使用pkcs11 usb令牌解密pdf时发生java Itextpdf错误
我正在使用iTextpdf解密一个用证书加密的PDF
解密时发生以下异常
com.itextpdf.text.exceptions.InvalidPdfException: exception unwrapping key: key invalid: unknown key type passed to RSA
下面是我的代码片段
public void decryptPdf(String src, String dest)
throws IOException, DocumentException, GeneralSecurityException,CMSException {
try{
// decrypt(getPrivateKey(), DESTINATION_FILE, DECRYPTED_FILE);
PdfReader reader = new PdfReader(src,
getPublicCertificate("C:\\Users\\USER\\Documents\\NetBeansProjects\\test\\src\\lk_encb64.cer"), getPrivateKey(), "BC");
PdfStamper stamper = new PdfStamper(reader, new FileOutputStream(dest));
stamper.close();
reader.close();
}catch(Exception ex){
System.out.println(ex);
}
}
方法getPrivateKey()从PKCS11 eTocken返回我的私钥
public PrivateKey getPrivateKey() throws GeneralSecurityException, IOException {
LoggerFactory.getInstance().setLogger(new SysoLogger());
Properties properties = new Properties();
properties.load(new FileInputStream("D:/key.properties"));
char[] pass = properties.getProperty("PASSWORD").toCharArray();
String config = "name=eToken\n" +
"library=" + DLL + "\n";
ByteArrayInputStream bais = new ByteArrayInputStream(config.getBytes());
Provider providerPKCS11 = new SunPKCS11(bais);
Security.addProvider(providerPKCS11);
System.out.println(providerPKCS11.getName());
BouncyCastleProvider providerBC = new BouncyCastleProvider();
Security.addProvider(providerBC);
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pass);
String alias = (String)ks.aliases().nextElement();
java.util.Enumeration<String> aliases = ks.aliases();
alias = aliases.nextElement();
System.out.println("testing key....");
System.out.println(alias);
PrivateKey pk = (PrivateKey)ks.getKey(alias, pass);
System.out.println(pk);
return pk;
}
方法getPublicCertificate()如下所示
public Certificate getPublicCertificate(String path)
throws IOException, CertificateException {
System.out.println(path);
FileInputStream is = new FileInputStream("C:\\Users\\USER\\Documents\\NetBeansProjects\\test\\src\\lk_encb64.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
return cert;
}
我使用了以下jar版本
itext 5.5.10
bcprov jdk15在1.49上
1.49上的bcpkix jdk15
# 1 楼答案
我用提供者名称“SunPKCS11 eToken”更改了代码,而不是@mkl建议的“BC”
并使用了itext 5.2.1和bc 1.46版本(decryption/encryption using BC 1.46 an iText 5.2.1 is working fine)JAR,现在解密工作正常