0
我无法添加带有2048位密钥的证书到Bouncy Castle KeyStore。我用UnlimitedJCEPolicyJDK7.zip更新了我的JCE版本,包括JRE和JDK安全文件夹。下面的代码表明错误的位置。我正在使用bcprov-jdk15on-149,但尝试过bcprov-jdk15on-157,结果相同。有许多关于对称加密问题的帖子,但是PKE上的帖子较少。我正在运行Windows 10 Pro,JRE 7和JDK 1.7.0_51。我会很感激任何建议。InvalidKeyException:非法密钥大小保存BouncyCastle但不是默认提供程序公钥
char[] testPass = "changeit".toCharArray();
String testAlias = "express";
// -----------------------------------------------------------------
// Open source TrustStore and extract certificate and key
FileInputStream jksFis = new FileInputStream("G:\\testSrc.jks");
KeyStore jksKS = KeyStore.getInstance(KeyStore.getDefaultType());
jksKS.load(jksFis, testPass);
PrivateKey jksPK = (PrivateKey) jksKS.getKey(testAlias,testPass);
RSAKey rsaKey = (RSAKey)jksPK;
int rsaKeyLen = rsaKey.getModulus().bitLength();
System.out.printf("Key length is %d\n",rsaKeyLen); // 2048
X509Certificate[] jksCerts = new X509Certificate[1];
jksCerts[0] = (X509Certificate) jksKS.getCertificate(testAlias);
// -----------------------------------------------------------------
// Create new default type keystore and add certificate and key.
KeyStore jksDest = KeyStore.getInstance(KeyStore.getDefaultType());
jksDest.load(null,null);
jksDest.setKeyEntry(testAlias, jksPK, testPass, jksCerts);
FileOutputStream jfos = new FileOutputStream("G:\\testDest.jks");
jksDest.store(jfos, testPass);
jfos.close();
// -----------------------------------------------------------------
// Create Bouncy Castle KeyStore and add certificate and key
Security.addProvider(new BouncyCastleProvider());
KeyStore bksKS = KeyStore.getInstance("PKCS12","BC");
bksKS.load(null,null);
bksKS.setKeyEntry(testAlias, jksPK, testPass, jksCerts);
FileOutputStream bksFos = new FileOutputStream("G:\\testDest.bks");
// -----------------------------------------------------------------
// Next line gives this error:
// java.io.IOException: exception encrypting data -
// java.security.InvalidKeyException: Illegal key size
bksKS.store(bksFos, testPass); // This is the error line.
// Error on previous line.
的RSA密钥长度是不是这里的问题,也被用于密钥库的加密在Java 7 RSA密钥长度,但对称密钥没有限制,而这些都是为JKS和PKCS12不同。只是为了确保:在你的代码中添加一个支票来实现无限的强度策略,像这样:https://stackoverflow.com/a/11541337/2672392 – Omikron
非常感谢,Omikron。我跟随你的链接,并在我的回答下面的问题的结果更改发布到代码。 – Will