使用 pkcs11 usb 令牌解密 pdf 时出现 Itextpdf 错误
Itextpdf error while decrypting a pdf using pkcs11 usb token
我正在使用 iTextpdf 解密使用证书加密的 PDF。
解密时出现以下异常
com.itextpdf.text.exceptions.InvalidPdfException: exception unwrapping key: key invalid: unknown key type passed to RSA
以下是我的代码片段
public void decryptPdf(String src, String dest)
throws IOException, DocumentException, GeneralSecurityException,CMSException {
try{
// decrypt(getPrivateKey(), DESTINATION_FILE, DECRYPTED_FILE);
PdfReader reader = new PdfReader(src,
getPublicCertificate("C:\Users\USER\Documents\NetBeansProjects\test\src\lk_encb64.cer"), getPrivateKey(), "BC");
PdfStamper stamper = new PdfStamper(reader, new FileOutputStream(dest));
stamper.close();
reader.close();
}catch(Exception ex){
System.out.println(ex);
}
}
方法 getPrivateKey() returns 来自 PKCS11-eTocken 的私钥
public PrivateKey getPrivateKey() throws GeneralSecurityException, IOException {
LoggerFactory.getInstance().setLogger(new SysoLogger());
Properties properties = new Properties();
properties.load(new FileInputStream("D:/key.properties"));
char[] pass = properties.getProperty("PASSWORD").toCharArray();
String config = "name=eToken\n" +
"library=" + DLL + "\n";
ByteArrayInputStream bais = new ByteArrayInputStream(config.getBytes());
Provider providerPKCS11 = new SunPKCS11(bais);
Security.addProvider(providerPKCS11);
System.out.println(providerPKCS11.getName());
BouncyCastleProvider providerBC = new BouncyCastleProvider();
Security.addProvider(providerBC);
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pass);
String alias = (String)ks.aliases().nextElement();
java.util.Enumeration<String> aliases = ks.aliases();
alias = aliases.nextElement();
System.out.println("testing key....");
System.out.println(alias);
PrivateKey pk = (PrivateKey)ks.getKey(alias, pass);
System.out.println(pk);
return pk;
}
方法getPublicCertificate()如下
public Certificate getPublicCertificate(String path)
throws IOException, CertificateException {
System.out.println(path);
FileInputStream is = new FileInputStream("C:\Users\USER\Documents\NetBeansProjects\test\src\lk_encb64.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
return cert;
}
我用过以下jar版本
itext 5.5.10
bcprov jdk15 1.49
1.49 上的 bcpkix jdk15
我更改了提供程序名称 "SunPKCS11-eToken" 的代码,而不是 @mkl
建议的 "BC"
PdfReader reader = new PdfReader(src, getPublicCertificate("C:\Users\USER\Documents\NetBeansProjects\test\src\lk_encb64.cer"), getPrivateKey(), "SunPKCS11-eToken");
并使用 itext 5.2.1 和 bc 1.46 版本 (decryption/encryption using BC 1.46 an iText 5.2.1 is working fine) jar,现在解密工作正常。
我正在使用 iTextpdf 解密使用证书加密的 PDF。
解密时出现以下异常
com.itextpdf.text.exceptions.InvalidPdfException: exception unwrapping key: key invalid: unknown key type passed to RSA
以下是我的代码片段
public void decryptPdf(String src, String dest)
throws IOException, DocumentException, GeneralSecurityException,CMSException {
try{
// decrypt(getPrivateKey(), DESTINATION_FILE, DECRYPTED_FILE);
PdfReader reader = new PdfReader(src,
getPublicCertificate("C:\Users\USER\Documents\NetBeansProjects\test\src\lk_encb64.cer"), getPrivateKey(), "BC");
PdfStamper stamper = new PdfStamper(reader, new FileOutputStream(dest));
stamper.close();
reader.close();
}catch(Exception ex){
System.out.println(ex);
}
}
方法 getPrivateKey() returns 来自 PKCS11-eTocken 的私钥
public PrivateKey getPrivateKey() throws GeneralSecurityException, IOException {
LoggerFactory.getInstance().setLogger(new SysoLogger());
Properties properties = new Properties();
properties.load(new FileInputStream("D:/key.properties"));
char[] pass = properties.getProperty("PASSWORD").toCharArray();
String config = "name=eToken\n" +
"library=" + DLL + "\n";
ByteArrayInputStream bais = new ByteArrayInputStream(config.getBytes());
Provider providerPKCS11 = new SunPKCS11(bais);
Security.addProvider(providerPKCS11);
System.out.println(providerPKCS11.getName());
BouncyCastleProvider providerBC = new BouncyCastleProvider();
Security.addProvider(providerBC);
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, pass);
String alias = (String)ks.aliases().nextElement();
java.util.Enumeration<String> aliases = ks.aliases();
alias = aliases.nextElement();
System.out.println("testing key....");
System.out.println(alias);
PrivateKey pk = (PrivateKey)ks.getKey(alias, pass);
System.out.println(pk);
return pk;
}
方法getPublicCertificate()如下
public Certificate getPublicCertificate(String path)
throws IOException, CertificateException {
System.out.println(path);
FileInputStream is = new FileInputStream("C:\Users\USER\Documents\NetBeansProjects\test\src\lk_encb64.cer");
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate) cf.generateCertificate(is);
return cert;
}
我用过以下jar版本
itext 5.5.10
bcprov jdk15 1.49
1.49 上的 bcpkix jdk15
我更改了提供程序名称 "SunPKCS11-eToken" 的代码,而不是 @mkl
建议的 "BC"PdfReader reader = new PdfReader(src, getPublicCertificate("C:\Users\USER\Documents\NetBeansProjects\test\src\lk_encb64.cer"), getPrivateKey(), "SunPKCS11-eToken");
并使用 itext 5.2.1 和 bc 1.46 版本 (decryption/encryption using BC 1.46 an iText 5.2.1 is working fine) jar,现在解密工作正常。