如何在Java中使用BouncyCastle正确编码DH参数?
我试图在Java中以编程方式重现“openssl dhparam -out dh1024.pem 1024”命令的输出。代码片段如下: -
DHParametersGenerator generator = new DHParametersGenerator();
generator.init(1024, 0, new SecureRandom());
DHParameters params = generator.generateParameters();
// Generator G is set as random in params, but it has to be 2 to conform to openssl
DHParameters realParams = new DHParameters(params.getP(), BigInteger.valueOf(2));
byte[] p = realParams.getP().toByteArray();
byte[] g = realParams.getG().toByteArray();
byte[] l = new byte[(byte) realParams.getL()];
byte[] pgl = new byte[p.length+g.length+l.length];
System.arraycopy(p, 0, pgl, 0, p.length);
System.arraycopy(g, 0, pgl, p.length, g.length);
System.arraycopy(l, 0, pgl, p.length+g.length, l.length);
所以基本上我将 P、G 和 L 参数的值连接在字节数组“pgl”中,然后使用 BC 的 PEMWriter 类将其保存在文件中。但是当我尝试通过 openssl 使用它时,出现以下错误:-
无法从以下位置加载 DH 参数 /etc/openvpn/easy-rsa/keys/dh1024.pem: 错误:0D07207B:asn1 编码 例程:ASN1_get_object:头太 长:错误:0D068066:asn1编码 例程:ASN1_CHECK_TLEN:坏对象 标头:错误:0D07803A:asn1 编码 例程:ASN1_ITEM_EX_D2I:嵌套asn1 错误:错误:0906700D:PEM 例程:PEM_ASN1_read_bio:ASN1 lib
....这使我相信我错误地编码了 DH 参数,但我无法在任何地方找到对其进行编码的正确方法。有人能帮我吗?我已经把头撞到城堡墙上很多天了,但没有效果……请帮忙:(
I am trying to reproduce the output of "openssl dhparam -out dh1024.pem 1024" command programatically in Java. The code snippet is following:-
DHParametersGenerator generator = new DHParametersGenerator();
generator.init(1024, 0, new SecureRandom());
DHParameters params = generator.generateParameters();
// Generator G is set as random in params, but it has to be 2 to conform to openssl
DHParameters realParams = new DHParameters(params.getP(), BigInteger.valueOf(2));
byte[] p = realParams.getP().toByteArray();
byte[] g = realParams.getG().toByteArray();
byte[] l = new byte[(byte) realParams.getL()];
byte[] pgl = new byte[p.length+g.length+l.length];
System.arraycopy(p, 0, pgl, 0, p.length);
System.arraycopy(g, 0, pgl, p.length, g.length);
System.arraycopy(l, 0, pgl, p.length+g.length, l.length);
So basically I am concatenating the values of P,G and L parameters in a byte array "pgl" and then saving it in a file using the PEMWriter class from BC. But when I try to use it via openssl, I get the following error:-
Cannot load DH parameters from
/etc/openvpn/easy-rsa/keys/dh1024.pem:
error:0D07207B:asn1 encoding
routines:ASN1_get_object:header too
long: error:0D068066:asn1 encoding
routines:ASN1_CHECK_TLEN:bad object
header: error:0D07803A:asn1 encoding
routines:ASN1_ITEM_EX_D2I:nested asn1
error: error:0906700D:PEM
routines:PEM_ASN1_read_bio:ASN1 lib
.... which leads me to believe that I am encoding the DH Parameters wrongly, but I cannot find anywhere the correct way to encode this. Can anyone help me in this? I've been bouncing my head against the castle wall fro many days now but to no avail .... please help :(
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是一个例子。请注意,您不能在
generator.init()中将确定性参数设置为 0,否则您将无法获得质数!我只是通过查看 Bouncycastle 源代码(例如查看 PEMWriter 类)就弄清楚了大部分代码。Here is an example. Note that you cannot set the certainty argument to 0 in
generator.init()or you won't get a prime! Most of this code I figured out just by looking at the Bouncycastle source code, for example look at the PEMWriter class.谢谢 GregS,你的解决方案有效,但我最终使用标准 Java 加上 BC 的 PemWriter 解决了它,虽然你不能用这种方法设置生成器 G = 2,但它仍然适用于 openssl 和 Java,无论如何,这是我最初的目的:)
Thanks GregS, your solution works but I eventually solved it using standard Java plus PemWriter from BC, although you cannot set the Generator G = 2 with this approach, but its still works both with openssl and Java, which was my initial purpose anyway :)