使用openssl进行SMIME加密，使用java bouncy castle解密失败

2018-06-22 15:04:26

嗨，我有一个应用程序，我生成密钥对和x509证书，然后我使用公钥（key.pem）并使用openssl将我的数据加密为smime格式，如图所示。

openssl smime -encrypt -out encrypted_smime.p7m -in token.json out form SMIME key.pem

加密文件看起来像

MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

......

在这之后，我把这个作为serverTokenBytes作为输入提交给我的应用程序，它试图用这个逻辑解密它。

   public static String decryptServerToken(final byte[] serverTokenBytes, final X509Certificate certificate, final PrivateKey privateKey) {
        try {
            final RecipientId recId = new JceKeyTransRecipientId(certificate);
            final Properties props = System.getProperties();
            final Session session = Session.getDefaultInstance(props, null);
            final MimeMessage msg = new MimeMessage(session, new ByteArrayInputStream(serverTokenBytes));
            if (msg.getSize() <= 0 || !(msg.isMimeType("application/pkcs7-mime") || msg.isMimeType("application/x-pkcs7-mime"))) {
                // log error...and throw
            }
            final SMIMEEnveloped m = new SMIMEEnveloped(msg);
            final RecipientInformationStore recipients = m.getRecipientInfos();

            final RecipientInformation recipient = recipients.get(recId);
            if (recipient == null) {
                LOG.error("Error in decrypting the uploaded server token file, the certificate serial number used for encryption differ from the one used for decryption");
                return null;
            }
            final MimeBodyPart res = SMIMEUtil.toMimeBodyPart(recipient.getContent(new JceKeyTransEnvelopedRecipient(privateKey)));
            return res.getContent().toString();
        } catch (final MessagingException | CMSException | SMIMEException | IOException exn) {
            throw new IllegalStateException("Error in decrypting the server token", exn);
        }
    }

出于某种原因，这不起作用，我找回了一个空字符串没有在此代码中提到的错误。

我想知道是否1.使用openssl加密并使用java bouncy castle解密。这个可以吗？

解密不会失败，只是给了我一个空字符串，任何人都可以看到这个代码的任何问题？

+++++++++++++更新1 +++++++++++++++ **

那么在调试的时候，我发现数据得到了正确的解密，并被附加到MimeBodyPart的头部，但是后来事情变得糟糕，如下所示。

我已经缩小到这个导致问题的代码。

public MimeBodyPart（InputStream is）throws MessagingException {

if (!(is instanceof ByteArrayInputStream) &&
    !(is instanceof BufferedInputStream) &&
    !(is instanceof SharedInputStream))
    is = new BufferedInputStream(is);

headers = new InternetHeaders(is);

if (is instanceof SharedInputStream) {
    SharedInputStream sis = (SharedInputStream)is;
    contentStream = sis.newStream(sis.getPosition(), -1);
} else {
    try {
    content = ASCIIUtility.getBytes(is);
    } catch (IOException ioex) {
    throw new MessagingException("Error reading input stream", ioex);
    }
}

并且ASCIIUtility的getBytes返回[]

public static byte[] getBytes(InputStream is) throws IOException {

int len;
int size = 1024;
byte [] buf;


if (is instanceof ByteArrayInputStream) {
    size = is.available();
    buf = new byte[size];
    len = is.read(buf, 0, size);
}
else {
    ByteArrayOutputStream bos = new ByteArrayOutputStream();
    buf = new byte[size];
    while ((len = is.read(buf, 0, size)) != -1)
    bos.write(buf, 0, len);
    buf = bos.toByteArray();
}
return buf;
}

size = is.available（）; 总是返回0;

+++++++++++++更新2 +++++++++++++++ **现在我使用java的BC作为提供程序生成另一条加密消息。由这两者创建的加密消息之间的差异就像这样在头部方面。

充气城堡生成加密消息：

Content-Type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Message-ID: <621547276.1.1394777375030.JavaMail.abcd@localhost>

.....

openssl生成加密的邮件头。

MIME-Version: 1.0
Content-Disposition: attachment; filename="smime.p7m"
Content-Type: application/x-pkcs7-mime; smime-type=enveloped-data; name="smime.p7m"
Content-Transfer-Encoding: base64

......

openssl生成的加密消息在传递给最终MimeBodyPart res = SMIMEUtil.toMimeBodyPart（... content ...）时会导致MimeBodyPart头部的设置与传递相同api时弹性城堡生成消息的相比设置不同。

链接地址: http://www.djcxy.com/p/63489.html

上一篇: SMIME encryption using openssl , decrypting with java bouncy castle fails

下一篇: Encrypt a big file using openssl smime