ssl 正在读取keystore.p12:私钥未存储为PKCS#8 EncryptedPrivateKeyInfo:java.io.IOException:溢出,字节= 261

gdrx4gfi  于 2023-02-04  发布在  Java
关注(0)|答案(1)|浏览(456)

我有一个.p12密钥库,其条目类型为:SecretKeyEntry。如果我尝试读取密钥库,则会出现错误

Exception in thread "main" java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: overrun, bytes = 261
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:373)
at java.base/sun.security.util.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:90)
at java.base/java.security.KeyStore.getKey(KeyStore.java:1057)
at client.Keystest.main(Keystest.java:25)
Caused by: java.io.IOException: overrun, bytes = 261
    at java.base/sun.security.pkcs.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:77)
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:362)
    ... 3 more

如果我尝试将密钥库从PKCS12转换为JKS,则会出现相同的错误

keytool -v -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 -destkeystore keystore.ks -deststoretype PKCS12
Importing keystore keystore.p12 to keystore.ks...
Enter destination keystore password:
Enter source keystore password:
keytool error: java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: overrun, bytes = 261
java.security.UnrecoverableKeyException: Private key not stored as PKCS#8 EncryptedPrivateKeyInfo: java.io.IOException: overrun, bytes = 261
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:373)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetEntry(PKCS12KeyStore.java:1346)
        at java.base/sun.security.util.KeyStoreDelegator.engineGetEntry(KeyStoreDelegator.java:166)
        at java.base/java.security.KeyStore.getEntry(KeyStore.java:1555)
        at java.base/sun.security.tools.keytool.Main.recoverEntry(Main.java:3536)
        at java.base/sun.security.tools.keytool.Main.doImportKeyStoreSingle(Main.java:2253)
        at java.base/sun.security.tools.keytool.Main.doImportKeyStoreAll(Main.java:2303)
        at java.base/sun.security.tools.keytool.Main.doImportKeyStore(Main.java:2195)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:1189)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:398)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:391)
Caused by: java.io.IOException: overrun, bytes = 261
        at java.base/sun.security.pkcs.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:77)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineGetKey(PKCS12KeyStore.java:362)
        ... 10 more

未获得“溢出,字节= 261”的确切原因

tzdcorbm

tzdcorbm1#

使用更新的java版本或不同的安全提供程序。例如,bouncycastle bouncycastle将完成此工作,而您将使用bouncycastle provider for JDK 8 and later
要启用它,您可以修改JDK 8中的文件jre/lib/security/java.security,并将该提供程序放在位置1:

security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
...

或者在运行时在位置1添加一次:

BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
Security.insertProviderAt(bouncyCastleProvider, 1);

相关问题