带有证书的 pdf 的 iText 加密导致 bouncycastle 错误

Question

当我尝试使用此代码使用证书加密 pdf 时出现以下错误：

public static void encryptPdf(String src, String dest, String certFile)
    throws IOException, DocumentException, CertificateException
{       
    PdfReader reader = null;
    PdfStamper stamper = null;
    try {
        reader = new PdfReader(src);
        stamper = new PdfStamper(reader, new FileOutputStream(dest));
        Certificate cert = Utils.getCertificate(certFile);        
        stamper.setEncryption(new Certificate[]{cert}, new int[]{PdfWriter.ALLOW_PRINTING}, PdfWriter.ENCRYPTION_AES_128);

    } finally {
        stamper.close();
        reader.close();             
    }
}

基本上是抄自官方的例子：http://itextpdf.com/examples/iia.php?id=220

我收到以下错误：

java.lang.IllegalArgumentException: Key length not 128/192/256 bits.

有了这个堆栈跟踪：

java.lang.IllegalArgumentException: Key length not 128/192/256 bits.
        at org.bouncycastle.crypto.engines.AESFastEngine.generateWorkingKey(Unknown Source)
        at org.bouncycastle.crypto.engines.AESFastEngine.init(Unknown Source)
        at org.bouncycastle.crypto.modes.CBCBlockCipher.init(Unknown Source)
        at org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher.init(Unknown Source)
        at com.itextpdf.text.pdf.crypto.AESCipher.<init>(AESCipher.java:68)
        at com.itextpdf.text.pdf.OutputStreamEncryption.<init>(OutputStreamEncryption.java:73)
        at com.itextpdf.text.pdf.PdfEncryption.getEncryptionStream(PdfEncryption.java:743)
        at com.itextpdf.text.pdf.PdfEncryption.encryptByteArray(PdfEncryption.java:756)
        at com.itextpdf.text.pdf.PdfString.toPdf(PdfString.java:148)
        at com.itextpdf.text.pdf.PdfDictionary.toPdf(PdfDictionary.java:149)
        at com.itextpdf.text.pdf.PdfIndirectObject.writeTo(PdfIndirectObject.java:158)
        at com.itextpdf.text.pdf.PdfWriter$PdfBody.write(PdfWriter.java:420)
        at com.itextpdf.text.pdf.PdfWriter$PdfBody.add(PdfWriter.java:398)
        at com.itextpdf.text.pdf.PdfWriter$PdfBody.add(PdfWriter.java:334)
        at com.itextpdf.text.pdf.PdfWriter.addToBody(PdfWriter.java:829)
        at com.itextpdf.text.pdf.PdfStamperImp.close(PdfStamperImp.java:316)
        at com.itextpdf.text.pdf.PdfStamper.close(PdfStamper.java:208)
        at de.naev.signpdf.PdfSigner.encryptPdf(PdfSigner.java:117)
        at de.naev.signpdf.Main.encrypt(Main.java:94)
        at de.naev.signpdf.Main.main(Main.java:183)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
        at java.lang.reflect.Method.invoke(Unknown Source)
        at org.eclipse.jdt.internal.jarinjarloader.JarRsrcLoader.main(JarRsrcLoader.java:58)

我用过：itextpdf-5.5.3.jar, bcprov-jdk15on-151.jar, bcpkix-jdk15on-151.jar

Answer 1

我忘了添加Bouncycastle Security Provider，也忘了使用Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files。

完成之后，一切都按预期进行。