8

我想使用 BouncyCastle 以 pkcs7 格式加密和解密。我有一个硬件令牌。当我在硬盘驱动器的 jks 文件中使用密钥对时,它工作正常,但是当我在令牌中使用密钥对时,它不起作用。这是我的例外:

Exception in thread "main" org.bouncycastle.cms.CMSException: cannot create cipher: No such algorithm: 2.16.840.1.101.3.4.1.2
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createCipher(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper$1.doInJCE(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.execute(Unknown Source)
    at org.bouncycastle.cms.jcajce.EnvelopedDataHelper.createContentCipher(Unknown Source)
    at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
    at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
    at pktb.PKTB.CmsDecrypt(PKTB.java:288)
    at pktb.PKTB.main(PKTB.java:419)
Caused by: java.security.NoSuchAlgorithmException: No such algorithm: 2.16.840.1.101.3.4.1.2
    at javax.crypto.Cipher.getInstance(DashoA13*..)
    at javax.crypto.Cipher.getInstance(DashoA13*..)
    at org.bouncycastle.jcajce.NamedJcaJceHelper.createCipher(Unknown Source)
    ... 10 more
Java Result: 1

这是我的加密代码:

public byte[] CmsEncrypt(byte[] message, KeyContainer keyContainer) throws NoSuchAlgorithmException, NoSuchProviderException, CMSException, IOException
{
    Security.addProvider(new BouncyCastleProvider());
    X509Certificate cert = (X509Certificate) keyContainer.certificate;
    CMSEnvelopedDataGenerator gen = new CMSEnvelopedDataGenerator();
    gen.addKeyTransRecipient(cert);
    CMSProcessable data = new CMSProcessableByteArray(message);
    CMSEnvelopedData enveloped = gen.generate(data,
    CMSEnvelopedDataGenerator.AES128_CBC, "BC");

    return  enveloped.getEncoded();

}

这是我的解密代码:

public byte[] CmsDecrypt(byte[] cipher, KeyContainer keyContainer) throws CMSException, IOException, NoSuchProviderException
    {
        Security.addProvider(new BouncyCastleProvider());
        byte[] contents=null;
        CMSEnvelopedDataParser envelopedDataParser = new CMSEnvelopedDataParser(new ByteArrayInputStream(cipher));
        PrivateKey key =  keyContainer.privateKey;
        X509Certificate cert = keyContainer.certificate;
        CMSEnvelopedData enveloped = new CMSEnvelopedData(cipher);
        Collection recip = enveloped.getRecipientInfos().getRecipients(); 
        KeyTransRecipientInformation rinfo = (KeyTransRecipientInformation) recip  
                    .iterator().next(); 
        if(keyContainer.provider.equals("Software"))
            contents = rinfo.getContent(
                new JceKeyTransEnvelopedRecipient(key).setProvider("BC"));
        else
            contents = rinfo.getContent(
                new JceKeyTransEnvelopedRecipient(key).setProvider("SunPKCS11-" + keyContainer.provider));
        System.out.println(new String(contents));
        return contents;

    }

我必须说我将此令牌提供程序用于 cmsSign 和 cmsVerify 并且它工作正常,因此我认为问题不在于提供程序。

4

1 回答 1

1

您可以使用 PKCS#11 从硬件令牌中提取私钥和公钥,然后使用这些提取的公钥和私钥通过 BouncyCastle PKCS7 加密和解密数据。您使用的是哪个令牌?我也找不到从硬件令牌中提取密钥的代码。通过以下链接中的答案从硬件令牌中提取密钥。点击这里

于 2015-02-20T07:51:39.280 回答