Android使用RSA JWK加密CC

Question

我试图用RSAPublicKeySpec提供的JWK模量和指数来创建一个JWK。目标是使用它加密给定的信用卡号码。我被这个错误困住了"RSA指数是偶数“

示例JWK：

{
"kty": "RSA",
"use": "enc",
"kid": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",
"n": "fC1G6rVue4w_jjJrKPZusGN9G-Y7mWuLJ0O2_GHd94LvR51-ok7ahuQUVMZLdigixnspaGo_WVLvTTZ5J28Cc1uSx0o_BsxpNaAQD8_aBZL3nnAiBLACxI1JHAVo7SXAJQmz-mqVFYTppg9QmpB2ATTmXjUOQy-Fqkw3EByfCANHhHSNs4-HASovsfcRMUmmvDfTd5qBb23KzDJeDVqTYWa3XjUorlZOCJuLyPgeDEK8oOC9C4W9dn32z8FJ4E6Dz28M_2O3g8FLQD2F-NezkQJsl8MEYo4rl1nr7_oIkMsYLCCoG8jwmryErb7km9JWWgqZ80trkjijFqDAbHfUEw",
"e": "AQAB"
} 

Android Kotlin代码：

// Here I pass a CC number like "2134345613458954" and n (modulus) e (exponent) from JWK above
@RequiresApi(Build.VERSION_CODES.O)
fun generateRSAEncryption(cardNumber: String, modulus: String, exponent: String): String {
    val modules = BigInteger(1, modulus.toByteArray())
    val exponent = BigInteger(1, exponent.toByteArray())
    val pubSpec = RSAPublicKeySpec(modules, exponent)
    val publicKey = KeyFactory.getInstance("RSA").generatePublic(pubSpec)
    val oaepFromAlgo = Cipher.getInstance("RSA/None/OAEPWithSHA256AndMGF1Padding", "BC")
    oaepFromAlgo.init(Cipher.ENCRYPT_MODE, publicKey) // error here
    val cipherText = oaepFromAlgo.doFinal(Base64.getEncoder().encode(cardNumber.toByteArray()))
    return Base64.getEncoder().encodeToString(cipherText) // pass this to Flex
}

预期结果实例：

"LFDh8upgXaiUX0iNaCOcHgeaotRCNsDpdJf5SqACpiL38JVnpHW7bb/g3yM67uett1tUSPG9o1yexNaAneur4P2jbpSnU0kWWK7NpLIQWAvjmCVxGWceZdFPGvB+E2hQncvIImlYo+d/XIHZOUonVmDoj+pKouxmd60lpaMTrq7sJ8BrfWCDG1lJJ0M2S98CoDb19xK+XCn+cpd3KkTHsGJGHA6inT2stHxYJrF7dd3r1xuH0WW1gpRnRaXwl6BFZW9EzCCzaWZmifZYIPFXZIE44pU9xRCfjD1IUKXKLxw0l6cFAlaP0SHG2t9HDDMLjNQjvqRarFiPoAjtwfW7Zw=="

Answer 1

JWK中的模量和指数是Base64url编码的，因此必须对其进行Base64url解码：

...
val modulusBytes = Base64.getUrlDecoder().decode(modulus)
val exponentBytes = Base64.getUrlDecoder().decode(exponent)
val modules = BigInteger(1, modulusBytes)
val exponent = BigInteger(1, exponentBytes)
...

然而，您的密钥被归类为弱BC，并抛出一个例外: RSA模数有一个小素数因子。

此漏洞由这个BC逻辑标识。

如果无论如何都要使用密钥: BouncyCastle允许使用

System.getProperties().put("org.bouncycastle.rsa.allow_unsafe_mod", "true")

但是，在默认情况下安装BC提供程序的Kotlin下，这在我的机器上不起作用。您必须卸载旧BC提供程序并安装新版本：

Security.removeProvider("BC")
Security.addProvider(BouncyCastleProvider())
System.getProperties().put("org.bouncycastle.rsa.allow_unsafe_mod", "true")

将相应的BC条目放在依赖项下的gradle文件中，例如

implementation 'org.bouncycastle:bcprov-jdk18on:1.71' 

这样，可以在我的机器上禁用检查，这样就不会引发异常。

Answer 2

以防有人发现这个有用。事实证明，我们的服务器正在删除公钥(Node只使用JWK )。对于公众来说，这是一种更容易在手机上加密CC的方法。以下是来自网络源的全部有效载荷的示例：

{
  "keyId": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",
  "der": {
    "format": "X.509",
    "algorithm": "RSA",
    "publicKey": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgC1G6rVue4w/jjJrKPZusGN9G+Y7mWuLJ0O2/GHd94LvR51+ok7ahuQUVMZLdigixnspaGo/WVLvTTZ5J28Cc1uSx0o/BsxpNaAQD8/aBZL3nnAiBLACxI1JHAVo7SXbJQmz+mqVFYTppg9QmpB2ATTmXjUOQy+Fqkw3EByfCANHhHSNs4+HASovsfcRMUmmvDfTd5qBb23KzDJeDVqTYWa3XjUorlZOCJuLyPgeDEK8oOC9C4W9dn32z8FJ4E6Dz28M/2O3g8FLQD2F+NezkQJsl8MEYo4rl1nr7/oIkMsYLCCoG8jwmryErb7km9JWWgqZ80trkjijFqDAbHfUEwIDAQAB"
  },
  "jwk": {
    "kty": "RSA",
    "use": "enc",
    "kid": "05BgbFie7vX5vzSMKOoqEAAdfpdR4kas",
    "n": "fC1G6rVue4w_jjJrKPZusGN9G-Y7mWuLJ0O2_GHd94LvR51-ok7ahuQUVMZLdigixnspaGo_WVLvTTZ5J28Cc1uSx0o_BsxpNaAQD8_aBZL3nnAiBLACxI1JHAVo7SXAJQmz-mqVFYTppg9QmpB2ATTmXjUOQy-Fqkw3EByfCANHhHSNs4-HASovsfcRMUmmvDfTd5qBb23KzDJeDVqTYWa3XjUorlZOCJuLyPgeDEK8oOC9C4W9dn32z8FJ4E6Dz28M_2O3g8FLQD2F-NezkQJsl8MEYo4rl1nr7_oIkMsYLCCoG8jwmryErb7km9JWWgqZ80trkjijFqDAbHfUEw",
    "e": "AQAB"
  }
}

你可以像这样：

@RequiresApi(Build.VERSION_CODES.O)
fun generateRSAEncryption(cardNumber: String, key: String): String { //public key comes for DER component
    val decodedKey = Base64.getDecoder().decode(key)
    val keySpec = X509EncodedKeySpec(decodedKey)
    val publicKey = KeyFactory.getInstance("RSA").generatePublic(keySpec)
    val oaepFromAlgo = Cipher.getInstance("RSA/None/OAEPwithSHA-1andMGF1Padding", "BC")
    oaepFromAlgo.init(Cipher.ENCRYPT_MODE, publicKey)
    val cipherText = oaepFromAlgo.doFinal(cardNumber.toByteArray())
    return Base64.getEncoder().encodeToString(cipherText) // pass this to Flex
}