Java 如何创建AES加密的PKCS#8文件?
我试图用AES密钥加密RSA私钥,以使用标准Java库创建PKCS#8文件 当我运行下面的示例代码(使用Java 7)时,我得到一个异常: Exception in thread "main" java.security.NoSuchAlgorithmException: unrecognized algorithm name: AES at sun.security.x509.AlgorithmId.get(AlgorithmId.java:440) at javax.crypto.EncryptedPrivateKeyInfo.(EncryptedPrivateKeyInfo.java:178) at Example.main(Example.java:30)Java 如何创建AES加密的PKCS#8文件?,java,encryption,aes,rsa,pkcs#8,Java,Encryption,Aes,Rsa,Pkcs#8,我试图用AES密钥加密RSA私钥,以使用标准Java库创建PKCS#8文件 当我运行下面的示例代码(使用Java 7)时,我得到一个异常: Exception in thread "main" java.security.NoSuchAlgorithmException: unrecognized algorithm name: AES at sun.security.x509.AlgorithmId.get(AlgorithmId.java:440) at javax.cry
目前,我已经求助于使用BouncyCastle。下面是生成PEM编码、AES加密PKCS#8对象的代码 如果有一个解决方案只使用标准JDK库(并且在Java8之前工作),我仍然感兴趣
示例代码与JDK 8U31下的
AlgorithmParameters AlgorithmParameters=AlgorithmParameters.getInstance(“AES”)
一起使用。另外,您确定要使用Cipher.ENCRYPT\u模式吗?你不应该使用密码。换行模式加密密钥吗?@OlegEstekhin是的,你说得很对!因此,至少Java7似乎存在问题。是的,WRAP_模式
可能更合适。比较一下L507左右和L507左右。Java 7似乎只是缺少了它,尽管它说AES支持算法参数
@OlegEstekhin似乎已经找到了根本原因,谢谢。我没有想到要检查标准名称文档。如果您在回答中总结您的发现,可能会对其他人有所帮助?我很乐意接受这一点。
KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
generator.initialize(1024);
KeyPair keyPair = generator.generateKeyPair();
SecretKey zmkKey = new SecretKeySpec(new byte[16], "AES");
Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
c.init(Cipher.WRAP_MODE, zmkKey, new IvParameterSpec(new byte[16]));
byte[] encryptedPrivateKey = c.wrap(keyPair.getPrivate());
AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance("AES");
algorithmParameters.init(new IvParameterSpec(new byte[16]));
new EncryptedPrivateKeyInfo(algorithmParameters, encryptedPrivateKey); // line 30
final byte[] iv = new byte[16]; // random would be better
OutputEncryptor encryptor = new OutputEncryptor() {
@Override
public OutputStream getOutputStream(OutputStream encOut) {
try {
Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, zmkKey, new IvParameterSpec(iv));
return new CipherOutputStream(encOut, cipher);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Override
public GenericKey getKey() {
return new JceGenericKey(getAlgorithmIdentifier(), zmkKey);
}
@Override
public AlgorithmIdentifier getAlgorithmIdentifier() {
return new AlgorithmIdentifier(
NISTObjectIdentifiers.id_aes128_CBC,
// AES CBC mode requires an IV, specified as an octet string
new DEROctetString(iv));
}
};
PKCS8Generator pkcs8Generator = new JcaPKCS8Generator(keyPair.getPrivate(), encryptor);
StringWriter sw = new StringWriter();
try (PemWriter writer = new PemWriter(sw)) {
writer.writeObject(pkcs8Generator);
}
String pemPKCS8 = sw.toString();