非法密钥大小

Question

我已经安装了jce以允许更大的密钥，但KeytoolUIU和Portecle都给出错误，如 java.IO.Exception：初始化存储密钥存储区时出错：java.security.InvalidKeyException：非法密钥大小。关键只有1024，所以我不知道它为什么抱怨。

这是我现在加载密钥文件和访问安全网站的代码。

package com.g4apps.secure.android.sslclient; 

import java.io.InputStream; 
import java.security.KeyStore; 
import java.security.Security; 

import org.apache.http.HttpEntity; 
import org.apache.http.HttpResponse; 
import org.apache.http.client.methods.HttpGet; 
import org.apache.http.conn.scheme.Scheme; 
import org.apache.http.conn.ssl.AllowAllHostnameVerifier; 
import org.apache.http.conn.ssl.SSLSocketFactory; 
import org.apache.http.impl.client.DefaultHttpClient; 
import org.apache.http.util.EntityUtils; 
import org.bouncycastle.jce.provider.BouncyCastleProvider; 

import android.content.Context; 

/** 
* This example demonstrates how to create secure connections with a custom SSL 
* context. 
*/ 
public class SSLclient { 


    public final static String authenticate(Context context) throws Exception { 
     DefaultHttpClient httpclient = new DefaultHttpClient(); 
     String output=null; 

     Security.addProvider(new BouncyCastleProvider()); 
     try { 
      KeyStore trustStore = KeyStore.getInstance("BKS"); 
      InputStream instream = context.getResources().getAssets().open("my.truststore"); 
      try { 
       trustStore.load(instream, "dysan100".toCharArray()); 
      } finally { 
       try { instream.close(); } catch (Exception ignore) {} 
      } 
      KeyStore keystore = KeyStore.getInstance("BKS"); 
      InputStream keystream = context.getResources().getAssets().open("my.keystore.bks"); 
      try { 
       keystore.load(keystream, "dysan100".toCharArray()); 
      } finally { 
       try { keystream.close(); } catch (Exception ignore) {} 
      } 

      SSLSocketFactory socketFactory = new SSLSocketFactory(keystore,"dysan100",trustStore); 
      socketFactory.setHostnameVerifier(new AllowAllHostnameVerifier()); 
      Scheme sch = new Scheme("https", socketFactory, 443); 
      httpclient.getConnectionManager().getSchemeRegistry().register(sch); 

      HttpGet httpget = new HttpGet("https://192.168.1.123/test.php"); 

      System.out.println("executing request" + httpget.getRequestLine()); 

      HttpResponse response = httpclient.execute(httpget); 
      HttpEntity entity = response.getEntity(); 

      System.out.println("----------------------------------------"); 
      System.out.println(response.getStatusLine()); 
      if (entity != null) { 
       System.out.println("Response content length: " + entity.getContentLength()); 
       output=EntityUtils.toString(entity); 
       System.out.println(output); 
       return output; 

      } 


     } finally { 
      // When HttpClient instance is no longer needed, 
      // shut down the connection manager to ensure 
      // immediate deallocation of all system resources 
      httpclient.getConnectionManager().shutdown(); 
     } 

     return null; 
    } 

} 

目前密钥库是由像这样

my.truststore.bks有我的CA证书
my.keystore.bks是假设有我的服务器证书，客户端证书和客户端的私钥。

这与我在程序的pc版本中设置的方式一样（使用JKS存储代替）。

既然它不让我这样设置我的商店有另一种方式可能适合我吗？

Answer 1

我不知道为什么我无法创建bks密钥库，但我能够使它与PKCS12密钥库一起工作。所以我有另一种选择。

 KeyStore keystore = KeyStore.getInstance("PKCS12"); 
     InputStream keystream = context.getResources().getAssets().open("client.p12"); 
     try { 
      keystore.load(keystream, "dysan100".toCharArray()); 
     } finally { 
      try { keystream.close(); } catch (Exception ignore) {} 
     }