JOSEException:无法创建 AES/GCM/NoPadding 密码:非法密钥大小
Posted
技术标签:
【中文标题】JOSEException:无法创建 AES/GCM/NoPadding 密码:非法密钥大小【英文标题】:JOSEException: Couldn't create AES/GCM/NoPadding cipher: Illegal key size 【发布时间】:2019-02-20 00:11:10 【问题描述】:我正在尝试使用 Nimbus JOSE + JWT 从我的私钥中解密 JWE 数据。
但我遇到了错误:JOSEException: 无法创建 AES/GCM/NoPadding 密码:非法密钥大小
谁能帮我解决这个问题。我正在使用 Java 1.8
我的私钥
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDGBRdsiDqKPGyH
gOpzxmSU2EQkm+zYZLvlPlwkwyfFWLndFLZ3saxJS+LIixsFhunrrUT9ZZ0x+bB6
MV55o70z4ABOJRFNWx1wbMGqdiC0Fyfpwad3iYpRVjZO+5etHA9JEoaTPoFxv+kt
d8kVAL9P5I7/Pi6g1R+B2t2lsaE2bMSwtZqgs55gb7fsCR3Z4nQi7BddYR7MZ2lA
MWf7h7Dkm6uRlGhl2RvtmYa6dXFnK3RhIpdQOUT3quyhweMGspowC/tYSG+BNhy1
WukbwhIP5vTAvv1WbHTg+WaUUV+pP0TjPQcY73clHxNpI5zrNqDmwD2rogNfePKR
UI63yBUfAgMBAAECggEAGy/7xVT25J/jLr+OcRLeIGmJAZW+8P7zpUfoksuQnFHQ
QwBjBRAJ3Y5jtrESprGdUFRb0oavDHuBtWUt2XmXspWgtRn1xC8sXZExDdxmJRPA
0SFbgtgJe51gm3uDmarullPK0lCUqS92Ll3x58ZQfgGdeIHrGP3p84Q/Rk6bGcOb
cPhDYWSOYKm4i2DPM01bnZG2z4BcrWSseOmeWUxqZcMlGz9GAyepUU/EoqRIHxw/
2Y+TGus1JSy5DdhPE0HAEWKZH729ZdoyikOZCMxApQglUkRwkwhtXzVAemm6OSoy
3BEWvSEJh/F82tFrmquUoe/xd5JastlBHyD78RAakQKBgQDkHAzo1fowRI19tk7V
CPn0zMdF/UTRghtLywc/4xnw1Nd13m+orArOdVzPlQokLVNL81dIVKXnId0Hw/kX
8CRyRYz8tkL81spc39DfalZW7QI7Fschfq1Htgkxd/QEjBlIaqjkOjGSbX9xYjYU
1Db8PuGoGXWOsYiv9PCsKR056wKBgQDeOzfZSpV5kX8SECJXRA+emyCnO9S29p0W
+5BCTQp3OPnmbL7b/mGqBVJ0DC+IiN67Lu8xxzejswqLZqaRvmQuioqH+8mOGpXY
ZwhShAif2AuixxvL7OK6dvDmMqoKhBI9nZ9+XI60Cd/LjnWgyFO04uq4otnTukmY
sSP+fp6wnQKBgEopYH0WjFfDAelcKzcRywouxZ7Yn9Ypoaw7nujDcfydhktY/R5u
iLjk6T7H6tsmLU2lGLx4YNPLa6wJp+ODfKX2PMcwjojbYEFftu3cCaQLPE1vs2AN
alLFOSnvINOVpOapXq2Mye8cUHHRh1mwQQwzeXQIivLQf2sNjG28lDbvAoGACsh8
0UJZNmjk7Y9y2yEmUN/eGb9Bdw9IWBEk0tLCKz7MgW3NZQdW3dUcRx1AQTPC+vow
CQ5NmNfbLyBv/KpsWgXG6wpAoXCQzMtTEA3wDTGCfweCRcbcyYdz8PeMYK4/5FV9
o7gCBKJmBY6IDqEpzqEkGolsYGWtpIcT5Alo0dECgYEA3hzC9NLwumi/1JWm+ASS
ADTO3rrGo9hicG/WKGzSHD5l1f+IO1SfmUN/6i2JjcnE07eYArNrCfbMgkFavj50
2ne2fSaYM4p0o147O9Ty8jCyY9vuh/ZGid6qUe3TBI6/okWfmYw6FVbRpNfVEeG7
kPfkDW/JdH7qkWTFbh3eH1k=
-----END PRIVATE KEY-----
我的 JWE 数据
eyJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAiLCJraWQiOiJlbmNyeXB0S2V5IiwiY3R5IjoiYXBwbGljYXRpb24vanNvbiJ9.siISUDg0WMf_yrUK6IPTa6kSCBAJUwwpuNkhSNsfiHeWM86JEul085cfGFLheH5bVSWO_CwauyCKtQ0HmFMoQt0eIfUeGWr2Jod052pNDep0cAO2u2_iKl12rlP-3avbw3MW-JvWmPgbVHpv_LcxWjLEkvZ6oDh6vV0qHj3gXamRqLZtIbJ63lzyJojnqZ5Q0IVwRoiOCMIwWn4DSgdkMlcuLAwGqrDAN96gAVEZKM_NHccjgnGkvlrjwvq011hEjhHjMdmnrmRJvJkkS-zd_dEykKzUuc2CQmID1TfRL1KSgNmmxZ2a5kvV8rbmmlYDvtXb05zdWytYUN5sg6znwA.5CSWiVjFQ94CAhrs.sNGTdnyWHhH_qvqa6Xsj_8x8yT_jYed9TE0_VQUW_Wg75NUra7MiAxuRqmrmbod0H-Tc2T82ayYFSBJrDDZZ0nPuLQjRytN1vg113VwzjOnbRQBLsE1oaTzA5rVdd49eTddwxe6FLoZt8beFoB5HmcavBxB1fphkpf3HgYJRj4YwdyHNMOzcPEw_gzj-svi_LacZrWrB2YdgVtTjhdbJdPBcjQ2Uw8PnWXoU10Onezo_5EdZApaERz6o39qJnL1-GL44mOqZjyx0glYHOO_T5D8Zs112cVWtV81mUWqOrRag5CckdBOtiEMLuzH1Yampssc_JtLNQuhaTu9-7oi1LRPNUq29hsktd-eZBWxbZpn0eGczLGDHUT7_i5AvPbDFOvb-tX6eLwtiF4rXmxhPaMn2YH4SvrElj-VFkxWPgot7Z8xi-QvjotLD5zwLvgJ-gCw2yMDFGXbM29wmvoTc4rhP7GfqMxYPy7YQubPzZQkUG9rkyH5B1H0vNhI_nTDF9YvHIJbYQg9QVIsvPgYfdRJsDpohCF1DcTYyzyFue9QW2I_lQdTMjlDoFlclHgjy5t32-T-5IAr6YEKBILiIxyUxqjk_bg-Y5iA0r3s90eCZfT6r-PotxFRrm-WeVbgJvqOIyfQ4E7hRwmW-bMiT58Y5CEp0kKM2u4Mirj64Nm90u2z5yUkCDqamInKNYxaU1lEN7BCseJ699Y2yZ4KE7r6AYp6uCVZpVwMU63o8Jgt8UH9BfdvSebAOj31BmovND2r4sJK1NmfY45DNESmH_2g4iY8OZas2MHhZiToZGgewWxq3Yc7KpvRzTM-edwmfeh-UqGVdeZbc68xrh5X3gdkCkH0dSPdZA9eA8HVlQu1M2TOO90Rs7HBi1HxlMsHQZvPpJ4fM21MgyzNPq19O5MwQMN0xfl1tB7zvLBLGOT-wQzvDeCF51tQC6hs4Tha3tnrR4wni840YM0t9SCgvbyI3UVFE6JSD4S8w5YgsaDI8valG1KHrtIiIbeQErBn1Hj-J3hnfkHlcILO4JK4nWxHwuGdgYrGeyvz0p7YbVLTC-frwCFBflJlU_6HbjnG7-vMv07rViG0gQZGRw27PXAyYB6lyhXbScoX-GbL5k7oFWmsJG-xKIF9H4HPSQ1KzMTJxHNtzutM0XeB19YJt9hly4-2LPI9qgkupKG20eZbdP5n0Xyr1IOXVVNUMa3wquNmDRgPevUkIXJKdF5pjjetVFFJT4nuADKSRFKfo5ABYK1pVTBgwN1t4a3jhW6fkUejN9iosotVcbuDtQT468RGs04T5lAdFLrNs7-85kHeAbyx38e6lm_CvRnDUt_bTaA_j50L60dI3vuypWLwh5qOiyteysZvlN0uGKzrFV9NvjHnR3tcX1CTQIguZzZkNxBHtCL2Yn9zufoJ4h_QEUUNkCsTj1g74WxfrK16M_MRI5VjV8sS5PSRXdklsHQcfUqJQKjSeFZM0kXSazVLGiGaBOV3UYYI-Q2v9EBNFgSYdrGA3qLaaNfBtVQzl42skvvnsybp0UDCkLYPmBA1OrSbZKkaCHqtXMq126jF4zje78cjdIF7ive_wRcqCC7HgtgWepD_LBVWjVqwRmGHJoWFIjROc0d0_2FxAHyxHoFTr1EOWlPIRx6C-lvSvkhBlq8VyZleOgZy1Q5j-3-C8JITcyedv11j5XH-wKCNDDlogPyk_N7JvYYEVHw.aLJfWNBdLWNz1GbTtKNGvg
我的数据解密代码
public static void main(String[] args) throws Exception
String jweString = "above JWE data";
JWEObject jwe = JWEObject.parse(jweString);
jwe.decrypt(new RSADecrypter(rsaPrivateKey));
System.out.println("Decrypted : " + jwe.getPayload().toString());
获取RSA私钥的代码
private static RSAPrivateKey getPrivateKeyFromString(String key) throws GeneralSecurityException
String privateKeyPEM = key;
privateKeyPEM = privateKeyPEM.replace("-----BEGIN PRIVATE KEY-----\n", "");
privateKeyPEM = privateKeyPEM.replace("-----END PRIVATE KEY-----", "");
byte[] encoded = Base64.decodeBase64(privateKeyPEM);
KeyFactory kf = KeyFactory.getInstance("RSA");
PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(encoded);
RSAPrivateKey privKey = (RSAPrivateKey) kf.generatePrivate(keySpec);
return privKey;
Maven 依赖
<dependency>
<groupId>com.nimbusds</groupId>
<artifactId>nimbus-jose-jwt</artifactId>
<version>6.0</version>
</dependency>
【问题讨论】:
我可以通过更新 Java 8:JCE Unlimited Strength Jurisdiction Policy Files 来完成这项工作。有没有办法在不接触我的 JDK/JRE 的情况下完成这项工作。可能使用不同的库而不是 Nimbus? 如果您使用 Oracle Java 8u161 或更高版本,它现在内置了无限策略,无需更改;如果您的平台可用,任何版本的 OpenJDK 都一样。否则,您可以通过更改库以使用 BouncyCastle 的“轻量级”API(不仅仅是 Bouncy provider)来避免 JCA 策略限制,或者编写一个这样做的替代品,但其中任何一个都会相当多工作的。 PS:标签 nimbus 是完全不同的东西,对你的 Q 来说是错误的。 【参考方案1】:添加 EncryptionMethod.A256GCM 为我创建了以下异常, 原因:com.nimbusds.jose.JOSEException:无法创建 AES/GCM/NoPadding 密码:非法密钥大小
解决方案是-如果jdk8u162或以上java版本可以正常工作。如果使用较低的 jdk 版本,则下载最新的策略文件[jce_policy-8.zip] 并将其替换为 %JAVA_HOME%/jre/lib/security 路径。[local_policy.jar,US_export_policy.jar]
【讨论】:
我遇到了JDK 1.8.0_101 的问题,这解决了这个问题,我只需要替换jdk 和jre 路径中的两个jar 文件。以上是关于JOSEException:无法创建 AES/GCM/NoPadding 密码:非法密钥大小的主要内容,如果未能解决你的问题,请参考以下文章