zzmarquis / gmhelper Goto Github PK
View Code? Open in Web Editor NEW基于BC库:国密SM2/SM3/SM4算法简单封装;实现SM2 X509v3证书的签发;实现SM2 pfx证书的签发
License: Apache License 2.0
基于BC库:国密SM2/SM3/SM4算法简单封装;实现SM2 X509v3证书的签发;实现SM2 pfx证书的签发
License: Apache License 2.0
想请教下BC库是否支持数字信封(PKCS7)加解密呢?BC库中的PKCS7Padding的作用是什么呢?
放到linux服务器上运行报错 jar包都有
org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey cannot be cast to org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey
请问这是为什么 ?
用的以太坊 私钥来转
js版
私:0xc4db720f5e6ceb7b476cf17e36379efbf27fe6da20ab631d7aedc5ff1173c666
公:04bf7c85d72e61d4ca4f1112c4a127ba1936deda4be48b7cf6bc9dd9f9a40c7f138d21da85f46f8eefd5028f2ae2ccbe8b830662e242e121d013a624b765b314b4
java国密
私:0xc4db720f5e6ceb7b476cf17e36379efbf27fe6da20ab631d7aedc5ff1173c666
公:0415a74aa52cb303e5bbeeb7c78559b47e17476eecaa2e5490a78773e563d138a1f3f5a55db28b24c5f1250e1d7ef69a6bd7da5bc900add4d71c20889407eb6aee
String serverCerHexStr = response.getContent();
X509Certificate x509Certificate = SM2CertUtil.getX509Certificate(Hex.decode(serverCerHexStr));
BCECPublicKey bcecPublicKey = SM2CertUtil.getBCECPublicKey(x509Certificate);
类型转换报错:
java.lang.ClassCastException: com.android.org.conscrypt.X509PublicKey cannot be cast to org.bouncycastle.jce.interfaces.ECPublicKey
初始化调用也包异常
KeyPair midKP = SM2Util.generateKeyPair();
java.security.NoSuchAlgorithmException: The BC provider no longer provides an implementation for KeyPairGenerator.EC.
Android是不是没法兼容使用 ?
这么多代码…辛苦了
既然知道bc库已经实现了SM2、SM3、SM4的加解密,为什么不直接用jdk的Cipher呢
像SM2解密,可以这样:
Cipher cipher = Cipher.getInstance("SM2");
cipher.init(Cipher.DECRYPT_MODE, ecPrivateKey);
return cipher.doFinal(data);
SM3摘要算法和SM4对称加密算法,也是如此
W/System.err: java.security.NoSuchAlgorithmException: No provider found for SM4/ECB/NoPadding
at javax.crypto.Cipher.createCipher(Cipher.java:529)
at javax.crypto.Cipher.getInstance(Cipher.java:413)
at org.zz.gmhelper.SM4Util.generateEcbCipher(SM4Util.java:175)
at org.zz.gmhelper.SM4Util.encrypt_Ecb_NoPadding(SM4Util.java:66)
如果遇到这个问题的朋友,不妨试试
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) != null){
double version = Security.getProvider(BouncyCastleProvider.PROVIDER_NAME).getVersion();
Log.i("sys","原有version="+version);
}
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null){
Log.i("sys","运行环境没有BouncyCastleProvider");
Security.addProvider(new BouncyCastleProvider());
}
可能在应用启动的时候,已经有了一个低版本的BCprovider被自动add进当前系统,需要先移除再加入高版本的,我这边打印出来是1.57,1.57就是没有国密算法,1.58开始部分支持,1.59才较完善支持
你好,我正在研究国密加密算法,也是基于BC,想开源一个小型CA包,支持一般的证书签发,吊销,验证等流程,目前实现了rsa,ECDSA,dsa;sm2始终差一点,希望能和您交流交流,我刚开始做,对这个理论研究差点;
最终想基于BC实现一个完整sm2provider,然后开源出来(支持,sm2cipher,sm4cipher,sm2digest,tls秘钥协商);
目前对于sm算法和实现途径有些迷茫,希望交流一下
SM3的代码我拿去用了下,十分感谢。但是对老哥的代码一句注释也没得,虽然我看得懂。
bc的SM2Engine中的默认实现还是C1C2C3的顺序,实际调试过程中,在此demo的基础上,修改了bc的此类,应该为C1C3C2
我想请教作者,我生成的x509证书在windows、ubuntu18.04系统上查看时,公钥参数显示是生成sm2所使用的大素数,请问怎么才能将公钥参数改成国秘上指定的oid:1.2.156.10197.1.301
SM2算法生成公私钥对长度会变化:
AsymmetricCipherKeyPair keyPair = SM2Util.generateKeyPairParameter();
ECPrivateKeyParameters priKey = (ECPrivateKeyParameters) keyPair.getPrivate();
ECPublicKeyParameters pubKey = (ECPublicKeyParameters) keyPair.getPublic();
System.out.println("priKey len=" + priKey.getD().toByteArray().length);
System.out.println("pubKey len=" + pubKey.getQ().getEncoded(false).length);
私钥长度有时是32,有时是33。
公钥长度是65。
而C语言那边私钥是固定的32位,公钥是2个32位。
请问如何与C那边对应上?
现在 需要换成ECC secp256r1的曲线
不知道怎样下手 一头雾水
未找到方法SM2Signer.update
java.lang.NoSuchMethodError: org.bouncycastle.crypto.signers.SM2Signer.update([BII)V
at org.zz.gmhelper.SM2Util.sign(SM2Util.java:309)
at org.zz.gmhelper.test.SM2UtilTest.testSignAndVerify(SM2UtilTest.java:37)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
可以根据不同的字符串来生成密钥吗?
如题
作者有了解吗
请问下,SM2的公私钥生成后,先保存公钥值(pubKey.getQ().getEncoded(false)),
之后怎么根据这个值重新生成ECPublicKeyParameters对象?
还有私钥参数对象(ECPrivateKeyParameters)?
SM2PfxMakerTest.testMakePfx()方法测试不通过
报错如下:
测试加解密或签名验签没有问题,生成和验证证书无法通过
java.lang.IllegalArgumentException: Unknown signature type requested: SM3WITHSM2
at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.generate(Unknown Source)
at org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder.find(Unknown Source)
at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder.(Unknown Source)
at org.zz.gmhelper.cert.CommonUtil.createCSR(CommonUtil.java:55)
at org.zz.gmhelper.cert.test.SM2PfxMakerTest.testMakePfx(SM2PfxMakerTest.java:42)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
java.lang.AssertionError
at org.junit.Assert.fail(Assert.java:86)
at org.junit.Assert.fail(Assert.java:95)
at org.zz.gmhelper.cert.test.SM2PfxMakerTest.testMakePfx(SM2PfxMakerTest.java:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
本地没事,部署到环境 就报这个错java.security.NoSuchAlgorithmException: No such algorithm: SM4/ECB/PKCS5Padding,
帮忙看看是啥原因吧,微信号15763605318,谢谢
测试的时候,SM4Util里的DEFAULT_KEY_SIZE 默认密钥长度是128位,也就是16个字节。测试没有问题。现在想的是,能不能支持256位32个字节,测试的时候报错了。部分堆栈如下:
org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$InvalidKeyOrParametersException: SM4 requires a 128 bit key
at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineInit(Unknown Source)
at javax.crypto.Cipher.init(Cipher.java:1346)
at javax.crypto.Cipher.init(Cipher.java:1282)
at org.zz.gmhelper.SM4Util.generateCbcCipher(SM4Util.java:189)
at org.zz.gmhelper.SM4Util.encrypt_Cbc_Padding(SM4Util.java:81)
at demo.wodetest.TestSM4.testSM4EcbPKCS5(TestSM4.java:24)
bc库中没有sm9的,sm9用什么工具
看到代码里的BCECUtil.java 有个方法 public static ECPublicKeyParameters createECPublicKeyParameters(BigInteger x, BigInteger y,
ECCurve curve, ECDomainParameters domainParameters)
没有相关的说明,能指导一下这个方法怎么用的吗?
请问老哥,读取加了密码的私钥有什么办法,一直头大
我在对公钥进行写入写出是出现了问题,我采用der方式将公钥写出到文件,但是从公钥文件转换为公钥对象时出现了问题,
这是java抛出的异常:
java.io.IOException: Sender's public key has invalid point encoding 0x30
你好,我在用SM4.
我的项目复制你相同的依赖, 但是Security.getProvider(BouncyCastleProvider.PROVIDER_NAME)是null ,连低版本的都没有. 需要手动Security.addProvider(new BouncyCastleProvider());
但是 在你的SM4Util里加了个main方法, 直接就能获取到.
不知您清楚是为什么吗
有个关于国密相关紧急需求你接不。微信15517986455
String priHex = "ff3794cc7a83920e0f6d406817d97a3b876631ee4ddfafe87622e92966738c33";
ECPrivateKeyParameters priKey = new ECPrivateKeyParameters(new BigInteger(ByteUtils.fromHexString(priHex)), M2Util.DOMAIN_PARAMS);
当私钥为f开头时,都会报错如下:
Exception in thread "main" java.lang.IllegalArgumentException: Scalar is not in the interval [1, n - 1]
at org.bouncycastle.crypto.params.ECDomainParameters.validatePrivateScalar(Unknown Source)
at org.bouncycastle.crypto.params.ECPrivateKeyParameters.(Unknown Source)
但是前补个0就可正常使用,请解惑啊,谢谢。
org/bouncycastle/bcprov-jdk15on/1.62/bcprov-jdk15on-1.62.jar has unsigned entries - org/bouncycastle/LICENSE.class
您好,请问下这个可以和前端的加解密工具sm-crypto通用吗,sm2验签那面
SM2PublicKey类中重载了getEncoded方法,可以将sm2公钥转换成PKCS8格式String;但是没有SM2PrivateKey类的实现。因此,sm2私钥转换成PKCS8格式String的方法采用了BCECPrivateKey。
但是,生成的私钥包含了sm2椭圆曲线的各个参数(N、P),而并没有采用oid替换,如下:
3082024b0201003081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff30440420fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc042028e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e9304410432c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0022100fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d5412302010104820155308201510201010420d03cd038670fce6e2cdd7e44aef15b171f53233488080f724e35958da2a416dfa081e33081e0020101302c06072a8648ce3d0101022100fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff30440420fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc042028e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e9304410432c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0022100fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d54123020101a14403420004d774c76f9fce4735244b620f0e139373ba34e837225f818da92483c3b896ca0501fac506290b1a4b09f3e79451259cd81a2775a2c85284782690ec0feb7e5f04
我希望生成比较简洁的PKCS8格式,类似于SM2PublicKey的getEncoded方法。期望的结果如:
308187020100301306072a811ccf55020106082a811ccf5501822d046d306b02
01010420a43436cec5ffbbf897897fbec860053de978086eb99fd67dcdd4817d
949e83eba144034200048860af05a1a67f5e48df9286625618f6eb58b02f41d0
0c5b60981ef96dbfc0b3f469cd4facc0746e58e2bef993869a361fd9a90c246e
44fede35d19fae135cb9
请问是否可以提供_SM2PrivateKey_的_getEncoded_方法?
备注:
`KeyPair keyPair = SM2Util.generateBCECKeyPair();
BCECPrivateKey smPriv = new BCECPrivateKey(keyPair.getPrivate().getAlgorithm(), (BCECPrivateKey) keyPair.getPrivate());
String privHexString = Hex.encodeHexString(smPriv.getEncoded());
SM2PublicKey smPub = new SM2PublicKey(keyPair.getPublic().getAlgorithm(), (BCECPublicKey) keyPair.getPublic());
String pubHexString = Hex.encodeHexString(smPub.getEncoded());`
java.security.NoSuchAlgorithmException: no such algorithm: SM4 for provider BC
项目里面引用了这两个jar报冲突。
最近工作中遇到了使用国密证书进行java客户端ssl双向认证通信的需求,但是java目前不支持国密,一直卡在这里没有解决思路。看到您在的github上的开源项目,想着您在这块应该很有研究,所以想向您请教一下,或者有没有什么解决思路。
单元测试跑 SM2UtilTest.testEncodeSM2CipherToDER 这个case连续1000次会出现java.lang.IllegalArgumentException: malformed integer错误
非常不错的项目,简单明了。
关于证书的代码,如果要产生工业用证书,还得考虑更多的因素,比如证书序列号产生就有很多要求。还有要用硬件保护密钥。
我维护了一个开源工业级的PKI项目,也支持国密算法SM2/SM3和基于SM2密码算法的数字证书格式GMT 0015-2012 。代码比这个项目复杂得多,可以和这个项目互为补充。具体地址是https://github.com/xipki/xipki 。
异常信息
java.io.FileNotFoundException: D:\test.sm2.cer
是否可用把测试案例用到的文件放进classpath下?
你好,看了一下你的BCEUtil工具类,如果生成的是SM2非对称加密秘钥,怎么转化为字节形式或者字符串形式已配置项的方式存在呢,同时秘钥字节要还原为对应的秘钥。
76行
byte[] cipher = SM4Util.encrypt_Cbc_NoPadding(key, iv, SRC_DATA_32B);
应该调用encrypt_Cbc_Padding
方法吧
der编码:
308201333081ec06072a8648ce3d02013081e0020101302c06072a8648ce3d0101022100fffffffeffffffffffffffffffffffffffffffff00000000ffffffffffffffff30440420fffffffeffffffffffffffffffffffffffffffff00000000fffffffffffffffc042028e9fa9e9d9f5e344d5a9e4bcf6509a7f39789f515ab8f92ddbcbd414d940e9304410432c4ae2c1f1981195f9904466a39c9948fe30bbff2660be1715a4589334c74c7bc3736a2f4f6779c59bdcee36b692153d0a9877cc62a474002df32e52139f0a0022100fffffffeffffffffffffffffffffffff7203df6b21c6052b53bbf40939d5412302010103420004088263b38f837c8fe9a239dc21f2ffd74e28f9cd4c16e01e7ad7c04b086f4f29fab1032c68cee6b97c5127aca62506594aa4162433bc16f3d5640cbe43953143
问题:der编码中间出现很多的f,百度结果时高位溢出,想知道你们出现这个问题了,时怎么解决的。
代码:
`KeyPair key = GMUtil.generateKeyPair();
ECPrivateKeyParameters priKey = BCECUtil.convertPrivateKeyToParameters((BCECPrivateKey)key.getPrivate());
ECPublicKeyParameters pubKey = BCECUtil.convertPublicKeyToParameters((BCECPublicKey)key.getPublic());
System.out.println("Pri Hex:"+ ByteUtils.toHexString(priKey.getD().toByteArray()).toUpperCase());
System.out.println("Pub X Hex:"+ ByteUtils.toHexString(pubKey.getQ().getAffineXCoord().getEncoded()).toUpperCase());
System.out.println("Pub X Hex:"+ ByteUtils.toHexString(pubKey.getQ().getAffineYCoord().getEncoded()).toUpperCase());
System.out.println("Pub Point Hex:"+ ByteUtils.toHexString(pubKey.getQ().getEncoded(false)).toUpperCase());
byte[] pubKeyX509Der = BCECUtil.convertECPublicKeyToX509(pubKey);
System.out.println("public key der length:" + pubKeyX509Der.length);
System.out.println("public key der:" + Hex.toHexString(pubKeyX509Der));`
delete, nothing
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.