> java版本 – Java 8
> HSM – nCipher
什么有用 – SHA1withRSA
java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -genkeypair -validity 365 -alias aci3 -keyalg RSA -sigalg SHA1withRSA -keystore /ipsbo/keystore/ipskeystore -storetype nCipher.sworld -providerClass com.ncipher.provider.km.nCipherKM -providerName nCipherKM -storepass password -keypass password -dname "CN=aci3,OU=ips,O=vocalink,L=rickmansworth,ST=Unknown,C=uk"
不起作用 – SHA512withRSA
java -Dprotect=module -DignorePassphrase=true sun.security.tools.keytool.Main -genkeypair -validity 365 -alias aci4 -keyalg RSA -sigalg SHA512withRSA -keystore /ipsbo/keystore/ipskeystore -storetype nCipher.sworld -providerClass com.ncipher.provider.km.nCipherKM -providerName nCipherKM -storepass password -keypass password -dname "CN=aci4,OU=ips,O=vocalink,L=rickmansworth,ST=Unknown,C=uk" -v
keytool error: java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier SHA512withRSA
java.security.NoSuchAlgorithmException: Invalid ObjectIdentifier SHA512withRSA
at sun.security.x509.AlgorithmId.get(AlgorithmId.java:402)
at sun.security.tools.keytool.CertAndKeyGen.getSelfCertificate(CertAndKeyGen.java:258)
at sun.security.tools.keytool.Main.doGenKeyPair(Main.java:1626)
at sun.security.tools.keytool.Main.doCommands(Main.java:966)
at sun.security.tools.keytool.Main.run(Main.java:343)
at sun.security.tools.keytool.Main.main(Main.java:336)
静态方法algOID不包含SHA512withRSA,为什么?
它似乎有SHA1withRSA.
更多细节
Nicpher的详细信息有SHA512withRSA
-bash$java -cp "java/classes/*" com.ncipher.provider.InstallationTest
Installed providers:
1: SunJCE
2: nCipherKM
3: SUN
4: SunRsaSign
5: SunEC
6: SunJSSE
7: SunJGSS
8: SunSASL
9: XMLDSig
10: SunPCSC
Unlimited strength jurisdiction files are installed.
The nCipher provider is installed, but is not registered at
the top of the providers list in the java.security file. See
the user guide for more information about the recommended
system configuration.
nCipher JCE services:
Alg.Alias.AlgorithmParameters.DESede
Alg.Alias.AlgorithmParameters.OID.1.2.840.113549.3.7
Alg.Alias.Cipher.1.2.840.113549.1.1.1
Alg.Alias.Cipher.1.2.840.113549.3.4
Alg.Alias.Cipher.1.2.840.113549.3.7
Alg.Alias.Cipher.AES
Alg.Alias.Cipher.CAST6
Alg.Alias.Cipher.DES3
Alg.Alias.Cipher.OID.1.2.840.113549.1.1.1
Alg.Alias.Cipher.OID.1.2.840.113549.3.4
Alg.Alias.Cipher.OID.1.2.840.113549.3.7
Alg.Alias.Cipher.RC4
Alg.Alias.Cipher.Triple-DES
Alg.Alias.Cipher.TripleDES
Alg.Alias.KeyAgreement.Diffie-Hellman
Alg.Alias.KeyAgreement.DiffieHellman
Alg.Alias.KeyFactory.1.2.840.10040.4.1
Alg.Alias.KeyFactory.1.2.840.113549.1.1.1
Alg.Alias.KeyFactory.1.3.14.3.2.12
Alg.Alias.KeyFactory.Diffie-Hellman
Alg.Alias.KeyFactory.DiffieHellman
Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1
Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1.1
Alg.Alias.KeyFactory.OID.1.3.14.3.2.12
Alg.Alias.KeyGenerator.1.2.840.113549.3.4
Alg.Alias.KeyGenerator.1.2.840.113549.3.7
Alg.Alias.KeyGenerator.1.3.14.3.2.7
Alg.Alias.KeyGenerator.AES
Alg.Alias.KeyGenerator.CAST6
Alg.Alias.KeyGenerator.DES3
Alg.Alias.KeyGenerator.OID.1.2.840.113549.3.4
Alg.Alias.KeyGenerator.OID.1.2.840.113549.3.7
Alg.Alias.KeyGenerator.OID.1.3.14.3.2.7
Alg.Alias.KeyGenerator.RC4
Alg.Alias.KeyGenerator.Triple-DES
Alg.Alias.KeyGenerator.TripleDES
Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1
Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1.1
Alg.Alias.KeyPairGenerator.1.3.14.3.2.12
Alg.Alias.KeyPairGenerator.DiffieHellman
Alg.Alias.KeyPairGenerator.ECDHDiffie-Hellman
Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1
Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1.1
Alg.Alias.KeyPairGenerator.OID.1.3.14.3.2.12
Alg.Alias.MessageDigest.SHA-224
Alg.Alias.MessageDigest.SHA-256
Alg.Alias.MessageDigest.SHA-384
Alg.Alias.MessageDigest.SHA-512
Alg.Alias.SecureRandom.SHA1PRNG
Alg.Alias.Signature.1.2.840.10040.4.3
Alg.Alias.Signature.1.2.840.113549.1.1.5
Alg.Alias.Signature.1.3.14.3.2.13
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.1
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10040.4.3
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1
Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5
Alg.Alias.Signature.1.3.14.3.2.27
Alg.Alias.Signature.DSA
Alg.Alias.Signature.DSAWithSHA1
Alg.Alias.Signature.DSS
Alg.Alias.Signature.OID.1.2.840.10040.4.3
Alg.Alias.Signature.OID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.3.14.3.2.13
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.10040.4.1
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.10040.4.3
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.113549.1.1.1
Alg.Alias.Signature.OID.1.3.14.3.2.26withOID.1.2.840.113549.1.1.5
Alg.Alias.Signature.OID.1.3.14.3.2.27
Alg.Alias.Signature.RSAforSSL
Alg.Alias.Signature.RawRSA
Alg.Alias.Signature.SHA-1/DSA
Alg.Alias.Signature.SHA/DSA
Alg.Alias.Signature.SHA1/DSA
Alg.Alias.Signature.SHAwithDSA
AlgorithmParameters.GCMParameters
AlgorithmParameters.IVParameters
Cipher.AESWrap
Cipher.ArcFour
Cipher.CAST256
Cipher.DES
Cipher.DES2
Cipher.DESede
Cipher.DESedeCBC
Cipher.DESedeWrap
Cipher.RSA
Cipher.Rijndael
KeyAgreement.DH
KeyFactory.DH
KeyFactory.DSA
KeyFactory.RSA
KeyGenerator.ArcFour
KeyGenerator.CAST256
KeyGenerator.DES
KeyGenerator.DES2
KeyGenerator.DESede
KeyGenerator.HmacMD5
KeyGenerator.HmacRIPEMD160
KeyGenerator.HmacSHA1
KeyGenerator.HmacSHA224
KeyGenerator.HmacSHA256
KeyGenerator.HmacSHA384
KeyGenerator.HmacSHA512
KeyGenerator.HmacTiger
KeyGenerator.Rijndael
KeyPairGenerator.DH
KeyPairGenerator.DSA
KeyPairGenerator.ECDH
KeyPairGenerator.RSA
KeyStore.JKS
KeyStore.nCipher.sworld
Mac.HmacMD5
Mac.HmacRIPEMD160
Mac.HmacSHA1
Mac.HmacSHA224
Mac.HmacSHA256
Mac.HmacSHA384
Mac.HmacSHA512
Mac.HmacTiger
MessageDigest.RIPEMD160
MessageDigest.SHA224
MessageDigest.SHA256
MessageDigest.SHA384
MessageDigest.SHA512
MessageDigest.Tiger
SecretKeyFactory.DES
SecretKeyFactory.DES2
SecretKeyFactory.DESede
SecureRandom.RNG
Signature.MD5andSHA1withRSA
Signature.NONEwithRSA
Signature.RIPEMD160withRSA
Signature.RIPEMD160withRSAandMGF1
Signature.SHA1withDSA
Signature.SHA1withRSA
Signature.SHA1withRSAandMGF1
Signature.SHA224withDSA
Signature.SHA224withRSA
Signature.SHA224withRSAandMGF1
Signature.SHA256withDSA
Signature.SHA256withRSA
Signature.SHA256withRSAandMGF1
Signature.SHA384withDSA
Signature.SHA384withRSA
Signature.SHA384withRSAandMGF1
Signature.SHA512withDSA
Signature.SHA512withRSA
Signature.SHA512withRSAandMGF1
Java安全设置
security.provider.1=com.sun.crypto.provider.SunJCE
security.provider.2=com.ncipher.provider.km.nCipherKM
security.provider.3=sun.security.provider.Sun
security.provider.4=sun.security.rsa.SunRsaSign
security.provider.5=sun.security.ec.SunEC
security.provider.6=com.sun.net.ssl.internal.ssl.Provider
security.provider.7=sun.security.jgss.SunProvider
security.provider.8=com.sun.security.sasl.Provider
security.provider.9=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.10=sun.security.smartcardio.SunPCSC
请注意,相同的命令适用于IBM JDK keytool.
提前致谢.
解决方法:
我们更改了它,以便在顶部添加sun.security.rsa.SunRsaSign,在底部添加com.ncipher.provider.km.nCipherKM,在nCipherKM之前添加sun.security.provider.Sun并且它工作.
这是ncipher安装测试的输出
Installed providers:
1: SunRsaSign
2: SunJSSE
3: SunEC
4: SunJCE
5: SUN
6: nCipherKM
但是正如我所说,我们没有使用IBM JDK keytool的先前设置和相同命令的问题.所以我想,也许这是http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8u40-b25/sun/security/x509/AlgorithmId.java中的一个错误
但是,我们通过重新配置提供程序来解决问题.