.NET系统加密到Bouncy Castle Java解密引发错误
这个问题很难回答,但我需要任何帮助 我正在使用System.Security.Cryptography.Xml对Xml SAML blob进行加密 加密工作正常,但是当它击中另一侧的java库时,他们会得到错误:.NET系统加密到Bouncy Castle Java解密引发错误,java,c#,asp.net,encryption,bouncycastle,Java,C#,Asp.net,Encryption,Bouncycastle,这个问题很难回答,但我需要任何帮助 我正在使用System.Security.Cryptography.Xml对Xml SAML blob进行加密 加密工作正常,但是当它击中另一侧的java库时,他们会得到错误: java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unkno
java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
at javax.crypto.Cipher.unwrap(Unknown Source)
at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown Source)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:680)
at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:611)
at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:761)
at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:512)
at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:439)
at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:400)
at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
如何继续使用我的加密方法:
public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
{
//cert = new X509Certificate2(@"C:\temp\SEI.cer");
XmlElement returnElement;
EncryptedData message = new EncryptedData();
message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
//message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
EncryptedKey key = new EncryptedKey();
key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
key.KeyInfo.AddClause(new KeyInfoX509Data(cert));
var rKey = new RijndaelManaged();
rKey.BlockSize = 128;
rKey.KeySize = 128;
rKey.Padding = PaddingMode.PKCS7;
rKey.Mode = CipherMode.CBC;
key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
message.KeyInfo.AddClause(keyInfo);
message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
returnElement = message.GetXml();
Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));
GetBytesKeyAndData(rKey, assertion.InnerText);
return returnElement;
}
在避开这个错误的时候?EncryptedKey上是否有用于设置填充大小的参数?或者我必须使用Bouncy Castle来指定加密数据的大小吗?我更改了RSA密钥AES加密的密钥包大小 我仍然不了解opensaml java库的加密是如何工作的,在打开它之后,我惊讶于用java设置一个简单的测试环境需要多长时间 故事的寓意:不要对大量数据使用非对称加密。
public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
{
//cert = new X509Certificate2(@"C:\temp\SEI.cer");
XmlElement returnElement;
EncryptedData message = new EncryptedData();
message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256KeyWrapUrl);
//message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
EncryptedKey key = new EncryptedKey();
key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
key.KeyInfo.AddClause(new KeyInfoX509Data(cert));
var rKey = new RijndaelManaged();
rKey.BlockSize = 128;
rKey.KeySize = 128;
rKey.Padding = PaddingMode.PKCS7;
rKey.Mode = CipherMode.CBC;
key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
message.KeyInfo.AddClause(keyInfo);
message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
returnElement = message.GetXml();
Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));
GetBytesKeyAndData(rKey, assertion.InnerText);
return returnElement;
}
您确定您正在使用另一侧的匹配证书吗?听起来您使用的证书用于加密的RSA模比用于解密的RSA模更大。那么是证书不匹配吗?不,我不是肯定的,我不知道他们使用的是哪种证书…应该是我被发送的匹配公共密钥使用Bouncy Castle指定的大小。post将很有帮助。您在Java端使用opensaml库来解密AES密钥和XML内容,这将正常工作。跟踪显示,使用RSA私钥解密AES密钥是一个问题。加密数据的大小不会有问题。正如您所说,密钥对匹配,那么问题就出在C#side。我已经回顾了使用AEs密钥的XML Dsig加密的完整示例,但没有发现实质性的差异。(我不是c#程序员)你能测试一下示例的
解密方法吗?