logo标签列表

"RSA/ECB/OAEPWITHSHA256ANDMGF1PADDING"和"RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING"之间的区别是什么?

javaencryptionbouncycastlepkcs#11
3
据我所知,它们都是相同的,但是一个在一台电脑上工作,而相同的代码在另一台机器上显示:javax.crypto.NoSuchPaddingException: OAEPWITHSHA-256ANDMGF1PADDING不可用于RSA。当我从名称(OAEPWITHSHA256ANDMGF1PADDING)中删除破折号-时,它开始在另一台机器上运行,但会导致其他行填充错误异常。可能的原因是什么?提示的示例代码:我正在使用jdk1.7.0_71 32位
private byte[] decryptSecretKeyData(byte[] encryptedSecretKey, byte[] iv, PrivateKey privateKey) throws Exception 
{
    try {

        Provider provider= new sun.security.pkcs11.SunPKCS11(keyStoreFile1);
        Security.addProvider(provider);

        LOG.info("**************Inside decryptSecretKeyData***********************");
        Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING", provider);
        
        // decrypting the session key with rsa no padding.
        rsaCipher.init(Cipher.DECRYPT_MODE, privateKey); 

        /* The reason is RSA OAEP SHA256 is not supported in HSM. */
        byte[] decKey = rsaCipher.doFinal(encryptedSecretKey);

        OAEPEncoding encode = new OAEPEncoding(new RSAEngine(), new SHA256Digest(), iv);
        LOG.info("******************RSAPublicKey rsaPublickey = (*****************************");
        
        java.security.interfaces.RSAPublicKey rsaPublickey = (java.security.interfaces.RSAPublicKey) publicKeyFile;
        RSAKeyParameters keyParams = new RSAKeyParameters(false, rsaPublickey.getModulus(), EXPONENT);
        encode.init(false, keyParams);

        LOG.info("******************encode.processBlock(decKey, 0, decKey.length);************************");
        byte decryptedSecKey[] = encode.processBlock(decKey, 0, decKey.length);

        return decryptedSecKey;
    } catch (InvalidCipherTextException e) {
        LOG.info("*******************Failed to decrypt AES secret key using RSA :**********************");
        throw new Exception("Failed to decrypt AES secret key using RSA :" + e.toString());
    }

}
请提供一些代码... - xmoex
3个回答
3
RSA/ECB/OAEPWITHSHA256ANDMGF1PADDINGRSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING是不同的别名,但两者都指的是相同的算法,因此从这个意义上讲它们没有区别。
问题在于您正在使用PKCS#11(加密令牌接口)来加密数据。根据Java PKCS#11参考文档
引用如下:

The Sun PKCS#11 provider, in contrast to most other providers, does not implement cryptographic algorithms itself. Instead, it acts as a bridge between the Java JCA and JCE APIs and the native PKCS#11 cryptographic API, translating the calls and conventions between the two. This means that Java applications calling standard JCA and JCE APIs can, without modification, take advantage of algorithms offered by the underlying PKCS#11 implementations, such as, for example,

Cryptographic Smartcards, Hardware cryptographic accelerators, and High performance software implementations. Note that Java SE only facilitates accessing native PKCS#11 implementations, it does not itself include a native PKCS#11 implementation. However, cryptographic devices such as Smartcards and hardware accelerators often come with software that includes a PKCS#11 implementation, which you need to install and configure according to manufacturer's instructions.

总之,如果您正在使用PKCS#11,则算法的使用取决于供应商的本地实现(在Windows上为.dll,在Linux上为.so …),有时还取决于特定的程序连接器,因此:请检查您在两台计算机上是否使用相同的驱动程序/程序版本来使用您的PKCS#11令牌,并且两者都正确安装,因为可能其中一个存在错误,这将导致您无法正确使用RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING
希望这可以帮助到您,
1

这两种算法由不同的安全提供者提供。

RSA/ECB/OAEPWITHSHA256ANDMGF1PADDING

由Bouncy Castle提供者提供,而

RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING

由SUN JCE提供者提供。在我们的情况下,我们能够成功地使用Bouncy Castle提供者的算法,但如果我将其替换为SUN JCE算法,则会出现以下错误:

Exception in thread "main" javax.crypto.BadPaddingException: lHash mismatch
at sun.security.rsa.RSAPadding.unpadOAEP(RSAPadding.java:425)
at sun.security.rsa.RSAPadding.unpad(RSAPadding.java:274)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:382)
1
情况更为复杂。RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING由SunJCE提供。RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING由BC提供。然而,如果在SunJCE提供程序之前安装了BC(使用Security.installProviderAt),则BC可以接管并充当RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING的提供程序。不幸的是,BC没有像SunJCE那样参数化此算法。因此,BC实现的该算法与SunJCE提供的算法不同,这将导致填充错误。SunJCE RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING使用SHA-1作为MGF1函数和SHA-256作为标签哈希(几乎总是一个空字节数组,因此是静态值)。BC RSA/NONE/OAEPWITHSHA256ANDMGF1PADDING使用SHA-256作为MGF1函数和SHA-256作为标签哈希。如果要求提供RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING,则BC也将使用相同的参数。
建议:始终明确指定安全提供程序,以确保使用正确的提供程序。或者明确指定OAEP参数,不要依赖默认值(建议)。
我已向BC报告了此问题,所以可能会得到修复。
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接