Java 异常解包裹密钥:错误填充:解密错误
我正在尝试解密一个文件“test.txt.p7b”,该文件使用JKS中的证书进行加密 我在调试代码时收到此错误。如果有人能解释这一错误的原因,我将不胜感激。是我的钥匙出了问题还是我的代码出了问题(大多数情况下,我相信是的)。非常感谢 错误消息如下所示Java 异常解包裹密钥:错误填充:解密错误,java,encryption,jks,Java,Encryption,Jks,我正在尝试解密一个文件“test.txt.p7b”,该文件使用JKS中的证书进行加密 我在调试代码时收到此错误。如果有人能解释这一错误的原因,我将不胜感激。是我的钥匙出了问题还是我的代码出了问题(大多数情况下,我相信是的)。非常感谢 错误消息如下所示 Exception in thread "main" org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: Decryption error at
Exception in thread "main" org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: Decryption error
at org.bouncycastle.cms.jcajce.JceKeyTransRecipient.extractSecretKey(Unknown Source)
at org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.KeyTransRecipientInformation.getRecipientOperator(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContentStream(Unknown Source)
at org.bouncycastle.cms.RecipientInformation.getContent(Unknown Source)
at TestingB.decryptData(TestingB.java:299)
at TestingB.main(TestingB.java:161)
Caused by: org.bouncycastle.operator.OperatorException: bad padding: Decryption error
at org.bouncycastle.operator.jcajce.JceAsymmetricKeyUnwrapper.generateUnwrappedKey(Unknown Source)
... 7 more
Caused by: javax.crypto.BadPaddingException: Decryption error
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:363)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:389)
at javax.crypto.Cipher.doFinal(Cipher.java:2121)
... 8 more
这是我的解密代码
FileInputStream fIn = new FileInputStream(_keyStorePath);
KeyStore keystore = KeyStore.getInstance("JKS");
keystore.load(fIn, _password);
PrivateKey key = (PrivateKey) keystore.getKey("def","123456".toCharArray());
fIn.close();
File file = new File("C:\\1_Eclipse\\1_CS\\Encrypted\\test.txt.p7b");
FileInputStream fileInputStream = new FileInputStream(file);
byte[] encryptedAndSignedByte = new byte[(int)file.length()];
fileInputStream.read(encryptedAndSignedByte);
fileInputStream.close();
X509Certificate cert9 = (X509Certificate) keystore.getCertificate("abc");
KeyTransRecipientId recId = new JceKeyTransRecipientId(cert9.getIssuerX500Principal(), cert9.getSerialNumber());
CMSEnvelopedData enveloped = new CMSEnvelopedData(encryptedAndSignedByte);
RecipientInformationStore recipients = enveloped.getRecipientInfos();
RecipientInformation recipient = recipients.get(recId);
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient(key);
ter.setContentProvider(BouncyCastleProvider.PROVIDER_NAME);
System.out.println("content : " + recipient.getContent(ter));
从这里我看不出哪里出了问题,但错误发生在RSA私钥对对称密钥进行解密的过程中 CMS是一种容器格式。它包含一系列处理或封装数据的方法。如果您有一个封装容器,那么其中的数据不会直接用RSA公钥加密。而是使用随机对称密钥(通常称为数据密钥甚至会话密钥)对其进行加密。然后使用公钥对该对称密钥进行加密 RSA encryption首先填充数据,然后使用公共指数执行模幂运算。解密包括带私有指数的模幂运算和不加幂运算。现在,无论数据或指数的值是多少,模幂运算总是成功的。因此,如果数据或密钥无效,则填充异常是唯一的指示 由于容器中的数据可能是有效的(如果不是,您可能会看到解码错误),因此私钥更可能与公钥不匹配。它不排除CMS库的执行错误,但是如果CMS库被测试得很好,我会认为不太可能。 所以我会怀疑你的键值,而不是你的代码——当然,在读写你的键值的代码中也可能有错误
总之,我肯定会首先修复代码中的流处理。仅仅创建一个
encryptedAndSignedByte
缓冲区并调用read
一次是非常幼稚的。如果修复了这个错误,请告诉我们。我已经修改了代码,但同样的问题也发生了。我相信加密部分不会有任何问题
解密代码:
public static void decrypt(final InputStream is, OutputStream os, Key key, String providerName) throws Exception {
final InputStream bis = new BufferedInputStream(is, bufferSize);
final OutputStream bos = new BufferedOutputStream(os, bufferSize);
final Iterator it = new CMSEnvelopedDataParser(bis).getRecipientInfos().getRecipients().iterator();
if (it.hasNext()) {
final RecipientInformation recipient = (RecipientInformation)it.next();
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient((PrivateKey) key);
final CMSTypedStream recData = recipient.getContentStream(ter);
final InputStream ris = recData.getContentStream();
fromInToOut(ris, bos);
}
os.close();
}
在班上
new File("C:\\1_Eclipse\\1_CS\\Encrypted\\test_result.txt");
FileOutputStream E_fileOuputStream = new FileOutputStream("C:\\1_Eclipse\\1_CS\\Encrypted\\test_result.txt");
FileInputStream E_fileInputStream = new FileInputStream("C:\\1_Eclipse\\1_CS\\Encrypted\\test.txt.p7b");
decrypt(E_fileInputStream,E_fileOuputStream,key,"BC");
我相信这个错误是由我解密的这一部分造成的
final RecipientInformation recipient = (RecipientInformation)it.next();
JceKeyTransEnvelopedRecipient ter = new JceKeyTransEnvelopedRecipient((PrivateKey) key);
final CMSTypedStream recData = recipient.getContentStream(ter);
嗨,谢谢。我现在可以解密文件了。:)非常感谢。这是关键问题。我上面的代码看起来很好,很高兴你把它解决了,CSSC,别忘了接受答案。你知道,我完全错过了这个,因为它是作为一个答案发布的。不要将答案作为问题的后续行动。创建新答案或修改当前答案。