BouncyCastle需要讀取類型爲ecdsa-sha2-nistp256的密鑰

Question

我正在使用sshj（0.19.1）以SSH2連接處理scala應用程序。我可以在eclipse中很好地連接，但是從一個胖罐子運行應用程序，我得到一些錯誤。我最初的錯誤是：

Line 3: TransportException: null 
at net.schmizz.sshj.transport.TransportException$1.chain(33) 
at net.schmizz.sshj.transport.TransportException$1.chain(27) 
at net.schmizz.concurrent.Promise.deliverError(96) 
at net.schmizz.concurrent.Event.deliverError(74) 
at net.schmizz.concurrent.ErrorDeliveryUtil.alertEvents(34) 
at net.schmizz.sshj.transport.KeyExchanger.notifyError(386) 
at net.schmizz.sshj.transport.TransportImpl.die(596) 
at net.schmizz.sshj.transport.Reader.run(68) 

我添加的US_export_policy.jar和local_policy.jar到$ JAVA_HOME/lib/security中。我已經添加了以下嘗試作爲一個提供商註冊BouncyCastle的，

import org.bouncycastle.jce.provider.BouncyCastleProvider 
val bouncyCastle = new BouncyCastleProvider() 
java.security.Security.addProvider(bouncyCastle) 
net.schmizz.sshj.common.SecurityUtils.registerSecurityProvider("org.bouncycastle.jce.provider.BouncyCastleProvider") 

，但我仍然得到以下錯誤：

INFO n.schmizz.sshj.common.SecurityUtils - Registration of Security Provider 'org.bouncycastle.jce.provider.BouncyCastleProvider' unexpectedly failed 
INFO n.schmizz.sshj.common.SecurityUtils - BouncyCastle not registered, using the default JCE provider 
INFO n.s.sshj.transport.random.JCERandom - Creating new SecureRandom. 
WARN net.schmizz.sshj.DefaultConfig - Illegal key size 
WARN net.schmizz.sshj.DefaultConfig - Cannot find any provider supporting Twofish/CBC/NoPadding 
... 
WARN net.schmizz.sshj.DefaultConfig - Illegal key size or default parameters 
WARN net.schmizz.sshj.DefaultConfig - Disabling high-strength ciphers: cipher strengths apparently limited by JCE policy 
INFO n.s.sshj.transport.TransportImpl - Client identity string: SSH-2.0-SSHJ_0.19.1 
INFO n.s.sshj.transport.TransportImpl - Server identity string: SSH-2.0-OpenSSH_6.6.1 
ERROR n.s.sshj.transport.TransportImpl - Dying because - {} 
net.schmizz.sshj.common.SSHRuntimeException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256 
    at net.schmizz.sshj.common.Buffer.readPublicKey(Buffer.java:431) 
    at net.schmizz.sshj.transport.kex.AbstractDHG.next(AbstractDHG.java:66) 
    at net.schmizz.sshj.transport.KeyExchanger.handle(KeyExchanger.java:358) 
    at net.schmizz.sshj.transport.TransportImpl.handle(TransportImpl.java:493) 
    at net.schmizz.sshj.transport.Decoder.decode(Decoder.java:104) 
    at net.schmizz.sshj.transport.Decoder.received(Decoder.java:172) 
    at net.schmizz.sshj.transport.Reader.run(Reader.java:60) 
Caused by: java.security.GeneralSecurityException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256 
    at net.schmizz.sshj.common.KeyType$3.readPubKeyFromBuffer(KeyType.java:120) 
    at net.schmizz.sshj.common.Buffer.readPublicKey(Buffer.java:429) 
    ... 6 common frames omitted 
INFO n.s.sshj.transport.TransportImpl - Disconnected - UNKNOWN 
ERROR net.schmizz.concurrent.Promise - <<kex done>> woke to: net.schmizz.sshj.transport.TransportException: BouncyCastle is required to read a key of type ecdsa-sha2-nistp256 

我運行的罐子爲java -cp ../lib/bcprov-jdk15on-1.51.jar -jar <my jar>，因爲我明白了，你不能把bouncycastle作爲你的胖罐子的一部分作爲提供者。但我不確定我錯過了什麼，我無法將其註冊爲提供商。任何幫助，將不勝感激。

Answer 1

java -jar忽略來自命令行或envvar的類路徑，而是使用指定的jar加上其清單中的任何class-path項。無論是

• 參考 bcprov JAR的清單（但做不像bcprov提供商合併到自己的罐子，你是在說正確的）在你的JRE或

• 放bcprov/lib/ext，因此JVM會在不使用classpath的情況下找到它。

或用java -cp myjar:bcprov mainclassname（;在Windows上）運行的確實使用的類路徑。

我希望你的new BouncyCastleProvider()扔在你的代碼嘗試使用提供程序之前，但我不知道scala，也許這裏不同。

FWIW，如果該項目將升級到5年前（Java 7），則不需要包括ECDSA在內的EC的Bouncy。你仍然需要它Twofish，但我不知道誰（其他人）實施Twofish和我會驚訝，如果有人要求它;你的服務器在這裏標識爲OpenSSH，而不是。