从KeyStore检索SecretKey后,Bouncy Castle PQC XMSS签名:NullPointerException
子车煌
问题内容:
问题答案:
尽管重建的jarsigner为了与PQC签名方案,如工作XMSS提供由JCA
/ JCE提供
BouncyCastle的我碰到一个问题就来了:看来XMSS
PrivateKeys不能再被存储并从磁盘检索后可以用来标志的东西。但是,XMSSMT和SPHINCS私钥可以。为什么呢
供您自己测试的源代码位于底部。您需要2个外部库才能运行:
- 有弹性的城堡提供者
- Bouncy Castle 实用程序库以生成X.509证书
注意:源代码是关于在KeyStore中保存和检索Key的。但是我也尝试将其简单地保存到一个也不起作用的文件中。
我得到的错误:
java.security.SignatureException: java.lang.NullPointerException
at org.bouncycastle.pqc.jcajce.provider.xmss.XMSSSignatureSpi.engineSign(Unknown Source)
at java.base/java.security.Signature.sign(Signature.java:598)
at Main.sign(Main.java:91)
at Main.run(Main.java:71)
at Main.main(Main.java:22)
[主要]
public class Main {
public static String keyStorePath = "myKeyStore.keystore";
public static void main(String[] args) throws InterruptedException {
String[] algs = {"XMSS", "XMSS", "XMSSMT", "XMSSMT", "SPHINCS256"},
digests = {"SHA256", "SHA512", "SHA256", "SHA512", "SHA512"};
for (int i = 0; i < algs.length; i++){
try {
run(algs[i], digests[i]);
}catch (Exception ignore){
ignore.printStackTrace();
Thread.sleep(60); // Wait for print
}
}
}
public static void run(String alg, String digest) throws Exception{
String sigAlg = digest + "with" + alg,
provider = "BCPQC",
keyStoreProvider = "BC",
keyStoreAlias = sigAlg, // for readability
keyStorePassword = "password";
System.out.println("Running " + sigAlg + ".");
// Add providers
addProvider(new String[] {provider, keyStoreProvider});
// Generate KeyPairs
KeyPairGenerator kpg = KeyPairGenerator.getInstance(alg, provider);
initialize(kpg, alg, digest);
KeyPair myKp = kpg.generateKeyPair();
// Sign
sign(myKp.getPrivate(), sigAlg, provider, "Hello World!");
// Generate a self-signed certificate
X509Certificate cert = BCCertGen.generate(myKp.getPrivate(), myKp.getPublic(), 365, sigAlg, true);
// Load a KeyStore
KeyStore keyStore = KeyStore.getInstance("PKCS12", keyStoreProvider);
try {
keyStore.load(new FileInputStream(keyStorePath), keyStorePassword.toCharArray());
}catch (Exception ingore){
// If there is no KeyStore at @keyStorePath
// create an empty one
keyStore.load(null, keyStorePassword.toCharArray());
}
// Store the generated KeyPair with the Certificate in the KeyStore
keyStore.setKeyEntry(keyStoreAlias, myKp.getPrivate(), keyStorePassword.toCharArray(), new X509Certificate[] {cert});
keyStore.store(new FileOutputStream(keyStorePath), keyStorePassword.toCharArray());
// Load the stored PrivateKey from the KeyStore
keyStore.load(new FileInputStream(keyStorePath), keyStorePassword.toCharArray());
PrivateKey privateKey = (PrivateKey) keyStore.getKey(keyStoreAlias, keyStorePassword.toCharArray());
// Sign again
sign(privateKey, sigAlg, provider, "Hello World!");
}
public static void addProvider(String[] providers){
for (String provider : providers) {
switch (provider) {
case "BCPQC":
Security.addProvider(new BouncyCastlePQCProvider());
break;
case "BC":
Security.addProvider(new BouncyCastleProvider());
break;
}
}
}
public static void sign(PrivateKey pk, String sigAlg, String provider , String payload) throws Exception{
Signature signer = Signature.getInstance(sigAlg, provider);
signer.initSign(pk);
signer.update(payload.getBytes());
signer.sign();
System.out.println("Successfully signed");
}
public static void initialize(KeyPairGenerator kpg, String alg, String digest) throws Exception {
switch (alg) {
case "XMSS":
kpg.initialize(new XMSSParameterSpec(4, digest));
break;
case "XMSSMT":
kpg.initialize(new XMSSMTParameterSpec(4, 2, digest));
break;
case "SPHINCS256":
kpg.initialize(new SPHINCS256KeyGenParameterSpec());
break;
case "RSA":
kpg.initialize(new RSAKeyGenParameterSpec(2048, new BigInteger("5")));
break;
}
}
}
[BCCertGen]
public class BCCertGen {
public static String _country = "Westeros",
_organisation = "Targaryen",
_location = "Valyria",
_state = "Essos",
_issuer = "Some Trusted CA";
public BCCertGen(String country, String organisation, String location, String state, String issuer){
_country = country;
_organisation = organisation;
_location = location;
_state = state;
_issuer = issuer;
}
public static X509Certificate generate(PrivateKey privKey, PublicKey pubKey, int duration, String signAlg, boolean isSelfSigned) throws Exception{
Provider BC = new BouncyCastleProvider();
// distinguished name table.
X500NameBuilder builder = createStdBuilder();
// create the certificate
ContentSigner sigGen = new JcaContentSignerBuilder(signAlg).build(privKey);
X509v3CertificateBuilder certGen = new JcaX509v3CertificateBuilder(
new X500Name("cn="+_issuer), //Issuer
BigInteger.valueOf(1), //Serial
new Date(System.currentTimeMillis() - 50000), //Valid from
new Date((long)(System.currentTimeMillis() + duration*8.65*Math.pow(10,7))), //Valid to
builder.build(), //Subject
pubKey //Publickey to be associated with the certificate
);
X509Certificate cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(certGen.build(sigGen));
cert.checkValidity(new Date());
if (isSelfSigned) {
// check verifies in general
cert.verify(pubKey);
// check verifies with contained key
cert.verify(cert.getPublicKey());
}
ByteArrayInputStream bIn = new ByteArrayInputStream(cert.getEncoded());
CertificateFactory fact = CertificateFactory.getInstance("X.509", BC);
return (X509Certificate) fact.generateCertificate(bIn);
}
private static X500NameBuilder createStdBuilder() {
X500NameBuilder builder = new X500NameBuilder(RFC4519Style.INSTANCE);
builder.addRDN(RFC4519Style.c, _country);
builder.addRDN(RFC4519Style.o, _organisation);
builder.addRDN(RFC4519Style.l, _location);
builder.addRDN(RFC4519Style.st, _state);
return builder;
}
}
问题答案:
这是一个已知的问题:https :
//github.com/bcgit/bc-java/issues/380 只需按照建议使用高于161b01的beta版本。
类似资料:
-
问题内容: 尽管重建的jarsigner为了与PQC签名方案,如工作XMSS提供由JCA / JCE提供 BouncyCastle的我碰到一个问题就来了:看来XMSS PrivateKeys不能再被存储并从磁盘检索后可以用来标志的东西。但是,XMSSMT和SPHINCS私钥可以。为什么呢 供您自己测试的源代码位于底部。您需要2个外部库才能运行: 有弹性的城堡提供者 Bouncy Castle 实用
-
问题内容: 我目前正在研究Java中的密钥处理类,尤其是使用KeyStore的类。我正在尝试使用AES实例生成SecretKey,然后使用setEntry()方法将其放置在KeyStore中。 我已经包含了代码的相关部分: 我使用的两个常量也定义为字符串。 我不断收到的异常在我的setEntry()调用中: 我主要将此文档http://docs.oracle.com/javase/7/docs/a
-
问题内容: 是否可以通过使用列的索引来获取列名?我浏览了API文档,但找不到任何东西。 问题答案: 你可以从元数据中获取此信息。参见 例如 你可以从那里获取列名称。如果你这样做 然后也会为你获取检索到的标签名称。
-
但是,在查看REST API文档时,会指出API在将选项卡发送给接收者时检索选项卡的原始值(originalValue)。 这正是我发现的行为。是否存在其他方法来检索签名者输入的数据?
-
问题内容: 使用JDBC时,我经常遇到类似 我问自己(也包括代码作者)为什么不使用标签来检索列值: 我听到的最好的解释是关于性能的。但是实际上,这使处理速度非常快吗?我不相信,尽管我从未进行过测量。我认为,即使按标签检索会稍慢一些,但它仍具有更好的可读性和灵活性。 因此,有人可以给我很好的解释,避免使用列索引而不是列标签来检索列值吗?两种方法的优缺点(也许涉及某些DBMS)是什么? 问题答案: 默
-
在WooCommerce结账页面上,我添加了一个客户必须输入才能结账的额外字段。 我想在woocommerce\u cart\u calculate\u fees操作挂钩中访问此字段的值。 通过使用woocommerce,我尝试了几种方法-