WAS使用公私钥证书加密解密的问题
开始使用sun的jdk读公私钥证书加密解密,一切正常。换到WAS7后,用私钥加密时报这个错:
Exception in thread "main" java.security.InvalidKeyException: Private key cannot be used to encrypt.
at com.ibm.crypto.provider.RSA.engineInit(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at com.ebank.CrypPara.encryptByPrivateKey(CrypPara.java:146)
at com.ebank.CrypPara.main(CrypPara.java:51)
baidu后,找到一个办法,就是在ibm网站上下一个无限制文件:Unrestricted SDK JCE policy files 地址:https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk
下载文件后,将local_policy.jar和US_export_policy.jar更新到jrelibsecurity的文件夹下。
更新后又报了这个错:
Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:250)
at javax.crypto.Mac.getInstance(Unknown Source)
at com.ibm.security.pkcs12.BasicPFX.calculateMac(BasicPFX.java:1905)
at com.ibm.security.pkcs12.BasicPFX.verifyMac(BasicPFX.java:1165)
at com.ibm.security.pkcs12.PFX.verifyMac(PFX.java:795)
at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:414)
at com.ebank.CrypPara.initKey(CrypPara.java:120)
at com.ebank.CrypPara.main(CrypPara.java:50)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.(Unknown Source)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:228)
... 8 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.access$600(Unknown Source)
at javax.crypto.b$0.run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:280)
... 11 more
请问该如何解决?
Exception in thread "main" java.security.InvalidKeyException: Private key cannot be used to encrypt.
at com.ibm.crypto.provider.RSA.engineInit(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at com.ebank.CrypPara.encryptByPrivateKey(CrypPara.java:146)
at com.ebank.CrypPara.main(CrypPara.java:51)
baidu后,找到一个办法,就是在ibm网站上下一个无限制文件:Unrestricted SDK JCE policy files 地址:https://www14.software.ibm.com/webapp/iwm/web/preLogin.do?source=jcesdk
下载文件后,将local_policy.jar和US_export_policy.jar更新到jrelibsecurity的文件夹下。
更新后又报了这个错:
Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:250)
at javax.crypto.Mac.getInstance(Unknown Source)
at com.ibm.security.pkcs12.BasicPFX.calculateMac(BasicPFX.java:1905)
at com.ibm.security.pkcs12.BasicPFX.verifyMac(BasicPFX.java:1165)
at com.ibm.security.pkcs12.PFX.verifyMac(PFX.java:795)
at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(KeyStore.java:414)
at com.ebank.CrypPara.initKey(CrypPara.java:120)
at com.ebank.CrypPara.main(CrypPara.java:50)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:228)
... 8 more
Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.access$600(Unknown Source)
at javax.crypto.b$0.run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:280)
... 11 more
请问该如何解决?
5同行回答
可参考
http://www-01.ibm.com/support/docview.wss?uid=swg1IV18625
-Dcom.ibm.crypto.provider.DoRSATypeChecking=false收起
http://www-01.ibm.com/support/docview.wss?uid=swg1IV18625
-Dcom.ibm.crypto.provider.DoRSATypeChecking=false收起
浏览3206
支持分享各自的经验哦收起
浏览2394
哎,自己不能给自己分。收起
浏览2398
基本搞定了,使用bouncy castle和老版本的策略文件,有点跑题了,安全相关的。收起
浏览2399