Android - SSL/TLS 和 ECC（椭圆曲线加密）

发布于 2025-01-02 01:14:32 字数 2472 浏览 0 评论 0原文

我正在开发一个与网络服务器通信的 Android 应用程序。我们使用 HTTPS 进行此通信，并且 Android 应用程序内还有一个客户端证书用于身份验证。

我们使用 ECC (ANSI x9.62) 创建 SSL 证书，以便拥有非常小的证书，从而减少握手期间的传输成本。

通信的源代码或多或少是这样的：

InputStream keystoreIs = getResources().openRawResource(R.raw.client_bks);
KeyStore keystore = KeyStore.getInstance("BKS");
keystore.load(keystoreIs, KEYSTORE_PASSWORD);

SSLSocketFactory socketFactory = new SSLSocketFactory(keystore, KEYSTORE_PASSWORD,  keystore);
Scheme serverScheme = new Scheme("https", socketFactory, SERVER_PORT);
HttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(iServerScheme);
HttpPost httppost = new HttpPost(SERVER_URL);
HttpResponse response = httpclient.execute(httppost);

问题是，当我们尝试连接时，我们会遇到如下错误：

E/NativeCrypto(4744): Unknown error 5 during connect
W/System.err(4744): java.io.IOException: SSL handshake failure: I/O error during system call, Connection reset by peer
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:316)
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:520)
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:461)
W/System.err(4744):     at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:93)
W/System.err(4744):     at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
W/System.err(4744):     at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
W/System.err(4744):     at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
W/System.err(4744):     at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
(...)

我试图找到一个使用 ECC 和 SSL 的示例，但我没有找到任何东西。我找到了几篇有关加密和密钥对生成的文章（例如 http://nelenkov.blogspot.com/2011/12/using-ecdh-on-android.html#!/2011/12/using-ecdh-on-android.html)但与这种 SSL 类型的错误无关。

我们将不胜感激任何反馈。先感谢您！！

原文

I'm developing an android application which communicates with a web server. We use HTTPS for this communication and we have also a client certificate inside the android application for authentication.

We created SSL certificates using ECC (ANSI x9.62) in order to have very small certificates so we can reduce the transmission cost during handshake.

The source code for the communication is more or less like this:

InputStream keystoreIs = getResources().openRawResource(R.raw.client_bks);
KeyStore keystore = KeyStore.getInstance("BKS");
keystore.load(keystoreIs, KEYSTORE_PASSWORD);

SSLSocketFactory socketFactory = new SSLSocketFactory(keystore, KEYSTORE_PASSWORD,  keystore);
Scheme serverScheme = new Scheme("https", socketFactory, SERVER_PORT);
HttpClient httpclient = new DefaultHttpClient();
httpclient.getConnectionManager().getSchemeRegistry().register(iServerScheme);
HttpPost httppost = new HttpPost(SERVER_URL);
HttpResponse response = httpclient.execute(httppost);

The problem is that when we try to connect we have errors like:

E/NativeCrypto(4744): Unknown error 5 during connect
W/System.err(4744): java.io.IOException: SSL handshake failure: I/O error during system call, Connection reset by peer
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.nativeconnect(Native Method)
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.startHandshake(OpenSSLSocketImpl.java:316)
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl$SSLInputStream.<init>(OpenSSLSocketImpl.java:520)
W/System.err(4744):     at org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl.getInputStream(OpenSSLSocketImpl.java:461)
W/System.err(4744):     at org.apache.http.impl.io.SocketInputBuffer.<init>(SocketInputBuffer.java:93)
W/System.err(4744):     at org.apache.http.impl.SocketHttpClientConnection.createSessionInputBuffer(SocketHttpClientConnection.java:83)
W/System.err(4744):     at org.apache.http.impl.conn.DefaultClientConnection.createSessionInputBuffer(DefaultClientConnection.java:170)
W/System.err(4744):     at org.apache.http.impl.SocketHttpClientConnection.bind(SocketHttpClientConnection.java:106)
W/System.err(4744):     at org.apache.http.impl.conn.DefaultClientConnection.openCompleted(DefaultClientConnection.java:129)
(...)

I trid to find an example with ECC and SSL but I didn't found anything. I found several articles about encryption and key pair generation (for example http://nelenkov.blogspot.com/2011/12/using-ecdh-on-android.html#!/2011/12/using-ecdh-on-android.html) but nothing related to this SSL kind of errors.

We will appreciate any feedback. Thank you in advance!!

分享到QQ

分享到微博