The Pheox JCAPI (
http://pheox.com/download) 提供一个JCE Provider可以直接操作Microsoft 操作系统本地证书库/私钥的。JCAPI用一个jcapi.dll封装了这些复杂性,这个dll负责调用Windows内置的CSP来完成加密签名哈希等密码运算。
JCAPI.DLL属于轻量级的中间层类库,它让Java开发者免去对待CSP的细节,比如获得一个CSP的Handle。
JCAPI.dll提供了下面的JNI调用:
00000001 10002AA0 _Java_com_pheox_jcapi_CoreCipherJNI_decrypt@24
00000002 100021A0 _Java_com_pheox_jcapi_CoreCipherJNI_encrypt@20
00000003 100027A0 _Java_com_pheox_jcapi_CoreCipherJNI_encryptWithPrivateKey@20
00000004 10001E10 _Java_com_pheox_jcapi_CoreCipherJNI_getPrivateKeySize@12
00000005 10003610 _Java_com_pheox_jcapi_CoreKeyStoreJNI_aliases@16
00000006 100039D0 _Java_com_pheox_jcapi_CoreKeyStoreJNI_containsAlias@12
00000007 10005E50 _Java_com_pheox_jcapi_CoreKeyStoreJNI_createBase64Hash@12
00000008 10003B30 _Java_com_pheox_jcapi_CoreKeyStoreJNI_deleteEntry@12
00000009 10003DA0 _Java_com_pheox_jcapi_CoreKeyStoreJNI_getCertificate@12
0000000A 10003FE0 _Java_com_pheox_jcapi_CoreKeyStoreJNI_getCertificateChain@20
0000000B 10004530 _Java_com_pheox_jcapi_CoreKeyStoreJNI_getKey@12
0000000C 10004C00 _Java_com_pheox_jcapi_CoreKeyStoreJNI_isKeyEntry@12
0000000D 10004E00 _Java_com_pheox_jcapi_CoreKeyStoreJNI_setCertificateEntry@16
0000000E 10005020 _Java_com_pheox_jcapi_CoreKeyStoreJNI_setKeyEntry@44
0000000F 10005CA0 _Java_com_pheox_jcapi_CoreKeyStoreJNI_size@16
00000010 100062A0 _Java_com_pheox_jcapi_CoreSignatureJNI_hashFinal@12
00000011 10005F80 _Java_com_pheox_jcapi_CoreSignatureJNI_hashInit@12
00000012 10006140 _Java_com_pheox_jcapi_CoreSignatureJNI_hashUpdate@16
00000013 10006430 _Java_com_pheox_jcapi_CoreSignatureJNI_sign@28
00000014 10006F60 _Java_com_pheox_jcapi_CoreSignatureJNI_verify@28
00000015 10007CF0 _Java_com_pheox_jcapi_CoreUtilJNI_addPKCS11CSP@16
00000016 10007880 _Java_com_pheox_jcapi_CoreUtilJNI_createCertEntryStore@8
00000017 10007C20 _Java_com_pheox_jcapi_CoreUtilJNI_getAddedPKCS11CSPs@8
00000018 100078E0 _Java_com_pheox_jcapi_CoreUtilJNI_getCSP@12
00000019 10008F10 _Java_com_pheox_jcapi_CoreUtilJNI_getCertStoreFriendlyName@12
0000001A 100089C0 _Java_com_pheox_jcapi_CoreUtilJNI_getCertificateFriendlyName@12
0000001B 10007500 _Java_com_pheox_jcapi_CoreUtilJNI_getJCAPIDLLVersion@8
0000001C 10007520 _Java_com_pheox_jcapi_CoreUtilJNI_getMSCSPs@8
0000001D 10009010 _Java_com_pheox_jcapi_CoreUtilJNI_getMSCertStoreNames@8
0000001E 10007E20 _Java_com_pheox_jcapi_CoreUtilJNI_getPKCS11DLLName@12
0000001F 100083F0 _Java_com_pheox_jcapi_CoreUtilJNI_getPKCS11TokenInfo@12
00000020 10007B50 _Java_com_pheox_jcapi_CoreUtilJNI_getSupportedPKCS11CSPs@8
00000021 100077A0 _Java_com_pheox_jcapi_CoreUtilJNI_init@12
00000022 10007F40 _Java_com_pheox_jcapi_CoreUtilJNI_isPKCS11PrivateKey@12
00000023 10007D90 _Java_com_pheox_jcapi_CoreUtilJNI_removePKCS11CSP@12
00000024 10008F90 _Java_com_pheox_jcapi_CoreUtilJNI_reportMemStatus@8
00000025 10008360 _Java_com_pheox_jcapi_CoreUtilJNI_setCallbackPinCode@12
00000026 100083B0 _Java_com_pheox_jcapi_CoreUtilJNI_setCertOpenStoreFlags@12
00000027 10008C80 _Java_com_pheox_jcapi_CoreUtilJNI_setCertificateFriendlyName@16
它调用的类库其实还是crypt32.dll和ADVAPI32.dll.
crypt32.dll:
0000002C CertEnumSystemStore
00000041 CertGetCertificateContextProperty
0000008B CryptFindLocalizedName
00000056 CertRegisterSystemStore
00000097 CryptHashCertificate
00000061 CertSetCertificateContextProperty
00000019 CertCreateCertificateContext
00000004 CertAddCertificateContextToStore
00000044 CertGetIssuerCertificateFromStore
0000001E CertDeleteCertificateFromStore
00000029 CertEnumCertificatesInStore
0000007C CryptDecodeObject
0000009C CryptImportPublicKeyInfo
00000050 CertOpenStore
00000032 CertFindCertificateInStore
0000000F CertCloseStore
0000003C CertFreeCertificateContext
导入, ADVAPI32.dll
顺序 (示意) 名字
000000A8 CryptSignHashA
00000099 CryptGetHashParam
0000008B CryptDestroyHash
0000009D CryptHashData
00000088 CryptCreateHash
00000094 CryptExportKey
00000089 CryptDecrypt
0000009F CryptImportKey
0000008F CryptEncrypt
0000009C CryptGetUserKey
0000009A CryptGetKeyParam
0000008C CryptDestroyKey
00000085 CryptAcquireContextA
000000A0 CryptReleaseContext
000000AA CryptVerifySignatureA
00000092 CryptEnumProvidersA
000001C9 RegCloseKey
000001EC RegQueryValueExA
000001F9 RegSetValueExA
000001CD RegCreateKeyExA
000001E2 RegOpenKeyExA
000000A1 CryptSetHashParam
在标准的CryptoAPI函数上的封装是有必要的,因为从Java程序员的角度,我们不需要太关心CSP,我们希望直接进行Cryptography运算。
JCAPI这个provider提供3个SPI的实现,
java.security.KeyStoreSpi
java.security.SignatureSpi
javax.crypto.CipherSpi
也就是,我们通过Java应用程序可以直接借助于JCE API来调用CryptoAPI。
这个JCE API算法支持下面的基本操作
- Add, remove, list and access X.509 certificates.
- Add, remove, access and export RSA private keys.
- Create signatures with RSA private keys using the following algorithms:
- SHA1withRSA
- MD5withRSA
- MD2withRSA
- Verify signatures with RSA public keys.
- Encrypt/decrypt data with RSA public/private keys using the following algorithm, mode and padding:
- Wrap and unwrap symmetric- and asymmetric keys with RSA key pairs through MS CAPI and PKCS#11.
- Built-in support for tested PKCS#11 CSP manufacturers that is compliant with the functions required by JCAPI.
- Dynamically adding/removing of PKCS#11 CSPs into JCAPI.
- Private key call-back interface for PKCS#11 providers. You can provide your own preferred Java call-back implementation to be called whenever a private key is accessed through PKCS#11.
- List and configure MS CAPI system (certificate) stores.
- Use a MS CAPI system (certificate) store as an un-trusted store.
- Set and get MS CAPI friendly names for certificates.
- Get MS CAPI friendly names for system (certificate) stores.
- Get detailed information about your PKCS#11 hardware token through the JCAPI PKCS#11 information class.
- Use JCAPI supported plug-ins. A JCAPI plug-in is a signed JAR file that extends or enhances the functionality of JCAPI without the need of recompiling JCAPI.
- JCAPI SSL plugin. Use this plug-in to simplify the work of integrating the JCAPI key store for SSL enabled applications. The plug-in transparently supports both the old JSSE version for Java 1.3, and the newer versions included in Java 1.4 and higher. This plug-in transparently supports the PKCS#11 implementation as defined in Java 5. Your JCAPI supported hardware keys can be plugged in and used immediately for SSL. JCAPI will automatically configure the token for you by setting the correct slot identity to use etc.
- JCAPI X.509 Factory plug-in. Use this plug-in to transparently replace any other X.509 certificate factories used by your Java system.
- JCAPI is signed with a qualified code signing certificate that is trusted by all modern web browsers which makes it suitable in trusted applets.
JCE API支持一下的系统,我只是在Windows2000上测试通过,其他平台我不能保证破解能正常使用。
- Windows 98
- Windows 98 SE
- Windows ME
- Windows 2000
- Windows XP
JCE 支持JDK1.4以上,JDK1.3稍微为麻烦,要自己配制JCE和JSSE
- Java 1.3.1 with JCE 1.2.2 and JSSE 1.0.3
- Java 1.4
- Java 1.5
我已经在吉大正元的eSafe钥匙上通过测试,其他钥匙提供商可以发邮件给我,或者给Usb钥匙我去测试。
JCAPI的时间限制比较容易去除,但由于JNI层以上的代码做了大量混淆,我不得不重写这个JCE Provider,最起码要实现KeyStoreSpi,SignatureSpi和CipherSpi。
JCAPI的JCE Provider我将会在下个月提供
分享到:
相关推荐
解决org/bouncycastle/jce/provider/bouncycastlepr错误专用。
在与银联的对接中,调试过程中报错或使用类似登入加密:java.lang.SecurityException: JCE cannot authenticate the provider BC 进行问题解决,里面包含 bcprov-jdk16-143.jar与bcprov-jdk15-135.jar与具体文件存放...
JAVA 加密 JCE Java密码扩展的基础 关于JCE的基础
1.修改 jre/lib/security/java.security文件 security.provider.9=org.bouncycastle.jce.provider.BouncyCastleProvider, 2.添加2个扩展包到jre/lib/ext目录下:bcprov-jdk15-135.jar bcprov-jdk16-143.jar
Java密码扩展,用于加密、密钥生成和协商以及MAC算法的框架和实现。
jar包下载地址 : http://www.rsdown.cn/down/164019.html 下载后将sunjce_provider.jar放入webapp/WEB-INF/lib中
NULL 博文链接:https://lwpsoft.iteye.com/blog/2254348
jce_policy-8.zip jar包,jdk,安全,security,oracle官网下载 稍微麻烦 上传供大家方便下载
1. 国密算法的JCE实现,SM2、SM3、SM4算法,以及国密证书和密钥存储的DCKS文件格式 2. 适用于JDK7及以上 3. 适用于Android API 21平台及以上 4. 导出的PEM数据格式与OPENSSL保持一致,新增可导入的私钥格式
JCE,Java Cryptography Extension 1.8, java jce8 java jce
jce_policy-8,JCE(Java Cryptography Extension)是一组包,它们提供用于加密、密钥生成和协商以及 Message Authentication Code(MAC)算法的框架和实现。 它提供对对称、不对称、块和流密码的加密支持,它还...
Diffie-Hellman密钥一致协议和DES程序需要JCE工具库的支持
jce8、jce7下载 jdk8无政策限制权限文件,用于AES加密算法,AES加密扩展包因为某些国家的进口管制限制,Java发布的运行环境包中的加解密有一定的限制。比如默认不允许256位密钥的AES加解密,解决方法就是修改策略文件...
自己写的一个小程序,希望对你有帮助. 用java编写,基于JCE
它支持大量的密码术算法,并提供 JCE 1.2.1 的实现。因为 Bouncy Castle 被设计成轻量级的,所以从 J2SE 1.4 到 J2ME(包括 MIDP)平台,它都可以运行。它是在 MIDP 上运行的唯一完整的密码术包。 主要包括bcprov-...
jce-jdk13-139.jar是提供给java扩展包,放至jre/lib/ext目录下,并..\jre\lib\security\java.security文件中在配置security.provider.11=org.bouncycastle.jce.provider.BouncyCastleProvider后使用
官网下载地址是...JCE(Java Cryptography Extension)是一组包,它们提供用于加密、密钥生成和协商以及 Message Authentication Code(MAC)算法的框架和实现。
jce_policy-6.zip,jce_policy-8.zip,UnlimitedJCEPolicyJDK7.zip
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.6.
jce_policy-8,JCE(Java Cryptography Extension)是一组包,它们提供用于加密、密钥生成和协商以及 Message Authentication Code(MAC)算法的框架和实现。 它提供对对称、不对称、块和流密码的加密支持,它还支持...