读取DER格式java中的私钥 [英] Read private key in DER format java

问题描述

我有以下代码来读取PKCS＃8格式的私钥

I have the following code to read a private key in PKCS#8 format

public void encryptHash(String hashToEncrypt, String pathOfKey, String Algorithm) {
    FileInputStream fis = null;
    byte[] encodedKey = null;
    try {

        File f = new File(pathOfKey);
        encodedKey = new byte[(int)f.length()];

        fis = new FileInputStream(f);
        fis.read(encodedKey);
        fis.close();

        KeyFactory kf = KeyFactory.getInstance("RSA");
        PrivateKey privateKey = kf.generatePrivate(new PKCS8EncodedKeySpec(encodedKey));

        Signature rsaSigner = Signature.getInstance("SHA1withRSA");
        rsaSigner.initSign(privateKey);

        fis = new FileInputStream(hashToEncrypt);
        BufferedInputStream bis = new BufferedInputStream(fis);
        byte[] buffer = new byte[1024];
        int len = 0;
        while ((len = bis.read(buffer)) >= 0) {
            try {
                rsaSigner.update(buffer, 0, len);
            } catch (SignatureException ex) {
                Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
            }
        }
        bis.close();

        byte[] signature = rsaSigner.sign();

        System.out.println(new String(signature));

    } catch (SignatureException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (InvalidKeyException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (InvalidKeySpecException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (FileNotFoundException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (IOException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } catch (NoSuchAlgorithmException ex) {
        Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
    } finally {
        try {
            fis.close();
        } catch (IOException ex) {
            Logger.getLogger(DataEncryptor.class.getName()).log(Level.SEVERE, null, ex);
        }
    }
}

但我得到了以下例外。

dic 09, 2011 1:59:59 PM firmaelectronica.DataEncryptor encryptHash
Grave: null
java.security.spec.InvalidKeySpecException: java.security.InvalidKeyException: IOException : DER input, Integer tag error
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:217)
    at java.security.KeyFactory.generatePrivate(KeyFactory.java:372)
    at firmaelectronica.DataEncryptor.encryptHash(DataEncryptor.java:40)
    at firmaelectronica.FirmaElectronica.main(FirmaElectronica.java:39)
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer tag error
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:361)
    at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:367)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.<init>(RSAPrivateCrtKeyImpl.java:91)
    at sun.security.rsa.RSAPrivateCrtKeyImpl.newKey(RSAPrivateCrtKeyImpl.java:75)
    at sun.security.rsa.RSAKeyFactory.generatePrivate(RSAKeyFactory.java:316)
    at sun.security.rsa.RSAKeyFactory.engineGeneratePrivate(RSAKeyFactory.java:213)
    ... 3 more

任何想法有什么问题？我在OpenSSL上尝试了这个 openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem 并且它可以工作但是当我想读取DER格式的密钥时它只发送那个例外。

any idea what is wrong? I tried this on OpenSSL openssl pkcs8 -inform DER -in aaa010101aaa_FIEL.key -out aaa010101aaa_FIEL_key.pem and it works but when I want to read the key in DER format it just sends that exception.

推荐答案

最后看看这个帖子使用Java中的RSA私钥进行加密找到了答案。

Well finally looking at this thread Encrypting with RSA private key in Java found the answer.

首先，我必须取消保护密钥，如下所示

First I had to unprotect the key, as follows

openssl pkcs8 -inform DER -in myDERPassProtectedPrivate.key -outform PEM -out myPEMPrivate.key

它告诉我我的密码，然后我有了文件 myPEMPrivate.key 一旦完成，这就开始摆脱保护密钥的密码如下所示

it asked me for my password and then I had the file myPEMPrivate.key Once done this proceed to get rid of the password protecting the key like follows

openssl pkcs8 -topk8 -nocrypt -in myPEMPrivate.key -outform DER -out myNotAnyMoreProtectedPrivate.key

with我现在能够使用上面的代码加载密钥。如果我们想在java中使用密码保护密钥，建议使用密钥库。

with this I'm now able to load the key with the code above. If we want to have a pass-protected key in java it is highly advisable to use a keystore.

P.S。我试图避免使用 openssl pkcs8 -topk8 -nocrypt -inform der -in myderPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key 但我不知道为什么我有错误错误解密密钥我使用WinOpenSSL也许这就是我收到错误的原因。

P.S. I tried to avoid the 2 steps to get rid of the password protecting the key with openssl pkcs8 -topk8 -nocrypt -inform der -in myDERPassProtectedPrivate.key -outform der -out myDERNoPassProtectedPrivate.key but I don't know why I had the error Error decrypting key I used WinOpenSSL maybe that's the reason why I got that error.

这篇关于读取DER格式java中的私钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！