Using BouncyCastle to encrypt with ECIES in Java(在 Java 中使用 BouncyCastle 使用 ECIES 进行加密)
问题描述
我正在尝试使用 Java 中的 BouncyCastle 使用 ECC 算法加密一些内容.但是我收到 BouncyCastle 库的异常,说不能将 JCEECPublicKey
转换为 IESKey
.据我了解, KeyPairGenerator
生成的公钥是 JCEECPublicKey
,不能在 java Cipher.init
方法中使用.有人可以告诉我如何将它转换为公钥或 X509 规范,以便我可以在加密中使用它.
I am trying to encrypt some content using ECC algorithm using BouncyCastle in java. But I am getting exception of BouncyCastle library saying cannot cast JCEECPublicKey
to IESKey
. Which I understood that the public key generated by KeyPairGenerator
is JCEECPublicKey
which cannot be used in java Cipher.init
method. Can someone tell me how can convert it in Public key or X509 spec so that I can use it in encryption.
这是我尝试过的代码
// add instance of provider class
Security.addProvider(new BouncyCastleProvider());
// initializing parameter specs secp256r1/prime192v1
ECParameterSpec ecSpec = ECNamedCurveTable.getParameterSpec("prime192v1");
// key pair generator to generate public and private key
KeyPairGenerator generator = KeyPairGenerator.getInstance("ECDH", new BouncyCastleProvider());
// initialize key pair generator
generator.initialize(ecSpec);
// Key pair to store public and private key
KeyPair keyPair = generator.generateKeyPair();
Cipher iesCipher = Cipher.getInstance("ECIES", new BouncyCastleProvider());
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
我也尝试将公钥转换为 X509EncodedSpec 但我得到同样的异常
Also I tried to convert the public key into X509EncodedSpec but I get same exception
X509EncodedKeySpec spec = new X509EncodedKeySpec(keyPair.getPublic().getEncoded());
KeyFactory factory = KeyFactory.getInstance("ECDH");
PublicKey publicKey = factory.generatePublic(spec);
我得到的例外是
java.lang.ClassCastException: org.bouncycastle.jce.provider.JCEECPublicKey cannot be cast to org.bouncycastle.jce.interfaces.IESKey
at org.bouncycastle.jce.provider.JCEIESCipher.engineGetKeySize(JCEIESCipher.java:49)
at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1057)
at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1015)
at javax.crypto.Cipher.init(Cipher.java:1229)
at javax.crypto.Cipher.init(Cipher.java:1173)
at com.test.EciesTest.main(EciesTest.java:45)
编辑
根据评论,我使用的 JDK 版本是 JDK 7 - Oracle我正在使用的导入语句:
Based on comment the JDK version I am using is JDK 7 - Oracle Import statements I am using:
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.Security;
import java.security.spec.ECGenParameterSpec;
import javax.crypto.Cipher;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
推荐答案
试试以下:
// add instance of provider class
Security.addProvider(new BouncyCastleProvider());
String name = "secp256r1";
// NOTE just "EC" also seems to work here
KeyPairGenerator kpg = KeyPairGenerator.getInstance("ECDH", BouncyCastleProvider.PROVIDER_NAME);
kpg.initialize(new ECGenParameterSpec(name));
// Key pair to store public and private key
KeyPair keyPair = kpg.generateKeyPair();
Cipher iesCipher = Cipher.getInstance("ECIES", BouncyCastleProvider.PROVIDER_NAME);
iesCipher.init(Cipher.ENCRYPT_MODE, keyPair.getPublic());
请注意,在尝试通过 JCE 使用 Bouncy 时,通常最好保留 JCE 类而不是 Bouncy Castle 类.在这种情况下,问题可能是提供给密钥生成器的参数.
And note that in general it is best to keep to JCE classes instead of Bouncy Castle classes when trying to use Bouncy through the JCE. In this case the problem was probably the parameters given to the key generator.
在上面的代码中,我使用了 BouncyCastleProvider.PROVIDER_NAME
但只是 "BC"
当然同样可以正常工作.每次都重新实例化提供者不是一个好主意,尽管它不应该影响最终结果.
In above code I used BouncyCastleProvider.PROVIDER_NAME
but just "BC"
would work equally well of course. Re-instantiating the provider each time is not a good idea, although it should not have influenced the end result.
确保您拥有运行此代码的最新系统.此代码已在以下系统上测试:
Make sure you've got an up to date system to run this code. This code was tested on the following system:
--- runtime information ---
Properties:
java.vendor : Oracle Corporation
java.specification.name : Java Platform API Specification
java.specification.version : 1.8
java.runtime.name : Java(TM) SE Runtime Environment
java.runtime.version : 1.8.0_65-b17
java.vm.name : Java HotSpot(TM) 64-Bit Server VM
Unlimited crypto: yes
--- info for provider Bouncy Castle ---
Bouncy Castle version: 1.520000
Bouncy Castle provider registered: yes
这篇关于在 Java 中使用 BouncyCastle 使用 ECIES 进行加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:在 Java 中使用 BouncyCastle 使用 ECIES 进行加密
基础教程推荐
- 首次使用 Hadoop,MapReduce Job 不运行 Reduce Phase 2022-01-01
- Java 中保存最后 N 个元素的大小受限队列 2022-01-01
- 如何对 HashSet 进行排序? 2022-01-01
- 如何强制对超级方法进行多态调用? 2022-01-01
- Spring Boot Freemarker从2.2.0升级失败 2022-01-01
- 由于对所需库 rt.jar 的限制,对类的访问限制? 2022-01-01
- 如何在不安装整个 WTP 包的情况下将 Tomcat 8 添加到 Eclipse Kepler 2022-01-01
- 如何使用 Stream 在集合中拆分奇数和偶数以及两者的总和 2022-01-01
- 在螺旋中写一个字符串 2022-01-01
- 如何使用 Eclipse 检查调试符号状态? 2022-01-01