[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Decryption Issue

The setupCopher(Key key) method tries to setup the cipher with parameters
parsed from the received content encryption algorithmID. However, for using
this method, the parameters have to be encoded as OCTET_STRING. Where this
is satisfied, an IvParameterSpec is created from the OCTET_STRING value for
initializing the cipher.
The S/MIME Version 2 Message Specification (see RFC 2311, Appendix A.1)
specifies RC2-CBC and DES-EDE3-CBC as content encryption algorithms to be
used. But only the latter encodes the IV as "lonely" OCTET_STRING:

For DES-CBC and DES-EDE3-CBC, the parameter should be encoded as:

CBCParameter :: IV

where IV ::= OCTET STRING -- 8 octets

RC2-CBC defines the parameters as SEQUENCE:

RC2-CBC parameter ::=  SEQUENCE {
 rc2ParameterVersion  INTEGER,
 iv                   OCTET STRING (8)}

Since the setupCipher(Key) method expects an octet string, it cannot
properly parse the parameters. For that reason, in the case of RC2-CBC - if
you don´t use our S/MIME package for parsing and verification - you should
get and parse the parameters from the content encryption algorithm, and
subsequently use the setupCipher(key, params) method for setting up the
cipher, e.g.:

// get the content algorithm ID
AlgorithmID contentEA = eci.getContentEncryptionAlgorithm();
// get the parameters as SEQUENCE
SEQUENCE seq = (SEQUENCE)contentEA.getParameter();
// the iv is the second component
OCTET_STRING oct = (OCTET_STRING)seq.getComponentAt(1);
// create an IvParameterSpec:
IvParameterSpec ivSpec = new IvParameterSpec(oct.getValue());
now setup the cipher
eci.setupCipher(secretKey, ivSpec);

Since the EncryptedContentInfo(Stream) class is designed for general use,
and not only for S/MIME, the ASN.1 representation of the parameters cannot
be known it advance. For that reason the setupCipher(Key) method only shall
be used where the parameters are encoded as octet string. In other cases,
where the receiving agent knows the ASN.1 representation from the protocol
in use, the parameters explicitly have to be encoded to be fed to the
setupCipher(key,params) method.

Currently this comes not clear in the Javadoc which only says that
setupCipher(Key) "tries to get the IV from the content encryption
algorithm". We will make this more clear.

In the same way, when creating an EncryptedContentInfo(Stream) for RC2,
don´t use the setupCipher(AlgorithmID) method. Use setupCipher(AlgorithmID,
Key, AlgorithmParameterSpec) to initialize the cipher for encryption with
self-created key and params.

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: Scott, Richard (GEIS) <Richard.Scott@geis.ge.com>
An: <iaik-jce@iaik.tu-graz.ac.at>
Gesendet: Mittwoch, 09. Juni 1999 17:32
Betreff: [iaik-jce] Decryption Issue

>   Gentlemen:
>   Another two questions and/or issues.  I saved an email which had
>   been signed and subsequently encrypted to a file after stripping off
>   the headers.  Processing per the documentation for EncryptedContentInfo
>   doesn't work.  Specifically,
>     ContentInfo ci = new ContentInfo(fileInputStream..)
>     // after checking to see that it is EnvelopedData...
>     EnvelopedData ed = (EnvelopedData) ci.getContent();
>     // Print out some stuff..
>     EncryptedContentInfo eci = (EncryptedContentInfo)
> ed.getEncryptedContentInfo();
>     // After fetching RecipientInfos and selecting correct one and
> PrivateKey
>     symmetricKey = ri.decryptKey(privateKey);
>     eci.setupCipher(symmetricKey);
>   Produces the following output
>   +---------------------------
>   |       Encryption Algorithm used is 'RC2-CBC
>   |       EncryptedContentInfo.hasContent() returns true: 6456 bytes
> available.
>   |       Printing out RecipientInfos so we know we're using correct Key
> decrypt!
>   |       RecipientInfo for recipient 0
>   |         ISN: SerialNumber: 176
>   |       Issuer: O: ........
>   |
>   |       RecipientInfo for recipient 1
>   |         ISN: SerialNumber: 176
>   |       Issuer: O: ........
>   |
>   |       Decrypting using 1  as the index of the RecipientInfo!
>   |       Fetching PrivateKey
>   |       Key Encryption Algorithm is 'rsaEncryption'.
>   |       Decrypted key used for encrypting; now decrypting content
>   |       Some exception occurred!!
>   |       iaik.pkcs.PKCSException: Unable to get algorithm parameter!
>   |               at java.lang.Throwable.fillInStackTrace(Native Method)
>   |               at java.lang.Throwable.<init>(Throwable.java:94)
>   |               at java.lang.Exception.<init>(Exception.java:42)
>   |               at iaik.pkcs.PKCSException.<init>(Unknown Source)
>   |               at
> iaik.pkcs.pkcs7.EncryptedContentInfoStream.setupCipher(Unknown Source)
>   |               at LoadEncrypted.main(LoadEncrypted.java:221)
>   +-----------------------------
> >> So, the first question is why didn't the documented method work?  <<
>   I CAN decrypt the message if I go about it differently.  If, after
> decrypting the
>   KeyEncryption Key, I do something like the following instead of using
> setupCipher method
>     Cipher rc2 =  javax.crypto.Cipher.getInstance("RC2/CBC/NoPadding",
> "IAIK");
>     rc2.init(Cipher.DECRYPT_MODE, symmetricKey);
>     data = rc2.doFinal(eci.getContent());
>     System.out.println("DECRYPTED content comprises " + data.length + "
> bytes.");
>   then I can successfully decrypt the message.  However, the first 8 bytes
> are not
>   correct.  (Should be a "Content-Type" header, but the first 8 bytes are
> wrong.)
> >> Second Question is why don't the first bytes decrypt properly?  Did I
> miss something?  I <<
> >> have also tried PKCS1Padding and PKCS5Padding, but neither corrects the
> problem.         <<
>   Thanks and regards,
>   Richard
> --
> Mailinglist-archive at
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce