    at javax.crypto.Cipher$Transform.setModePadding(Cipher.java:360)
    at javax.crypto.Cipher.getInstance(Cipher.java:517)
    ... 4 more
Am I doing it correctly?

TIA.
解决方案
Even if such a thing would exist, using RSA with PKCS#7 padding or a scheme directly derived from PKCS#7 padding would be insecure (or, to be more precise, it would not be CPA-secure).

What is infinitely more likely is that the client doesn't require PKCS#7 padding but that the encrypted data should be contained in a CMS message format. PKCS#7 is a predecessor of this format, the PKCS#7 padding is only a small part of this specification.

Bouncy Castle contains an implementation of this format:

  
Generators/Processors for S/MIME and CMS (PKCS7/RFC 3852).
currently contained in the bcpkix* JAR files.

                        
这篇关于使用“RSA / ECB / PKCS7Padding”与弹性城堡的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！