.NET 系统加密到 Bouncy Castle Java 解密抛出错误

.NET System Encryption to Bouncy Castle Java Decryption Throws Error

一个棘手的问题,但我可以寻求任何帮助。

我正在使用 System.Security.Cryptography.Xml 加密 XML SAML blob。

加密工作正常,但是当它到达另一端的 java 库时,他们收到错误消息:

java.lang.ArrayIndexOutOfBoundsException: too much data for RSA block
        at org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(Unknown Source)
        at org.bouncycastle.jce.provider.WrapCipherSpi.engineUnwrap(Unknown Source)
        at javax.crypto.Cipher.unwrap(Unknown Source)
        at org.apache.xml.security.encryption.XMLCipher.decryptKey(Unknown Source)
        at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:680)
        at org.opensaml.xml.encryption.Decrypter.decryptKey(Decrypter.java:611)
        at org.opensaml.xml.encryption.Decrypter.decryptUsingResolvedEncryptedKey(Decrypter.java:761)
        at org.opensaml.xml.encryption.Decrypter.decryptDataToDOM(Decrypter.java:512)
        at org.opensaml.xml.encryption.Decrypter.decryptDataToList(Decrypter.java:439)
        at org.opensaml.xml.encryption.Decrypter.decryptData(Decrypter.java:400)
        at org.opensaml.saml2.encryption.Decrypter.decryptData(Decrypter.java:141)
        at org.opensaml.saml2.encryption.Decrypter.decrypt(Decrypter.java:69)

如何继续使用我的加密方法:

        public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
    {
        //cert = new X509Certificate2(@"C:\temp\SEI.cer");
        XmlElement returnElement;
        EncryptedData message = new EncryptedData();
        message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
        message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        //message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        EncryptedKey key = new EncryptedKey();
        key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
        key.KeyInfo.AddClause(new KeyInfoX509Data(cert));

        var rKey = new RijndaelManaged();
        rKey.BlockSize = 128;
        rKey.KeySize = 128;
        rKey.Padding = PaddingMode.PKCS7;
        rKey.Mode = CipherMode.CBC;

        key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
        KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
        message.KeyInfo.AddClause(keyInfo);

        message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
        returnElement = message.GetXml();

        Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));

        GetBytesKeyAndData(rKey, assertion.InnerText);


        return returnElement;
    }

在绕过这个错误时? EncryptedKey 上是否有参数来设置填充大小?还是我必须使用 Bouncy Castle 来指定加密数据的大小?

我更改了 RSA 密钥的 AES 加密的 keywrapurl 的大小。

仍然不太明白 opensaml java 库的加密是如何工作的,在打开它之后我很惊讶在 java 中设置一个简单的测试环境需要多长时间.

故事的寓意:不要对大量数据使用非对称加密。

public XmlElement EncryptXml(XmlElement assertion, X509Certificate2 cert)
    {
        //cert = new X509Certificate2(@"C:\temp\SEI.cer");
        XmlElement returnElement;
        EncryptedData message = new EncryptedData();
        message.Type = "http://www.w3.org/2001/04/xmlenc#Element";
        message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256KeyWrapUrl);
        //message.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128KeyWrapUrl);
        EncryptedKey key = new EncryptedKey();
        key.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
        key.KeyInfo.AddClause(new KeyInfoX509Data(cert));

        var rKey = new RijndaelManaged();
        rKey.BlockSize = 128;
        rKey.KeySize = 128;
        rKey.Padding = PaddingMode.PKCS7;
        rKey.Mode = CipherMode.CBC;

        key.CipherData.CipherValue = EncryptedXml.EncryptKey(rKey.Key, (RSA)cert.PublicKey.Key, false);
        KeyInfoEncryptedKey keyInfo = new KeyInfoEncryptedKey(key);
        message.KeyInfo.AddClause(keyInfo);

        message.CipherData.CipherValue = new EncryptedXml().EncryptData(assertion, rKey, false);
        returnElement = message.GetXml();

        Logger("Cert Size: " + System.Text.ASCIIEncoding.Unicode.GetByteCount(cert.ToString()));

        GetBytesKeyAndData(rKey, assertion.InnerText);


        return returnElement;
    }