我試圖使用從密鑰庫加載的DES密鑰來加密和我得到:集和java.security.KeyStore中的PKCS11獲得DES密鑰
Exception in thread "main" java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11SecretKey
at javax.crypto.Cipher.chooseProvider(Cipher.java:878)
at javax.crypto.Cipher.init(Cipher.java:1213)
at javax.crypto.Cipher.init(Cipher.java:1153)
,這是我的代碼:
public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, IllegalBlockSizeException, InvalidKeyException, BadPaddingException, NoSuchPaddingException, IOException, CertificateException {
Provider provider = new sun.security.pkcs11.SunPKCS11(DesSaveLoad.class.getClassLoader().getResourceAsStream("pkcs11.cfg"));
Security.removeProvider(provider.getName());
Security.insertProviderAt(provider, 1);
KeyStore keyStore = KeyStore.getInstance("PKCS11", provider);
keyStore.load(null, null);
SecretKey desKey = desGenerateKey();
keyStore.setKeyEntry("t1", desKey, null, null);
SecretKey t1 = (SecretKey) keyStore.getKey("t1", null);
byte[] messageBytes = "message".getBytes();
desEncrypt(messageBytes, 0, messageBytes.length, desKey);
desEncrypt(messageBytes, 0, messageBytes.length, t1); //Exception is thrown here
}
public static SecretKey desGenerateKey() throws NoSuchAlgorithmException {
KeyGenerator keygenerator = null;
keygenerator = KeyGenerator.getInstance("DES");
return keygenerator.generateKey();
}
public static byte[] desEncrypt(byte[] plainText, int offset, int size, SecretKey key) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
Cipher cipher;
if (size % 8 != 0) {
cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
} else {
cipher = Cipher.getInstance("DES/ECB/NoPadding");
}
cipher.init(Cipher.ENCRYPT_MODE, key);
return cipher.doFinal(plainText, offset, size);
}
正如你所看到的,使用生成的DES密鑰進行加密時不會引發異常。
當你插入一個供應商的第一個,你可以隱藏默認的Java供應商。這可能是有利的,並會導致像觀察到的那樣的錯誤。你是否真的需要在提供者列表的開頭插入你的自定義提供者? – Jk1
@ Jk1不正確,那不是自定義提供程序,並且它在延遲提供程序選擇方面表現良好(實際上,它觸發了延遲提供程序選擇)。 –
@owlstead,感謝您的注意。這是一個普通的老式SunPKCS11,我的太糟糕了 – Jk1