Fatal编程技术网
  • java/
  • .NET系统加密到Bouncy Castle Java解密引发错误

.NET系统加密到Bouncy Castle Java解密引发错误

java c# asp.net encryption

.NET系统加密到Bouncy Castle Java解密引发错误,java,c#,asp.net,encryption,bouncycastle,Java,C#,Asp.net,Encryption,Bouncycastle,这个问题很难回答,但我需要任何帮助 我正在使用System.Security.Cryptography.Xml对Xml SAML blob进行加密 加密工作正常,但是当它击中另一侧的java库时,他们会得到错误: java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unkno

这个问题很难回答,但我需要任何帮助

我正在使用System.Security.Cryptography.Xml对Xml SAML blob进行加密

加密工作正常,但是当它击中另一侧的java库时,他们会得到错误:

java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
        at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
        at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
        at javax.crypto.Cipher.unwrap(Unknown Source)
        at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown Source)
        at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:680)
        at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:611)
        at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:761)
        at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:512)
        at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:439)
        at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:400)
        at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
        at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)
如何继续使用我的加密方法:

        public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
    {
        //cert = new X509Certificate2(@"C:\temp\SEI.cer");
        XmlElement returnElement;
        EncryptedData message = new EncryptedData();
        message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
        message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        //message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        EncryptedKey key = new EncryptedKey();
        key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
        key.KeyInfo.AddClause(new KeyInfoX509Data(cert));

        var rKey = new RijndaelManaged();
        rKey.BlockSize = 128;
        rKey.KeySize = 128;
        rKey.Padding = PaddingMode.PKCS7;
        rKey.Mode = CipherMode.CBC;

        key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
        KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
        message.KeyInfo.AddClause(keyInfo);

        message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
        returnElement = message.GetXml();

        Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));

        GetBytesKeyAndData(rKey, assertion.InnerText);


        return returnElement;
    }
在避开这个错误的时候?EncryptedKey上是否有用于设置填充大小的参数?或者我必须使用Bouncy Castle来指定加密数据的大小吗?

我更改了RSA密钥AES加密的密钥包大小

我仍然不了解opensaml java库的加密是如何工作的,在打开它之后,我惊讶于用java设置一个简单的测试环境需要多长时间

故事的寓意:不要对大量数据使用非对称加密。

public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
    {
        //cert = new X509Certificate2(@"C:\temp\SEI.cer");
        XmlElement returnElement;
        EncryptedData message = new EncryptedData();
        message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
        message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256KeyWrapUrl);
        //message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        EncryptedKey key = new EncryptedKey();
        key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
        key.KeyInfo.AddClause(new KeyInfoX509Data(cert));

        var rKey = new RijndaelManaged();
        rKey.BlockSize = 128;
        rKey.KeySize = 128;
        rKey.Padding = PaddingMode.PKCS7;
        rKey.Mode = CipherMode.CBC;

        key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
        KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
        message.KeyInfo.AddClause(keyInfo);

        message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
        returnElement = message.GetXml();

        Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));

        GetBytesKeyAndData(rKey, assertion.InnerText);


        return returnElement;
    }
您确定您正在使用另一侧的匹配证书吗?听起来您使用的证书用于加密的RSA模比用于解密的RSA模更大。那么是证书不匹配吗?不,我不是肯定的,我不知道他们使用的是哪种证书…应该是我被发送的匹配公共密钥使用Bouncy Castle指定的大小。post将很有帮助。您在Java端使用opensaml库来解密AES密钥和XML内容,这将正常工作。跟踪显示,使用RSA私钥解密AES密钥是一个问题。加密数据的大小不会有问题。正如您所说,密钥对匹配,那么问题就出在C#side。我已经回顾了使用AEs密钥的XML Dsig加密的完整示例,但没有发现实质性的差异。(我不是c#程序员)你能测试一下示例的
解密方法吗?