HSM错误|私钥必须是RSAPrivate(Crt)Key的实例或具有PKCS#8 [英] HSM Error | Private key must be instance of RSAPrivate(Crt)Key or have PKCS#8
本文介绍了HSM错误|私钥必须是RSAPrivate(Crt)Key的实例或具有PKCS#8的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在java.security中添加了sunpkcs11提供程序。
因此,不通过代码添加提供者。
文本被成功加密。
但是,在解密加密文本的同时,我正在下面的错误:
cipher.init(Cipher .DECRYPT_MODE,privateKey);
我在这里缺少什么?
错误:
导致:java.security.InvalidKeyException:私钥必须是RSAPrivate(Crt)密钥或具有PKCS#8编码
at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:101)[sunpkcs11.jar:1.7.0_85]
at sun.security。 (p11KeyFactory.java:132)[sunpkcs11.jar:1.7.0_85] ]
at sun.security.pkcs11.P11RSACipher.implInit(P11RSACipher.java:199)[sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11RSACipher.engineInit(P11RSACipher.java: 168)[sunpkcs11.jar:1.7.0_85]
在javax.crypto.Cipher.init(Cipher.java:1068)[jce.jar:1.7.0_85]
在javax.crypto.Cipher。 init(Cipher.java:1012)[jce.jar:1.7.0_85]在这里输入代码
以下是代码:
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import javax.xml.bind.DatatypeConverter;
import sun.security.pkcs11.SunPKCS11;
public class App {
public static void main(String [] args)throws异常{
try {
String passphrase = mysecretkey;
SunPKCS11 provider = new SunPKCS11(/ home / user / pkcs11.cfg);
KeyStore keystore = KeyStore.getInstance(PKCS11,provider);
keystore.load(null,passphrase.toCharArray());
String textToEncrypt =这是我的文本;
证书cert = keystore.getCertificate(my-SHA1WITHRSA-2048-bits-key);
PublicKey publicKey = cert.getPublicKey();
密码密码= Cipher.getInstance(RSA / ECB / PKCS1Padding,提供者);
cipher.init(Cipher.ENCRYPT_MODE,publicKey);
String encryptedData = DatatypeConverter.printBase64Binary(cipher.doFinal(textToEncrypt.getBytes()));
PrivateKey privateKey =(PrivateKey)keystore.getKey(my-SHA1WITHRSA-2048-bits-key,
passphrase.toCharArray());
cipher.init(Cipher.DECRYPT_MODE,privateKey);
byte [] decodedEncryptedData = DatatypeConverter.parseBase64Binary(encryptedData);
ByteArrayOutputStream stream = new ByteArrayOutputStream();
int blocks = decodedEncryptedData.length / 256;
int offset = 0;
for(int blockIndex = 0; blockIndex< blocks; blockIndex ++){
byte [] nextBlock = getNextBlock(decodedEncryptedData,offset);
stream.write(cipher.doFinal(nextBlock));
offset + = 256;
}
} catch(Exception e){
e.printStackTrace();
}
}
private static byte [] getNextBlock(byte [] cipherText,int offset){
byte [] block = new byte [ 256];
System.arraycopy(cipherText,offset,block,0,256);
返回块;
}
}
解决方案
我如何解决:
这个问题的根本原因是sunpkcs11提供程序被静态和动态加载。
ie
在java.security中,提供者输入以及cfg路径已经添加。
此外,在代码中,提供程序已使用cfg文件重新初始化。 p>
这是导致该问题。
更改后:
SunPKCS11 provider = new SunPKCS11(/ home / user / pkcs11.cfg);
TO:
code> SunPKCS11 sunPKCS11Provider =(SunPKCS11)Security.getProvider(SunPKCS11);
问题已解决。
Error received while decrypting data when private key is retrieved from HSM.
I have added sunpkcs11 provider in java.security. Hence, NOT adding provider via code. Text gets encrypted successfully. However, while decrypting the encrypted text, I am getting below error at below line:
cipher.init(Cipher.DECRYPT_MODE, privateKey);
What is that i am missing here?
Error:
Caused by: java.security.InvalidKeyException: Private key must be instance of RSAPrivate(Crt)Key or have PKCS#8 encoding
at sun.security.pkcs11.P11RSAKeyFactory.implTranslatePrivateKey(P11RSAKeyFactory.java:101) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11KeyFactory.engineTranslateKey(P11KeyFactory.java:132) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11KeyFactory.convertKey(P11KeyFactory.java:65) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11RSACipher.implInit(P11RSACipher.java:199) [sunpkcs11.jar:1.7.0_85]
at sun.security.pkcs11.P11RSACipher.engineInit(P11RSACipher.java:168) [sunpkcs11.jar:1.7.0_85]
at javax.crypto.Cipher.init(Cipher.java:1068) [jce.jar:1.7.0_85]
at javax.crypto.Cipher.init(Cipher.java:1012) [jce.jar:1.7.0_85]enter code here
Below is the code:
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import javax.xml.bind.DatatypeConverter;
import sun.security.pkcs11.SunPKCS11;
public class App {
public static void main(String[] args) throws Exception {
try {
String passphrase = "mysecretkey";
SunPKCS11 provider = new SunPKCS11("/home/user/pkcs11.cfg");
KeyStore keystore = KeyStore.getInstance("PKCS11", provider);
keystore.load(null, passphrase.toCharArray());
String textToEncrypt = "this is my text";
Certificate cert = keystore.getCertificate("my-SHA1WITHRSA-2048-bits-key");
PublicKey publicKey = cert.getPublicKey();
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
String encryptedData = DatatypeConverter.printBase64Binary(cipher.doFinal(textToEncrypt.getBytes()));
PrivateKey privateKey = (PrivateKey) keystore.getKey("my-SHA1WITHRSA-2048-bits-key",
passphrase.toCharArray());
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] decodedEncryptedData = DatatypeConverter.parseBase64Binary(encryptedData);
ByteArrayOutputStream stream = new ByteArrayOutputStream();
int blocks = decodedEncryptedData.length / 256;
int offset = 0;
for (int blockIndex = 0; blockIndex < blocks; blockIndex++) {
byte[] nextBlock = getNextBlock(decodedEncryptedData, offset);
stream.write(cipher.doFinal(nextBlock));
offset += 256;
}
} catch (Exception e) {
e.printStackTrace();
}
}
private static byte[] getNextBlock(byte[] cipherText, int offset) {
byte[] block = new byte[256];
System.arraycopy(cipherText, offset, block, 0, 256);
return block;
}
}
解决方案
How I resolved:
Root cause of this issue was that sunpkcs11 provider was getting loaded both statically and dynamically.
i.e. in java.security, provider entry along with cfg path was already added.
Also, in code, provider was initialized again with the cfg file.
This was causing the issue.
After changing:
SunPKCS11 provider = new SunPKCS11("/home/user/pkcs11.cfg");
TO:
SunPKCS11 sunPKCS11Provider = (SunPKCS11) Security.getProvider("SunPKCS11");
issue got resolved.
这篇关于HSM错误|私钥必须是RSAPrivate(Crt)Key的实例或具有PKCS#8的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
