对 Java 安全性和 BouncyCastle API 感到茫然和困惑

【问题标题】:Dazed and confused by Java Security & BouncyCastle APIs对 Java 安全性和 BouncyCastle API 感到茫然和困惑
【发布时间】:2009-01-14 14:33:19
【问题描述】:

我一直在尝试理解适用于 Java 的 BouncyCastle 加密 API。不幸的是,我发现 Java 密码学通常被服务提供者接口和行话所掩盖,以至于我无法理解任何事情的实际作用。我已经尝试反复阅读必要的文档,但它仍然难以理解,引入了许多远远超出我认为应该需要的概念。

我真正想要的是一个执行以下操作的类:

public class KeyPair {
    public byte[] public;
    public byte[] private;
}

public class RSACrypto {
    public static KeyPair generateRSAKeyPair() { /*implementation*/}
    public static byte[] encrypt(byte[] data, byte[] publicKey) { /*impl*/}
    public static byte[] decrypt(byte[] encryptedData, byte[] privateKey) { /*impl*/ }
}

抱歉,如果这是一个非常复杂的问题,可以作为“我真正想要的”提出。非常欢迎任何关于在哪里阅读 Java 密码学和 BouncyCastle 的指针。任何关于 Java 加密系统实际布局的概述都非常受欢迎。

【问题讨论】:

  • 注意:您在上面的 API 中转置了密钥。公钥用于加密,私钥用于解密。
  • 啊。我应该知道这么多。

标签: java cryptography rsa bouncycastle jce


【解决方案1】: 
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;

import javax.crypto.Cipher;

public class RSACrypto
{

  /* A 1024-bit key will encrypt messages up to 117 bytes long. */
  private static final int KEY_SIZE = 1024;

  private static final String XFORM = 
    "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING";

  public static KeyPair generateRSAKeyPair()
    throws GeneralSecurityException
  {
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
    gen.initialize(KEY_SIZE);
    return gen.generateKeyPair();
  }

  public static byte[] encrypt(byte[] plaintext, PublicKey pub)
    throws GeneralSecurityException
  {
    Cipher cipher = Cipher.getInstance(XFORM);
    cipher.init(Cipher.ENCRYPT_MODE, pub);
    return cipher.doFinal(plaintext);
  }

  public static byte[] decrypt(byte[] ciphertext, PrivateKey pvt)
    throws GeneralSecurityException
  {
    Cipher cipher = Cipher.getInstance(XFORM);
    cipher.init(Cipher.DECRYPT_MODE, pvt);
    return cipher.doFinal(ciphertext);
  }

  public static void main(String... argv)
    throws Exception
  {
    KeyPair pair = RSACrypto.generateRSAKeyPair();
    byte[] plaintext = "A short secret message.".getBytes("UTF-8");
    byte[] ciphertext = RSACrypto.encrypt(plaintext, pair.getPublic());
    byte[] recovered = RSACrypto.decrypt(ciphertext, pair.getPrivate());
    System.out.println(new String(recovered, "UTF-8"));
  }

}

【讨论】:

  • 嗯似乎 Cipher 对象是 java...希望它在 BC 中。
【解决方案2】:

嗯,你试过O'Reilly book on Java Cryptography吗? (不能亲自担保)

【讨论】:

    【解决方案3】: 
    import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPairGenerator;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;

import javax.crypto.Cipher;

public class RsaCrypto {

    private static final int KEY_SIZE = 3072;
    private static final String TRANSFORMATION = "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING";

    public static KeyPair generateRSAKeyPair() {
        try {
            KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
            gen.initialize(KEY_SIZE);
            java.security.KeyPair p = gen.generateKeyPair();
            KeyPair pair = new KeyPair();
            pair.privateKey = p.getPrivate().getEncoded();
            pair.publicKey = p.getPublic().getEncoded();
            return pair;
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }

    }

    public static byte[] encrypt(byte[] data, byte[] publicKey) {
        X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(publicKey);
        try {
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PublicKey pk = kf.generatePublic(publicKeySpec);
            Cipher rsa = Cipher.getInstance(TRANSFORMATION);
            rsa.init(Cipher.ENCRYPT_MODE, pk);
            return rsa.doFinal(data);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

    public static byte[] decrypt(byte[] encryptedData, byte[] privateKey) {
        try {
            PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(privateKey);
            RSAPrivateKey pk = (RSAPrivateKey) KeyFactory.getInstance("RSA")
                    .generatePrivate(privSpec);

            Cipher rsaCipher = Cipher.getInstance(TRANSFORMATION);
            rsaCipher.init(Cipher.DECRYPT_MODE, pk);
            return rsaCipher.doFinal(encryptedData);

        } catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

}

    【讨论】:

      猜你喜欢
      • 2010-10-16
      • 1970-01-01
      • 2013-01-17
      • 1970-01-01
      • 1970-01-01
      • 2020-07-01
      • 2012-12-22
      • 1970-01-01
      • 2021-11-28
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode