InvalidKeyException:无效的java密钥格式
我正在尝试从保险库检索公钥。它被作为秘密存储 我正在尝试将检索到的字符串转换为公钥以验证签名 示例公钥字符串如下所示 -----开始公钥------miibitanbgkqhkig9w0baqefaocaq4amiibcqcqbweqvz8ub/o4VQ8nnm888B /YDqv2in5boxupz7njmkut/WPgwlK8+Wc0Xjhy82E51XW6E4/0um8sIQ1cxvoSO QsrfkRagD+O9OrjQbb2TqrilDDhFx9EGjXuZpR3brDUufCG6SkypqiKSaMuoVoax C82TZ1AIP50OSROWT14X/7ZDIF18XWCMBFCDRBB73HBYA4MGTJSSCKC 5nz+GLcWTfz0wze4lwHCi1KYFv+1+WcYHWPLbqLtc8nzVqkuP5Ne/9HAFkaEAIw5 fKLccksaT/TLyIcrALcfuABlgX1yeBulVcbTAp+WiYRvo9+FKK23pbwkh+uy0tq1 阿格姆巴埃= -----结束公钥----- 我已经在我的秘密值中添加了相同的值,并且没有格式设置 但是,对于下面的代码,我遇到了错误InvalidKeyException:行中的密钥格式无效InvalidKeyException:无效的java密钥格式,java,digital-signature,public-key-encryption,public-key,Java,Digital Signature,Public Key Encryption,Public Key,我正在尝试从保险库检索公钥。它被作为秘密存储 我正在尝试将检索到的字符串转换为公钥以验证签名 示例公钥字符串如下所示 -----开始公钥------miibitanbgkqhkig9w0baqefaocaq4amiibcqcqbweqvz8ub/o4VQ8nnm888B /YDqv2in5boxupz7njmkut/WPgwlK8+Wc0Xjhy82E51XW6E4/0um8sIQ1cxvoSO QsrfkRagD+O9OrjQbb2TqrilDDhFx9EGjXuZpR3brDUufCG6Sk
PublicKey publicKey = fact.generatePublic(pubKeySpec);
代码如下:
String publicKeyAsString = secretClient.getSecret("key-name").getValue();
byte[] keyContentAsBytes = publicKeyAsString.getBytes();
KeyFactory fact = KeyFactory.getInstance("RSA");
X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(keyContentAsBytes);
PublicKey publicKey = fact.generatePublic(pubKeySpec);
使用stacktrace编辑:
Caused by: java.security.InvalidKeyException: invalid key format
at sun.security.x509.X509Key.decode(X509Key.java:386) ~[?:?]
at sun.security.x509.X509Key.decode(X509Key.java:401) ~[?:?]
at sun.security.rsa.RSAPublicKeyImpl.<init>(RSAPublicKeyImpl.java:122) ~[?:?]
at sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:330) ~[?:?]
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(RSAKeyFactory.java:235) ~[?:?]
原因:java.security.InvalidKeyException:密钥格式无效
在sun.security.x509.X509Key.decode(X509Key.java:386)~[?:?]
在sun.security.x509.X509Key.decode(X509Key.java:401)~[?:?]
在sun.security.rsa.rsaplickeyimpl.(rsaplickeyimpl.java:122)~[?:?]
在sun.security.rsa.RSAKeyFactory.generatePublic(RSAKeyFactory.java:330)~[?:?]
在sun.security.rsa.RSAKeyFactory.EngineeGeneratePublic(RSAKeyFactory.java:235)~[?:?]
编辑:用于测试的公钥:
-----开始公钥------miibitanbgkqhkig9w0baqefaocaq4amiibcqcqbweqvz8ub/o4VQ8nnm888B
/YDqv2in5boxupz7njmkut/WPgwlK8+Wc0Xjhy82E51XW6E4/0um8sIQ1cxvoSO
QsrfkRagD+O9OrjQbb2TqrilDDhFx9EGjXuZpR3brDUufCG6SkypqiKSaMuoVoax
C82TZ1AIP50OSROWT14X/7ZDIF18XWCMBFCDRBB73HBYA4MGTJSSCKC
5nz+GLcWTfz0wze4lwHCi1KYFv+1+WcYHWPLbqLtc8nzVqkuP5Ne/9HAFkaEAIw5
fKLccksaT/TLyIcrALcfuABlgX1yeBulVcbTAp+WiYRvo9+FKK23pbwkh+uy0tq1
阿格姆巴埃=
-----结束公钥-----
PublicKeyAsString的值如下所示:
-----开始公钥------miibitanbgkqhkig9w0baqefaocaq4amiibcqcqbweqvz8ub/o4VQ8nnm888B
/YDqv2in5boxupz7njmkut/WPgwlK8+Wc0Xjhy82E51XW6E4/0um8sIQ1cxvoSO
QsrfkRagD+O9OrjQbb2TqrilDDhFx9EGjXuZpR3brDUufCG6SkypqiKSaMuoVoax
C82TZ1AIP50OSROWT14X/7ZDIF18XWCMBFCDRBB73HBYA4MGTJSSCKC
5nz+GLcWTfz0wze4lwHCi1KYFv+1+WcYHWPLbqLtc8nzVqkuP5Ne/9HAFkaEAIw5
fKLccksaT/TLyIcrALcfuABlgX1yeBulVcbTAp+WiYRvo9+FKK23pbwkh+uy0tq1
AgMBAAE=----结束公钥-----
起初我认为您的问题与Azure KeyVault Secret API返回的信息有关,通常编码为base 64 在这种情况下,您需要在尝试执行实际关键材料处理之前执行正确的base 64解码:
String publickeyastring=secretClient.getSecret(“密钥名”).getValue();
byte[]keyContentAsBytes=Base64.getDecoder().decode(publicKeyAsString);
但是Azure客户端似乎以纯文本形式向您提供信息
在这种情况下,秘密是pem编码的公钥
标准的KeyFactory
将不允许您对返回的信息进行开箱即用的处理,但只需稍加修改即可。例如,请尝试以下操作:
//实际上
//字符串publicKeyAsString=secretClient.getSecret(“密钥名”).getValue();
字符串publicKeyAsString=
“----开始公钥------\n”+
“miibitanbgkqhkig9w0baqefaocaq4amiibcqkcqbweqvz8ub/o4VQ8nnm888B\n”+
“/ydqv2in5boxupz7njmkut/WPgwlK8+Wc0Xjhy82E51XW6E4/0um8sIQ1cxvoSO\n”+
“QsrfkRagD+O9OrjQbb2TqrilDDhFx9EGjXuZpR3brDUufCG6SkypqiKSaMuoVoax\n”+
“C82TZ1AIP5OSROWT14X/7zDIf1l8XWCmbfCDrBb73hBYA4MgTjsSckC\n”+
“5nz+GLcWTfz0wze4lwHCi1KYFv+1+WcYHWPLbqLtc8nzVqkuP5Ne/9HAFkaEAIw5\n”+
“fKLccksaT/TLyIcrALcfuABlgX1yeBulVcbTAp+WiYRvo9+FKK23pbwkh+uy0tq1\n”+
“AgMBAAE=\n”+
“----结束公钥------”;
字符串publicKeyPem=publickeyastring
.replace(“----开始公钥-------”,“”)
.replaceAll(“\\n”,”)
.replace(“----结束公钥----”);
byte[]keyContentAsBytes=Base64.getDecoder().decode(publicKeyPem);
试一试{
KeyFactory事实=KeyFactory.getInstance(“RSA”);
X509EncodedKeySpec pubKeySpec=新的X509EncodedKeySpec(keyContentAsBytes);
PublicKey PublicKey=fact.generatePublic(pubKeySpec);
System.out.println(公钥);
}捕获(可丢弃的t){
t、 printStackTrace();
}
或者更好地使用BouncyCastlePemReader
执行此任务:
试试看(
读卡器=新的StringReader(publicKeyAsString);
PemReader PemReader=新PemReader(读卡器)
) {
KeyFactory事实=KeyFactory.getInstance(“RSA”);
PemObject PemObject=pemReader.readPemObject();
字节[]keyContentAsBytesFromBC=pemObject.getContent();
X509EncodedKeySpec pubKeySpec=新的X509EncodedKeySpec(keyContentAsBytesFromBC);
PublicKey PublicKey=fact.generatePublic(pubKeySpec);
System.out.println(公钥);
}捕获(可丢弃的t){
t、 printStackTrace();
}
请注意,我在变量publicKeyAsString
的定义中包含了几个回车符,它们是允许程序处理信息所必需的
请验证Azure是否以类似的方式返回pem编码的密钥:如果不是这样,则很可能是问题的原因
另外,请注意,Azure KeyVault在您上传时正在返回机密:可能问题就在那里。请尝试以下操作:
PublicKey PublicKey=。。。
StringWriter编写器=新的StringWriter();
PemWriter PemWriter=新PemWriter(writer);
pemWriter.writeObject(
新对象(“公钥”,publicKey.getEncoded())
);
pemWriter.flush();
pemWriter.close();
字符串publickeyaString=writer.toString();
//上载到Azure KeyVault
这很奇怪@Rohi,应该可以正常工作。请,您能调试由secretClient.getSecret(“key name”).getValue()返回的值吗