Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

使用pkcs11 usb令牌解密pdf时发生java Itextpdf错误

2 周,1 日 Questions & Answers

我正在使用iTextpdf解密一个用证书加密的PDF

解密时发生以下异常

com.itextpdf.text.exceptions.InvalidPdfException: exception unwrapping key: key invalid: unknown key type passed to RSA

下面是我的代码片段

    public void decryptPdf(String src, String dest)
        throws IOException, DocumentException, GeneralSecurityException,CMSException {
        try{
//        decrypt(getPrivateKey(), DESTINATION_FILE, DECRYPTED_FILE);
        PdfReader reader = new PdfReader(src,
            getPublicCertificate("C:\\Users\\USER\\Documents\\NetBeansProjects\\test\\src\\lk_encb64.cer"), getPrivateKey(), "BC");
        PdfStamper stamper = new PdfStamper(reader, new FileOutputStream(dest));
        stamper.close();
        reader.close();
        }catch(Exception ex){
            System.out.println(ex);
        }
    }

方法getPrivateKey()从PKCS11 eTocken返回我的私钥

public PrivateKey getPrivateKey() throws GeneralSecurityException, IOException {

        LoggerFactory.getInstance().setLogger(new SysoLogger());

    Properties properties = new Properties();
    properties.load(new FileInputStream("D:/key.properties"));
        char[] pass = properties.getProperty("PASSWORD").toCharArray();

    String config = "name=eToken\n" +
                "library=" + DLL + "\n";
    ByteArrayInputStream bais = new ByteArrayInputStream(config.getBytes());
    Provider providerPKCS11 = new SunPKCS11(bais);
        Security.addProvider(providerPKCS11);
        System.out.println(providerPKCS11.getName());

    BouncyCastleProvider providerBC = new BouncyCastleProvider();
    Security.addProvider(providerBC);

        KeyStore ks = KeyStore.getInstance("PKCS11");
        ks.load(null, pass);
        String alias = (String)ks.aliases().nextElement();

        java.util.Enumeration<String> aliases = ks.aliases();


        alias = aliases.nextElement();

        System.out.println("testing key....");
        System.out.println(alias);
        PrivateKey pk = (PrivateKey)ks.getKey(alias, pass);
        System.out.println(pk);
        return pk;
    }

方法getPublicCertificate()如下所示

public Certificate getPublicCertificate(String path)
        throws IOException, CertificateException {
        System.out.println(path);
        FileInputStream is = new FileInputStream("C:\\Users\\USER\\Documents\\NetBeansProjects\\test\\src\\lk_encb64.cer");
        CertificateFactory cf = CertificateFactory.getInstance("X.509");
        X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
        return cert;
    }

我使用了以下jar版本

itext 5.5.10

bcprov jdk15在1.49上

1.49上的bcpkix jdk15


共 (1) 个答案

  1. # 1 楼答案

    我用提供者名称“SunPKCS11 eToken”更改了代码,而不是@mkl建议的“BC”

    PdfReader reader = new PdfReader(src, getPublicCertificate("C:\\Users\\USER\\Documents\\NetBeansPr‌​ojects\\test\\src\\l‌​k_encb64.cer"), getPrivateKey(), "SunPKCS11-eToken");

    并使用了itext 5.2.1和bc 1.46版本(decryption/encryption using BC 1.46 an iText 5.2.1 is working fine)JAR,现在解密工作正常