jce | 易学教程

How to read a password encrypted key with java?

阅读更多关于 How to read a password encrypted key with java?

问题 I have private key stored in file in PKCS8 DER format and protected by password. What is the easiest way to read it? Here is the code I use to load unencrypted one: InputStream in = new FileInputStream(privateKeyFilename); byte[] privateKeydata = new byte[in.available()]; in.read(privateKeydata); in.close(); KeyFactory privateKeyFactory = KeyFactory.getInstance("RSA"); PKCS8EncodedKeySpec encodedKeySpec = new PKCS8EncodedKeySpec(privateKeydata); PrivateKey privateKey = privateKeyFactory

JVM组成1

阅读更多关于 JVM组成1

作用用来动态加载class文件到内存当中分类 BootStrapClassLoader：称为启动类加载器，是Java类加载层次中最顶层的类加载器，负责加载JDK中的核心类库，如：rt.jar、resources.jar、charsets.jar、sunrsasign.jar、jsse.jar、jce.jar等（加载jdk/jre/lib/下的部分jar包以及jdk/jre/classes下的class文件） ExtensionClassLoader：称为扩展类加载器，负责加载Java的扩展类库，默认加载jdk/jre/lib/ext/目下的所有jar AppClassLoader：称为系统类加载器，负责加载应用程序classpath目录下的所有jar和class文件用户还可以根据需要定义自已的ClassLoader，自定义的ClassLoader都必须继承自java.lang.ClassLoader类（包括Java提供Extension ClassLoader和App ClassLoader） Bootstrap ClassLoader不继承ClassLoader，因为它不是一个普通的Java类，底层由C++编写，已嵌入到了JVM内核当中。当JVM启动后，Bootstrap ClassLoader也随着启动，负责加载完核心类库后，并构造Extension

NoSuchAlgorithmException: Algorithm HmacSHA1 not available

阅读更多关于 NoSuchAlgorithmException: Algorithm HmacSHA1 not available

问题 Look at the following line of java: Mac.getInstance("HmacSHA1"); If I put this in a simple test program, it runs without problems on my server. However, if I use this line in a container, I get java.security.NoSuchAlgorithmException: Algorithm HmacSHA1 not available at javax.crypto.Mac.getInstance(DashoA13*..) The same JDK installation is used in both cases. After googling around a bit, I managed to get it to work by doing two things: Copying sunjce_provider.jar from $JAVA_HOME/jre/lib/ext to

Check for JCE Unlimited Strength Jurisdiction Policy files [duplicate]

阅读更多关于 Check for JCE Unlimited Strength Jurisdiction Policy files [duplicate]

问题 This question already has answers here : Checking if Unlimited Cryptography is available (9 answers) Closed 5 years ago . I am usure if the JCE Unlimited Strength Jurisdiction Policy files have been installed correctly in the JVM (because some other part of the system behaves as if they weren't). Can someone supply a code sample that I can use to check if those files are actually being used by the JVM? 回答1: I found that it can be tested with the following code snippet: int maxKeyLen = Cipher

ECDHE cipher suites not supported on OpenJDK 8 installed on EC2 Linux machine

阅读更多关于 ECDHE cipher suites not supported on OpenJDK 8 installed on EC2 Linux machine

When starting jetty-distribution-9.3.0.v20150612 with openjdk 1.8.0_51 running on an EC2 Amazon Linux machine, is prints that all configured ECDHE suites are not supported. 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not supported 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 not supported 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 not supported 2015-08-12 16:51:20 main SslContextFactory [INFO] Cipher TLS_ECDHE_RSA_WITH_AES_128_GCM

How does one convert a public EC code point and curve name into a PublicKey?

阅读更多关于 How does one convert a public EC code point and curve name into a PublicKey?

问题 I have two 32 byte long byte arrays representing the X and Y values for an EC Public Key. I know that the curve is the named curve "prime256v1". How can I turn that into a Java PublicKey object? The JCE appears to provide no facilities whatsoever to use named curves. Bouncycastle's example code does not appear to compile with any version of bouncycastle I can find. WTF? 回答1: I don't see any way in JCE to use a named curve directly for a key, but it can be used for key generation, and the

Exception in thread “main” java.security.InvalidKeyException: Illegal key size or default parameters [duplicate]

阅读更多关于 Exception in thread “main” java.security.InvalidKeyException: Illegal key size or default parameters [duplicate]

问题 This question already has answers here : InvalidKeyException Illegal key size (5 answers) Closed last year . The code belows is throwing this error message: Exception in thread "main" java.security.InvalidKeyException: Illegal key size or default parameters Cipher dcipher; byte[] salt = new String("12345678").getBytes(); int iterationCount = 1024; int keyStrength = 256; SecretKey key; byte[] iv; Decrypter(String passPhrase) throws Exception { SecretKeyFactory factory = SecretKeyFactory

How to use Bouncy Castle lightweight API with AES and PBE

阅读更多关于 How to use Bouncy Castle lightweight API with AES and PBE

问题 I have a block of ciphertext that was created using the JCE algorithim "PBEWithSHA256And256BitAES-CBC-BC". The provider is BouncyCastle. What I'd like to do it decrypt this ciphertext using the BouncyCastle lightweight API. I don't want to use JCE because that requires installing the Unlimited Strength Jurisdiction Policy Files. Documentation seems to be thin on the ground when it comes to using BC with PBE and AES. Here's what I have so far. The decryption code runs without exception but

How to convert Byte array to PrivateKey or PublicKey type?

阅读更多关于 How to convert Byte array to PrivateKey or PublicKey type?

问题 I am using RSA algorithm to generate public and private key final KeyPairGenerator keyGen = KeyPairGenerator.getInstance(ALGORITHM); keyGen.initialize(1024); final KeyPair key = keyGen.generateKeyPair(); final PrivateKey privateKey=key.getPrivate(); final PublicKey publickey=key.getPublic(); after that these keys are encoded using Base64 encoder and save it into database. How to convert this encoded String to Private and Public Key Type in java is to decrypt file. when decoding this String

Creating an X509 Certificate in Java without BouncyCastle?

阅读更多关于 Creating an X509 Certificate in Java without BouncyCastle?

Is it possible to sanely create an X509 Certificate in Java code without using the Bouncy Castle X509V*CertificateGenerator classes? The ability to sign certificates is not part of a standard Java library or extension. A lot of the code that is needed to do it yourself is part of the core. There are classes to encode and decode X.500 names, X.509 certificate extensions, public keys for various algorithms, and of course, for actually performing the digital signature. Implementing this yourself is not trivial, but it is definitely doable—I probably spent 4 or 5 full days the first time I made a