坏填充exception – pkcs11中的RSA / ECB / OAEPWITHSHA-256ANDMGF1PADDING

我的应用程序正在访问e-Token以解密来自服务器的响应

来自服务器的会话密钥使用以下方式加密: –

RSA / ECB / OAEPWITHSHA-256ANDMGF1PADDING

我正在使用SunPKCS11 Provider来实现对加密令牌的访问。 每当我尝试使用上述机制解密时,即使用RSA / ECB / OAEPWITHSHA-256ANDMGF1PADDING,我得到: –

**javax.crypto.BadPaddingException: doFinal() failed at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java:328) at sun.security.pkcs11.P11RSACipher.engineDoFinal(P11RSACipher.java:353) at javax.crypto.Cipher.doFinal(DashoA13*..) 

以下是我的代码: –

 private static final String TRANSFORMATION = "RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING"; private static final String SECURITY_PROVIDER = "BC"; private static final String DIGEST_ALGORITHM = "SHA-256"; private static final String MASKING_FUNCTION = "MGF1"; 

错误发生的代码片段如下: –

 private byte[] decryptSecretKeyData(byte[] encryptedSecretKey, byte[] iv, PrivateKey privateKey) throws Exception { try { Cipher rsaCipher = Cipher.getInstance(TRANSFORMATION, SECURITY_PROVIDER); System.out.println("Cipher block initialized"); - **Printed** PSource pSrc = (new PSource.PSpecified(iv)); System.out.println("PSource inisitialized"); - **Printed** rsaCipher.init(Cipher.DECRYPT_MODE, privateKey, new OAEPParameterSpec(DIGEST_ALGORITHM, MASKING_FUNCTION, MGF1ParameterSpec.SHA256, pSrc)); System.out.println("Here after cipher initilaization"); - **Not Printed*** return rsaCipher.doFinal(encryptedSecretKey); } catch (GeneralSecurityException e) { System.out.println("GeneralSecurityException is "+e.getMessage()); throw new Exception("Failed to decrypt AES secret key using RSA.", e); } } 

我被困在这里,无法解密OAEP转型。

您从加密狗获取不可提取的私钥P11Key.P11PrivateKey 。 它不能在PKCS11提供程序之外使用,因此,SunPKCS11提供程序应该用于具有该密钥的操作。

不幸的是,SunPKCS11提供商不支持OAEP填充,使其更加困难。 加密仍然可以使用BouncyCastle完成,但解密可以在没有填充和SunPKCS11提供程序的情况下完成。 keyLength参数是RSA密钥模数长度(1024,2048等)。

 private void testEncryption(byte[] plainText, PrivateKey privateKey, PublicKey publicKey, int keyLength) throws GeneralSecurityException { System.out.println("Plain text: " + DatatypeConverter.printHexBinary(plainText)); Provider bcProvider = new BouncyCastleProvider(); Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING", bcProvider); rsaCipher.init(Cipher.ENCRYPT_MODE, publicKey); byte[] cipherText = rsaCipher.doFinal(plainText); System.out.println("Cipher text: " + DatatypeConverter.printHexBinary(cipherText)); Provider pkcs11provider = new SunPKCS11("C:\\Users\\manishs525\\pkcs11.cfg"); Cipher rsaCipher2 = Cipher.getInstance("RSA/ECB/NoPadding", pkcs11provider); rsaCipher2.init(Cipher.DECRYPT_MODE, privateKey); byte[] paddedPlainText = rsaCipher2.doFinal(cipherText); /* Ensure leading zeros not stripped */ if (paddedPlainText.length < keyLength / 8) { byte[] tmp = new byte[keyLength / 8]; System.arraycopy(paddedPlainText, 0, tmp, tmp.length - paddedPlainText.length, paddedPlainText.length); System.out.println("Zero padding to " + (keyLength / 8)); paddedPlainText = tmp; } System.out.println("OAEP padded plain text: " + DatatypeConverter.printHexBinary(paddedPlainText)); OAEPParameterSpec paramSpec = new OAEPParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); RSAPadding padding = RSAPadding.getInstance(RSAPadding.PAD_OAEP_MGF1, keyLength / 8, new SecureRandom(), paramSpec); byte[] plainText2 = padding.unpad(paddedPlainText); System.out.println("Unpadded plain text: " + DatatypeConverter.printHexBinary(plainText2)); } 

笔记:

  • 在JDK1.7之前,SunPKCS11未实现RSA / ECB / NoPadding。
  • 此示例使用BouncyCastle 1.50和JDK 1.7进行了测试

我发现问题是SunJCE的密码“ RSA / ECB / OAEPWITHSHA-256ANDMGF1PADDING ”的实现与其他实现不兼容( BouncyCastle / IAIK / PKCS11

设置AlgorithmParameters(使用OAEPParameterSpec)时会抛出exception(javax.crypto.BadPaddingException)

请参阅: 密码问题“RSA / ECB / OAEPWITHSHA-256ANDMGF1PADDING”错误详细信息