使用bouncy castle和python PKCS1-OAEP的java RSA加密
一个多星期以来,我一直在用python实现与服务器的RSA安全通信 然而,我无法为所有的罐子找出合适的进口 我已经包括了在bouncy castles网站上找到的所有罐子,但仍然没有骰子 我读到他们到处搬家。如果这段代码是旧的或已损坏的,那么还有什么其他带有pkcs1填充的RSA实现 编辑: 发布密钥位于名为key.pub的文件中。如何读入要用作密钥的文件使用bouncy castle和python PKCS1-OAEP的java RSA加密,java,python,encryption,bouncycastle,public-key,Java,Python,Encryption,Bouncycastle,Public Key,一个多星期以来,我一直在用python实现与服务器的RSA安全通信 然而,我无法为所有的罐子找出合适的进口 我已经包括了在bouncy castles网站上找到的所有罐子,但仍然没有骰子 我读到他们到处搬家。如果这段代码是旧的或已损坏的,那么还有什么其他带有pkcs1填充的RSA实现 编辑: 发布密钥位于名为key.pub的文件中。如何读入要用作密钥的文件 -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQE
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv2B0wo+QJ6tCqeyTzhZ3
AtPLgAHEQ/fRYDcR0BkQ+lXEhD277P2fPZwla5AW6szqsjR1olkZEF7IuoI27Hxm
tQHJU0ROhrzstHgK42emz5Ya3BWcm+oq5pLDZnsNDnNlrPncaCT7gHQQJn3YjH8q
aibtB1WCoy7ZJ127QxoKoLfeonBDtt7Qw6P5iXE57IbQ63oLq1EaYUfg8ZpADvJF
b2H3MASJSSDrSDgrtCcKAUYuu3cZw16XShuKCNb5QLsj3tR0QC++7qjM3VcG311K
7gHVjB6zybw+5vX2UWTgZuL6WVtCvRK+WY7nhL3cc5fmXZhkW1Jbx6wLPK3K/JcR
NQIDAQAB
-----END PUBLIC KEY-----
编辑2:根据答案添加断开的代码
package Main;
import org.bouncycastle.util.encoders.Base64;
import javax.crypto.Cipher;
import javax.xml.bind.DatatypeConverter;
import java.io.*;
import java.net.Socket;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.X509EncodedKeySpec;
public class EncDecRSA {
public static byte[] pemToDer(String pemKey) throws GeneralSecurityException {
String[] parts = pemKey.split("-----");
return DatatypeConverter.parseBase64Binary(parts[parts.length / 2]);
}
public static PublicKey derToPublicKey(byte[] asn1key) throws GeneralSecurityException {
X509EncodedKeySpec spec = new X509EncodedKeySpec(asn1key);
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
return keyFactory.generatePublic(spec);
}
public static byte[] encrypt(PublicKey publicKey, String text) throws GeneralSecurityException {
Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", "BC");//PKCS1-OAEP
rsa.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] cipher = rsa.doFinal(text.getBytes());
String s = new String(cipher);
System.out.print(s);
// return cipher;
// return Base64.encode(rsa.doFinal(text.getBytes()));
cipher = Base64.encode(cipher);
return cipher;
}
static String readFile(String path)
throws IOException
{
String line = null;
BufferedReader br = new BufferedReader(new FileReader(path));
try {
StringBuilder sb = new StringBuilder();
line = br.readLine();
while (line != null) {
sb.append(line);
sb.append("\n");
line = br.readLine();
}
return sb.toString();
} finally {
br.close();
}
}
public static void main(String[] args) throws IOException, GeneralSecurityException {
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
System.out.println("Working Directory = " +
System.getProperty("user.dir"));
String publicKey = readFile("key.public");
byte[] pem = pemToDer(publicKey);
PublicKey myKey = derToPublicKey(pem);
String sendMessage = "{'vid_hash': '917ef7e7be4a84e279b74a257953307f1cff4a2e3d221e363ead528c6b556edb', 'state': 'ballot_response', 'userInfo': {'ssn': '700-33-6870', 'pin': '1234', 'vid': '265jMeges'}}";
byte[] encryptedDATA = encrypt(myKey, sendMessage);
Socket smtpSocket = null;
DataOutputStream os = null;
DataInputStream is = null;
try {
smtpSocket = new Socket("192.168.1.124", 9999);
os = new DataOutputStream(smtpSocket.getOutputStream());
is = new DataInputStream(smtpSocket.getInputStream());
} catch (UnknownHostException e) {
System.err.println("Don't know about host: hostname");
} catch (IOException e) {
System.err.println("Couldn't get I/O for the connection to: hostname");
}
if (smtpSocket != null && os != null && is != null) {
try {
System.out.println("sending message");
os.writeBytes(encryptedDATA+"\n");
os.close();
is.close();
smtpSocket.close();
} catch (UnknownHostException e) {
System.err.println("Trying to connect to unknown host: " + e);
} catch (IOException e) {
System.err.println("IOException: " + e);
}
}
}
}
其中包含以下错误:
下面是实现这一点的python代码:
def _decrypt_RSA(self, private_key_loc, package):
'''
param: public_key_loc Path to your private key
param: package String to be decrypted
return decrypted string
'''
from Crypto.PublicKey import RSA
from Crypto.Cipher import PKCS1_OAEP
from base64 import b64decode
key = open('key.private', "r").read()
rsakey = RSA.importKey(key)
rsakey = PKCS1_OAEP.new(rsakey)
decrypted = rsakey.decrypt(package)
# decrypted = rsakey.decrypt(b64decode(package))
return decrypted
最后:
这是PKCS1-OAEP的填充方案
这是这项工作的主要要求
请注意,我已经使用base64 encode和Now进行了尝试。这个例子是针对BouncyCastle的SpongyCastle-Android重新打包的。正如你所注意到的,它们是不同的。然而,用Java进行加密就这么简单 将Base64编码的密钥字符串转换为ASN.1 DER编码的字节数组
public static byte[] pemToDer(String pemKey) throws GeneralSecurityException {
String[] parts = pemKey.split("-----");
return DatatypeConverter.parseBase64Binary(parts[parts.length / 2]);
}
将ASN.1 DER编码的公钥转换为公钥对象
public static PublicKey derToPublicKey(byte[] asn1key) throws GeneralSecurityException {
X509EncodedKeySpec spec = new X509EncodedKeySpec(asn1key);
KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC");
return keyFactory.generatePublic(spec);
}
加密数据
public static byte[] encrypt(PublicKey publicKey, String text) throws GeneralSecurityException {
Cipher rsa = Cipher.getInstance("RSA/ECB/OAEPWithSHA1AndMGF1Padding", "BC");
rsa.init(Cipher.ENCRYPT_MODE, publicKey);
return rsa.doFinal(text.getBytes());
}
bcprov-jdk15on-150.jar是唯一需要的jar。我已经编辑了我的代码?我使用fileopen和对它的read调用读取文件,但它不允许我将其传递到Encrypt。我在问题中添加了带有错误代码的当前代码。我已将bcprov-jdk15on0150.jar添加到我的项目设置中。RSA无法加密长度超过公钥模数的纯文本。对于您发布的密钥,它是256字节。此外,OAEP填充会消耗42个字节。因此,有可能对长度不超过214字节的文本进行编码。我在python中使用了相同的代码,没有任何问题?可能还有其他问题吗?您应该执行
rsakey.decrypt(b64decode(package))
并确保b64decode(package)
长度为256字节。您正在向对等方发送Base64加密密码文本,然后必须在执行解密之前对其进行Base64解码。生成的消息必须是256字节,否则decrypt将发出抱怨。