BouncyCastle 找不到它提供的算法?
我正在玩 BouncyCastle 1.46 令我惊讶的是,下面代码片段中的 catch-block 经常被绊倒。
Security.addProvider(new BouncyCastleProvider());
final Set<String> found = new HashSet<String>();
final Set<String> missing = new HashSet<String>();
final DefaultSignatureAlgorithmIdentifierFinder finder = new DefaultSignatureAlgorithmIdentifierFinder();
for (Service service : new BouncyCastleProvider().getServices()) {
if ("Signature".equals(service.getType())) {
final String algorithm = service.getAlgorithm();
try {
finder.find(algorithm);
found.add(algorithm);
} catch (IllegalArgumentException ex) {
missing.add(algorithm);
}
}
}
System.out.println("Found: " + found);
System.out.println("Missing: " + missing);
我似乎无法通过 Finder 使用大多数算法,即使存在提供这些算法的服务。我做错了什么?
更新我对代码做了一些更改,以更好地说明问题。可能有趣的是我使用的是 JDK1.5 版本的 BouncyCastle。上面的代码给出了以下输出:
Found: [RIPEMD256WithRSAEncryption, MD5WithRSAEncryption, MD2WithRSAEncryption, SHA384WithRSAEncryption, SHA224WITHECDSA, SHA384WITHDSA, SHA256WITHDSA, SHA512WithRSAEncryption, SHA512WITHDSA, RIPEMD160WithRSAEncryption, SHA224WithRSAEncryption、SHA256WITHECDSA、RIPEMD128WithRSAEncryption、SHA384WITHECDSA、SHA256WithRSAEncryption、SHA512WITHECDSA、SHA1WithRSAEncryption、SHA224WITHDSA]
缺少:[SHA1WITHECNR、NONEwithECDSA、ECDSA、 SHA512withRSA/PSS、RIPEMD160WITHECDSA、RSA、GOST3410、SHA256WITHECNR、MD5withRSA/ISO9796-2、SHA1WITHCVC-ECDSA、SHA384withRSA/PSS、SHA1withRSA/PSS、MD4WithRSAEncryption、RSASSA-PSS、SHA512WITHECNR、 SHA256WITHCVC-ECDSA、SHA1withRSA/ISO9796-2、SHA224withRSA/PSS、SHA224WITHHCVC-ECDSA、RAWRSASSA-PSS、SHA256withRSA/PSS、NONEWITHDSA、SHA384WITHECNR、RIPEMD160withRSA/ISO9796-2、DSA、 ECGOST3410,SHA224WITHECNR,1.2.840.113549.1.1.10]
I'm playing around with BouncyCastle 1.46 To my surprise, the catch-block in the snippet below is tripped quite often.
Security.addProvider(new BouncyCastleProvider());
final Set<String> found = new HashSet<String>();
final Set<String> missing = new HashSet<String>();
final DefaultSignatureAlgorithmIdentifierFinder finder = new DefaultSignatureAlgorithmIdentifierFinder();
for (Service service : new BouncyCastleProvider().getServices()) {
if ("Signature".equals(service.getType())) {
final String algorithm = service.getAlgorithm();
try {
finder.find(algorithm);
found.add(algorithm);
} catch (IllegalArgumentException ex) {
missing.add(algorithm);
}
}
}
System.out.println("Found: " + found);
System.out.println("Missing: " + missing);
I appear to be unable to use most of the algorithms through the Finder, even though Services exist that provide those algorithms. What am I doing wrong?
Update I've changed the code a little to illustrate the issue better. What might be of interest is that I am using the JDK1.5 version of BouncyCastle. The code above gives this output:
Found: [RIPEMD256WithRSAEncryption, MD5WithRSAEncryption, MD2WithRSAEncryption, SHA384WithRSAEncryption, SHA224WITHECDSA, SHA384WITHDSA, SHA256WITHDSA, SHA512WithRSAEncryption, SHA512WITHDSA, RIPEMD160WithRSAEncryption, SHA224WithRSAEncryption, SHA256WITHECDSA, RIPEMD128WithRSAEncryption, SHA384WITHECDSA, SHA256WithRSAEncryption, SHA512WITHECDSA, SHA1WithRSAEncryption, SHA224WITHDSA]
Missing: [SHA1WITHECNR, NONEwithECDSA, ECDSA, SHA512withRSA/PSS, RIPEMD160WITHECDSA, RSA, GOST3410, SHA256WITHECNR, MD5withRSA/ISO9796-2, SHA1WITHCVC-ECDSA, SHA384withRSA/PSS, SHA1withRSA/PSS, MD4WithRSAEncryption, RSASSA-PSS, SHA512WITHECNR, SHA256WITHCVC-ECDSA, SHA1withRSA/ISO9796-2, SHA224withRSA/PSS, SHA224WITHCVC-ECDSA, RAWRSASSA-PSS, SHA256withRSA/PSS, NONEWITHDSA, SHA384WITHECNR, RIPEMD160withRSA/ISO9796-2, DSA, ECGOST3410, SHA224WITHECNR, 1.2.840.113549.1.1.10]
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我认为
DefaultSignatureAlgorithmIdentifierFinder是 bcmail API 的一部分。它返回此 API 识别的算法标识符。 (检查加密消息语法)另一方面,充气城堡提供商提供了更多算法。您可以检查DefaultSignatureAlgorithmIdentifierFinder的来源,其中识别的算法是硬编码的:干杯!
I think that
DefaultSignatureAlgorithmIdentifierFinderis part of the bcmail API. It returns algorithm identifiers recognized by this API. (Check Cryptographic Message Syntax) On the other hand the bouncy castle provider provides more algorithms. You may check the source ofDefaultSignatureAlgorithmIdentifierFinderwhere the recognized algorithms are hardcoded:Cheers!
您是否将 BouncyCastle 添加到安全提供商中?你可以用这一行来做到这一点:
Did you add BouncyCastle to the security providers? You can do that with this line:
这个答案与 BouncyCastle 没有直接关系。但是,我认为这对其他人有用:
就我而言,我使用的是 SpongyCastle。我遇到了类似的问题:
org.ehp:无法创建签名者:提供商 SC 不提供 SHA256WITHRSA
at org.ehaaa(SourceFile:101)
事实证明,proguard 正在删除一些必需的类。在 proguard 配置文件中添加以下内容后:
-keep 类 org.spongycastle.** { *;问题
解决了。
This answer is not directly related to BouncyCastle. But, I thought this would be useful for others:
In my case, I was using SpongyCastle. I got a similar problem:
org.e.h.p: cannot create signer: Provider SC does not provide SHA256WITHRSA
at org.e.h.a.a.a(SourceFile:101)
It turned out that proguard was removing some of the required classes. After adding the following in proguard config file:
-keep class org.spongycastle.** { *; }
the problem was resolved.
您可以通过两个步骤将 Bouncy Castle 添加到 Java 平台上的安全提供程序:
1. 将 BC 库(当前为 bcpkix-jdk15on-149.jar、bcprov-jdk15on-149.jar)复制到目录 $JAVA_HOME/jre/lib/ext/
2. 注册 BC 提供程序:编辑文件 $JAVA_HOME/jre/lib/security/java.security 并在行下
添加您的 BC 提供程序
更改其余提供程序的数量。整个提供者块应该类似于:
You can add Bouncy Castle to security providers on Your java platform in two steps:
1. Copy BC librarys (currently bcpkix-jdk15on-149.jar, bcprov-jdk15on-149.jar) to directory $JAVA_HOME/jre/lib/ext/
2. Register BC provider: edit file $JAVA_HOME/jre/lib/security/java.security and under line
add Your BC provider
Change numbers of rest providers. The whole block of providers should be similar to: